Skip to main content

AWS SOA-C02 Drill: CloudFormation Stack Deletion - Protecting DynamoDB Resources

·684 words·4 mins·
Certification Drills AWS SOA-C02 CloudFormation DynamoDB
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | AWS SAA/SAP & Multi-Cloud Expert.
Table of Contents

Jeff’s Note
#

Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Site Reliability Engineer.

For SOA-C02 candidates, the confusion often lies in how to preserve critical resources during stack deletion in automated deployments. In production, this boils down to understanding exactly how AWS CloudFormation’s resource deletion policies impact the lifecycle of dependent services like DynamoDB. Let’s drill down.

The Certification Drill (Simulated Question)
#

Scenario
#

DataStream Solutions, a fintech startup, uses AWS CloudFormation to deploy a serverless payment processing application within their production VPC. The application architecture includes an AWS Lambda function, an Amazon DynamoDB table to store transaction records, and an Amazon API Gateway REST API.

The SRE team needs to delete the CloudFormation stack for a major update but must ensure the DynamoDB table is not deleted or lost during this process to preserve transaction history.

The Requirement:
#

What step should the SRE take before deleting the CloudFormation stack to ensure the DynamoDB table remains intact?

The Options
#

  • A) Add a Retain deletion policy to the DynamoDB resource in the CloudFormation stack template.
  • B) Add a Snapshot deletion policy to the DynamoDB resource in the CloudFormation stack template.
  • C) Enable termination protection on the CloudFormation stack.
  • D) Update the application’s IAM policy to explicitly deny the dynamodb:DeleteTable API action.

Google adsense
#

leave a comment:

Correct Answer
#

A.

Quick Insight: The SysOps Imperative
#

When deleting stacks, CloudFormation’s DeletionPolicy attribute controls whether critical resources are deleted or preserved. Applying the Retain policy preserves the DynamoDB table by removing it from stack management, preventing data loss. Termination protection only prevents stack deletion itself—it won’t preserve individual resources. Denying IAM permissions at runtime won’t prevent resource deletion initiated by CloudFormation during stack teardown.

Content Locked: The Expert Analysis
#

You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?

Unlock Full Access & Start Mastering

The Expert’s Analysis
#

Correct Answer
#

Option A

The Winning Logic
#

CloudFormation’s DeletionPolicy attribute supports three options: Delete (default), Retain, and Snapshot (for specific resource types).

  • The Retain policy ensures that when the stack is deleted, the specified resource is not deleted but orphaned, preserving its state—ideal for DynamoDB tables containing critical data.
  • This way, the resource lives on outside the stack lifecycle, allowing future manual or automated management.

The Trap (Distractor Analysis):
#

  • Option B: Snapshot DeletionPolicy does not apply to DynamoDB tables. It is primarily used with resources like EBS volumes or RDS databases where snapshot capability exists.
  • Option C: Termination Protection protects the entire stack from accidental deletion but doesn’t stop individual resources from being deleted if the stack is deleted intentionally (after disabling termination protection). It is a blunt instrument.
  • Option D: IAM policy denial of dynamodb:DeleteTable affects API calls, but CloudFormation stack deletions operate with roles and privileges that may bypass or complicate this approach. It does not guarantee the resource won’t be removed if the stack is deleted.

The Technical Blueprint
# 

# Example CloudFormation snippet to retain DynamoDB table during stack deletion
Resources:
  TransactionsTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: TransactionsData
      AttributeDefinitions:
        - AttributeName: TransactionId
          AttributeType: S
      KeySchema:
        - AttributeName: TransactionId
          KeyType: HASH
      BillingMode: PAY_PER_REQUEST
    DeletionPolicy: Retain  # <== This ensures the table is preserved when stack is deleted

The Comparative Analysis
#

Option Operational Overhead Automation Level Impact
A) Retain Policy Low High Table preserved safely
B) Snapshot Policy Medium Medium Not applicable for DynamoDB
C) Termination Protection Low Low Prevents stack delete, not resource deletion
D) IAM Deny Rule High Low Can cause failures, not reliable for preservation

Real-World Application (Practitioner Insight)
#

Exam Rule
#

For the exam, always pick “Retain” DeletionPolicy when preserving critical stateful resources managed by CloudFormation.

Real World
#

In production, teams sometimes combine Retain with backup procedures (like DynamoDB backups or exporting data) to add safety layers. Relying solely on IAM restrictions or termination protection is risky and less operationally elegant.

(CTA) Stop Guessing, Start Mastering
#

Unlock The Full Analysis Now

Disclaimer

This is a study note based on simulated scenarios for the SOA-C02 exam.

The DevPro Network: Mission and Founder

A 21-Year Tech Leadership Journey

Jeff Taakey has driven complex systems for over two decades, serving in pivotal roles as an Architect, Technical Director, and startup Co-founder/CTO.

He holds both an MBA degree and a Computer Science Master's degree from an English-speaking university in Hong Kong. His expertise is further backed by multiple international certifications including TOGAF, PMP, ITIL, and AWS SAA.

His experience spans diverse sectors and includes leading large, multidisciplinary teams (up to 86 people). He has also served as a Development Team Lead while cooperating with global teams spanning North America, Europe, and Asia-Pacific. He has spearheaded the design of an industry cloud platform. This work was often conducted within global Fortune 500 environments like IBM, Citi and Panasonic.

Following a recent Master’s degree from an English-speaking university in Hong Kong, he launched this platform to share advanced, practical technical knowledge with the global developer community.


About This Site: AWS.CertDevPro.com


AWS.CertDevPro.com focuses exclusively on mastering the Amazon Web Services ecosystem. We transform raw practice questions into strategic Decision Matrices. Led by Jeff Taakey (MBA & 21-year veteran of IBM/Citi), we provide the exclusive SAA and SAP Master Packs designed to move your cloud expertise from certification-ready to project-ready.