amazon-cloudformation interview questions
Top amazon-cloudformation frequently asked interview questions
I would like to know what are the advantages and disadvantages of using AWS OpsWorks vs AWS Beanstalk and AWS CloudFormation?
I am interested in a system that can be auto scaled to handle any high number of simultaneous web requests (From 1000 requests per minute to 10 million rpm.), including a database layer that can be auto scalable as well.
Instead of having a separate instance for each app, Ideally I would like to share some hardware resources efficiently. In the past I have used mostly an EC2 instance + RDS + Cloudfront + S3
The stack system will host some high traffic ruby on rails apps that we are migrating from Heroku, also some python/django apps and some PHP apps as well.
Thanks in advance.
Source: (StackOverflow)
I have a template that works and generates a stack but I cannot find a property to set or something else that allows me to give a Name to the EC2 Instance I have created. When it is generated the Name is blank.
Source: (StackOverflow)
How to create variable number of EC2 instance resources in Cloudformation template, according to a template parameter?
The EC2 API and management tools allow launching multiple instances of the same AMI, but I can't find how to do this using Cloudformation.
Source: (StackOverflow)
I already have my lambda / roles defined in cloudformation and would love to also use it to add a scheduled eventsources ... are there any docs or examples around ?
Source: (StackOverflow)
I have developed a .NET MVC application and have started playing around with AWS and deploying it via the Visual Studio Toolkit. I have successfully deployed the application using the Elastic Beanstalk option in the toolkit.
As I was going over the tutorials for deploying .NET apps to AWS with the toolkit, I noticed there are tutorials for deploying with both Elastic Beanstalk and CloudFormation. What is the difference between these two?
From what I can tell, it seems like they both essentially are doing the same thing - making it easier to deploy your application to the AWS cloud (setting up EC2 instances, load balancer, auto-scaling, etc). I have tried reading up on them both, but I can't seem to get anything other than a bunch of buzz-words that sound like the same thing to me. I even found an FAQ on the AWS website that is supposed to answer this exact question, yet I don't really understand.
Should I be using one or the other? Both?
Source: (StackOverflow)
CloudFormation is a powerful AWS offering that allows the programmatic creation of AWS resource stacks, such as the web tier of an application, a high performance computing cluster, or an entire application stack, with a single API call. It is immensely powerful. Using it is surely considered a good AWS practice, especially when it's combined with Chef, Puppet, or cloud-init. Debugging it drives me to vice.
Take a production example: The stock mongodb cluster templates won't work for me. I don't particularly know why. I'm sure it's something simple as it almost always is. My problem isn't that I can't figure out what's wrong. It's that it takes the stack between 20 and 30 minutes to fail, and then another three or four minutes to delete, assuming it deletes the resources properly at all.
What am I missing? I know about the --disable-rollback flag and use it like oxygen. I learned long ago to wrap exit messages with cfn-signal and to throw them like ballast off a sinking ship. How can I make the template debugging process faster, or am I stuck forever noticing my mistakes half an hour after I make them?
Source: (StackOverflow)
I've been trying to attach a SSL certificate that I'm currently using for one of my Elastic Load Balancing Instances on a new Cloud Formation Template but each time I get:
Server Certificate not found for the key
And then the Cloudformation template starts to roll back at that point.
"Listeners" : [
{
"LoadBalancerPort" : "443",
"InstancePort" : "80",
"SSLCertificateId" : "start_certname_com",
"Protocol" : "HTTPS"
},...
Amazon is asking for the The ARN of the SSL certificate to use. and I believe this is correct since this is the exact string which appears in the dropdown of the current set up ELB which takes 443 to port 80 on the instances.
Am I missing something on my Listener?
Source: (StackOverflow)
I created a CloudFormation template and I wanted to create IAM user, to do that I used this JSON string:
"CFNUser" : {
"Type" : "AWS::IAM::User",
"Properties" : {
"LoginProfile": {
"Password": { "Ref" : "AdminPassword" }
}
}
},
Then for group I used this:
"CFNUserGroup" : {
"Type" : "AWS::IAM::Group"
},
After creating the stack, I got the following:
user name - IAMUsers-CFNUser-E1BT342YK7G6
group name - IAMUsers-CFNUserGroup-1UBUBRYALTIMI
So my question is, how can I set the user name here? same goes for the group name?
Source: (StackOverflow)
I'm using CloudFormation to manage a Tomcat webserver stack but am tired of doing raw AMI management for new application versions. I'd like to move in the direction of Chef but don't have the time right now. Instead, I'm trying to conquer a simple problem in webserver instantiation: How can I download a "current" WAR when new machines spin-up?
My thought was to utilize a private S3 bucket and cloudinit, but I'm a little stumped by what to do with IAM credentials. I could put them in the template's user data, but I'm loathe to do so, particularly because I'm version controlling that file. The only alternative I can think of is to use environment variables in the AMI itself. They'd have to be plaintext, but... eh, if you can break into my instance, you could zip up and download my entire webserver. As long as the IAM user isn't reused for anything else and is rotated regularly, it seems like a reasonable way to solve the problem. Am I missing anything? How can I securely download a private S3 asset using cloudinit?
