Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.
For AWS DVA-C02 candidates, the confusion often lies in how resource lifecycle directives in CloudFormation affect deployed resources. In production, this is about knowing exactly which attributes in CloudFormation templates protect critical data and how stack policies influence updates. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
A startup named BlueGrowth Solutions manages a customer-facing web application deployed via a single CloudFormation template. The template provisions the web server fleet and an Amazon RDS PostgreSQL database instance. BlueGrowth’s dev team uses this template to deploy identical stacks into multiple isolated environments (development, staging, and production).
During a recent deployment to the development environment, an engineer unintentionally caused the primary development database to be dropped and recreated, resulting in loss of test data. To reduce the risk of accidental data loss in the future, BlueGrowth wants to enforce stronger protection against deletion of the RDS database resource during stack updates or deletions.
The Requirement: #
Prevent accidental deletion or replacement of the RDS database resource within CloudFormation deployments without blocking legitimate updates to other parts of the stack.
The Options #
- A) Add a CloudFormation DeletionPolicy attribute set to Retain on the database resource.
- B) Update the CloudFormation stack policy to prevent any updates to the database resource.
- C) Modify the database to use a Multi-AZ deployment for enhanced availability.
- D) Use a CloudFormation stack set to deploy identical web app and database stacks across environments.
- E) Add a CloudFormation DeletionPolicy attribute set to Retain on the entire stack.
Google adsense #
leave a comment:
Correct Answer #
A and B.
Quick Insight: The Developer’s Imperative #
- Adding a DeletionPolicy: Retain on the RDS resource preserves the database even if the stack or the resource is deleted, protecting data from destruction.
- Applying strict stack policies restricts updates that might cause replacement or deletion of critical resources, adding another layer of safety.
- Multi-AZ (Option C) is about availability and does not prevent deletion by CloudFormation.
- Stack sets (Option D) help multi-account/multi-region deployments but don’t protect against accidental deletion.
- DeletionPolicy on the entire stack (Option E) is invalid and not supported.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option A and B
The Winning Logic #
- A) DeletionPolicy: Retain instructs CloudFormation to keep the physical RDS resource even if the stack or resource is deleted. Without this, deleting or replacing the stack deletes the underlying database, causing data loss. This is the first and most crucial safeguard.
- B) Stack policies define which resources are protected from update or replacement during stack operations. By preventing updates to the RDS resource (except when explicitly allowed), it alleviates risks from unintended changes that can trigger replacement and data loss.
- Combined, these two approaches maintain safety without disrupting other stack updates or deployments in CI/CD pipelines.
The Trap (Distractor Analysis) #
- Why not C? Multi-AZ increases failover availability and durability but has no effect on CloudFormation deleting the DB resource during stack changes. It’s a complementary best practice, not a deletion safeguard.
- Why not D? Stack sets are powerful for multi-region/account rollout and governance but do not address accidental deletions within a single stack deployment lifecycle.
- Why not E? The DeletionPolicy attribute applies only at the resource level. Setting it for the entire stack is unsupported and will cause template validation errors.
The Technical Blueprint #
B) For Developer / SysOps (Code/CLI Snippet):
CloudFormation snippet adding the retention policy on the DB resource:
Resources:
BlueGrowthDatabase:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: db.t3.medium
Engine: postgres
...
DeletionPolicy: Retain
Example CloudFormation stack policy snippet to protect DB updates:
{
"Statement": [
{
"Effect": "Deny",
"Action": "Update:*",
"Principal": "*",
"Resource": "LogicalResourceIds/BlueGrowthDatabase"
}
]
}
The Comparative Analysis (DVA Perspective) #
| Option | API/Template Complexity | Impact on Deployment | Use Case |
|---|---|---|---|
| A | Simple attribute in CFN | Prevents data loss on deletion | Essential for data protection |
| B | Requires stack policy JSON | Blocks accidental updates to DB | Adds fine-grained update controls |
| C | RDS configuration change | Improves failover—not deletion protection | Enhances availability, not safety |
| D | Stack Sets management | Cross-account/region scoped | Governance tool; no deletion safeguard |
| E | Invalid syntax | Causes CFN template failure | Not supported on stack level |
Real-World Application (Practitioner Insight) #
Exam Rule #
For the exam, always pick DeletionPolicy: Retain when you see “preserve data on resource deletion via CloudFormation”.
Real World #
In production, combining DeletionPolicy: Retain with backup strategies (like automated snapshots) and infrastructure deployment gates (stack policies/approval workflows) offers comprehensive protection.
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the AWS DVA-C02 exam.