Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.
For DVA-C02 candidates, the common pitfall revolves around understanding how CloudFormation lifecycle events impact mutable resources managed outside the stack—especially when resources are shared or manipulated by the application itself. In production, this is about knowing exactly how to prevent inadvertent resets or overwrites of runtime configuration while deploying infrastructure as code. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
NimbusSoft, a fast-growing SaaS startup, uses AWS CloudFormation to deploy its backend application infrastructure. The stack includes configuration settings stored as parameters in AWS Systems Manager Parameter Store. The application reads and updates these parameters during runtime to adjust its behavior dynamically.
Recently, the engineering team modified the CloudFormation template to add tagging on some new resources. However, after applying the updated stack, they noticed that the Parameter Store parameter values had been reset to their original defaults defined in the template — effectively wiping out runtime updates made by the application.
The lead developer needs to change the deployment approach to ensure the Parameter Store parameter values are preserved across CloudFormation updates, and values updated by the application should not be reset by stack modifications. They want the solution with the least development effort.
The Requirement: #
Identify a deployment strategy that preserves application-updated Parameter Store values when the CloudFormation stack is updated, avoiding parameter resets or overrides outside the stack.
The Options #
- A) Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.
- B) Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application. Migrate the parameters that the application modifies from Parameter Store to the DynamoDB table.
- C) Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table for configuration parameters and migrate mutable settings from Parameter Store to this database.
- D) Modify the CloudFormation stack policy to deny updates on Parameter Store parameters.
Google adsense #
leave a comment:
Correct Answer #
A
Quick Insight: The Developer Imperative #
When CloudFormation manages parameters that the application runtime also updates, the challenge is that stack updates can overwrite or reset those parameters. Setting the DeletionPolicy to Retain prevents CloudFormation from deleting or resetting the parameter during stack updates or removals. This is a low-impact fix that preserves application-changed values with minimal development effort.
Options involving migration to DynamoDB or RDS introduce unnecessary complexity for mutable config storage, and deny policies may break legitimate updates from CloudFormation itself.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option A
The Winning Logic #
- Setting CloudFormation resource DeletionPolicy to Retain for the SSM Parameter Store parameters ensures that during stack updates or deletions, CloudFormation will not overwrite or remove the parameters, preserving any runtime changes made by the application.
- This approach requires minimal changes to existing infrastructure as code and no code rewrites.
- It uses native CloudFormation resource lifecycle management behavior effectively, preventing destructive updates to mutable configuration data.
The Trap (Distractor Analysis): #
- Option B: Moving configuration data to DynamoDB is technically feasible but introduces complexity for configuration management, likely requiring code rewrites and additional logic to read/write configs, increasing operational burden.
- Option C: Using an RDS instance is an over-engineered solution for simple parameter storage, adds database management overhead, and increases costs and latency.
- Option D: Denying stack updates to Parameter Store parameters via stack policies blocks legitimate infrastructure changes and is not a recommended practice; it also does not protect against resets due to parameter re-creation.
The Technical Blueprint #
Relevant AWS CLI snippet to set DeletionPolicy to Retain in CloudFormation template for SSM Parameter #
Resources:
AppConfigParameter:
Type: AWS::SSM::Parameter
Properties:
Name: /myapp/config/param1
Type: String
Value: "initialValue"
DeletionPolicy: Retain
Alternatively, via AWS CLI, you modify the stack template to include the DeletionPolicy: Retain attribute on the parameter resources.
The Comparative Analysis #
| Option | API/Resource Complexity | Performance Impact | Use Case Suitability |
|---|---|---|---|
| A | Low | None | Best for preserving Parameter Store across stack updates with minimal change |
| B | Medium | Low | Suitable if moving to NoSQL config store; higher dev effort |
| C | High | Moderate | Overkill for config storage; adds DB maintenance and latency |
| D | Low | May cause failures | Blocks legitimate CloudFormation updates, not recommended |
Real-World Application (Practitioner Insight) #
Exam Rule #
“For the exam, always pick CloudFormation DeletionPolicy Retain when you see mutable resources managed both inside and outside the stack.”
Real World #
“In reality, depending on complexity, teams may migrate runtime mutable configurations to DynamoDB or Parameter Store with strict IAM controls for higher flexibility, but simple resource lifecycle control is usually the first step.”
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the AWS DVA-C02 exam.