Source: (StackOverflow)
I have a cloudformation script that attempts to create a VPC, with one subnet per AZ.
When I run:
aws ec2 describe-availablity-zones
I get 4 zones returned:
"AvailabilityZones": [
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1a"
},
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1b"
},
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1c"
},
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1d"
}
]
However, when I try to create my stack, I get an error:
"ResourceStatusReason": "Value (us-east-1a) for parameter availabilityZone
is invalid. Subnets can currently only be created in the following
availability zones: us-east-1c, us-east-1b, us-east-1d.",
I am specifying the AZ with
"AvailabilityZone" : {
"Fn::Select" : [ "0", { "Fn::GetAZs" : "" } ]
},
Is there a way to check to see if the AZ is really available for the creation of a subnet?
Source: (StackOverflow)
This is the Cloudformation template code related to my problem:
"SNSTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"TopicName": "JumpboxPresenceTopic",
"DisplayName": "Jumpbox Presence Topic",
"Subscription": [
{
"Endpoint": {
"Fn::GetAtt": [
"Lambda",
"Arn"
]
},
"Protocol": "lambda"
}
]
}
},
"Lambda": {
"Type": "AWS::Lambda::Function",
"Properties": [...]
I can see the topic in the SNS dashboard:
But it does not display in the lambda function Event Sources panel:
The weird thing about this, is that if I create a new subscription from the SNS dashboard for that same lambda function, no new subscription is created since it would be an exact duplicate. However, now if I check the Event Sources panel in the Lambda dashboard, I can see a new entry for the SNS: JumpboxPresenceTopic:
I feel like it's an issue on Amazon's side but I could be wrong. Is there something wrong with my approach or is it a limitation of AWS ?
Source: (StackOverflow)
I wanted to create a Kinesis resource through cloud formation template and it wouldn't let me provide a "StreamName" as property for the resource.
"KinesisResource":{
"Type" : "AWS::Kinesis::Stream",
"Properties" : {
"ShardCount" : 1
"StreamName":"KinesisStream"
}
},
It says "unrecognizable property "StreamName".
how do I give a Stream Name in my template.
Thanks,
Nithya.
Source: (StackOverflow)
I am trying to create a an t2.micro ec2 instance with amazon linux as os using cloudformation . Following is the json file (parts that matter).
"FileName" :{
"Type" : "String",
"Default" : "cf-file.sh",
"AllowedValues": [ "cf-file.sh"]
},
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "t2.micro",
"AllowedValues" : ["t2.micro"],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"AMIID" :{
"Type": "String",
"Default":"ami-1ecae776",
"AllowedValues":["ami-1ecae776"]
}
},
"Resources" : {
"EC2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [
"",
[
"#!/bin/bash\n",
"yes y | yum install dos2unix\n",
"touch ",{ "Ref" : "FileName" },"\n",
"chmod 777 ",{ "Ref" : "FileName" },"\n"
]
]
}
},
"KeyName" : { "Ref" : "KeyName" },
"ImageId" : { "Ref" : "AMIID" }
}
},
When i run this file i get following error
Non-Windows instances with a virtualization type of 'hvm' are currently not supported for this instance type
I guess this error comes when we use t1 family instance type but i am using t2.micro. Please explain the reason why is it so ?
Source: (StackOverflow)
We are powering our AWS EC2 instances using cloud formation. We have 3 different stacks - testing, staging and production. Our workflow to update the images for any of the stacks is as follows:
- Update a 'golden master' instance
- Snapshot the golden master to a disk image
- Change the ami reference in our cloud-formation config (via a json file) for a given stack and
update the stack.
This brings down the instances in the stack + re-provisions them with the new disk image.
We've had no problems with our testing or staging stacks, which contain a single ec2 instance each. Each time we update, the image is replaced no problem.
Our production stack doesn't seem to be working in the same way :-(. It contains (at least) 2 instances sitting behind a load balancer. When we update this stack in the same way, the ec2 instances are not refreshed straight away (i.e after the update is completed, the boxes are still running from the previous disk image). The good news is the new images are used when the load balancer autoscales.
Could there be a conflict between the load balancing rules and cloud formation?
Any insight would be greatly appreciated
Source: (StackOverflow)
I am attempting to set a certificate in my CloudFrontDistribution using Cloud Formation.
My certificate has been issued via Certificate Manager. It has been approved, and I have validated that the certificate works by manual configuration directly through the CloudFront console.
Within my CloudFormation template, I have attempted to use both the Identifier and ARN values associated with the certificate in the IamCertificateId property:
"ViewerCertificate" : {
"IamCertificateId" : "********",
"SslSupportMethod": "sni-only"
}
But in both cases I receive the following error:
The specified SSL certificate doesn't exist, isn't valid, or doesn't include a valid certificate chain.
Reading the docs for the DistributionConfig Complex Type it looks like there is a 'ACMCertificateArn' property, but this does not seem to work via CloudFormation.
Any help would be appreciated.
Source: (StackOverflow)