Amazon Exam DOP-C02 Topic 4 Question 30 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 30
Topic #: 4

An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application. The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running.

All resources should be removed when the CloudFormation stack is deleted. However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket created by the stack is not deleted.

How can the team resolve the error in the MOST efficient manner to ensure that all resources are deleted without errors?

AAdd a DelelionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted.

BAdd a custom resource with an AWS Lambda function with the DependsOn attribute specifying the S3 bucket, and an IAM role. Write the Lambda function to delete all objects from the bucket when RequestType is Delete.

CIdentify the resource that was not deleted. Manually empty the S3 bucket and then delete it.

DReplace the EC2 and S3 bucket resources with a single AWS OpsWorks Stacks resource. Define a custom recipe for the stack to create and delete the EC2 instance and the S3 bucket.

Show Suggested Answer

Suggested Answer: B, E

You need to understand how SCP inheritance works in AWS. The way it works for Deny policies is different that allow policies.

Allow polices are passing down to children ONLY if they don't have an allow policy.

Deny policies always pass down to children.

That's why there is always an SCP set to the Root to allow everything by default. If you limit this policy, the whole organization will be limited, not matter what other policies are saying for the other OUs. So it's not A. It's not D because it restricts the wrong OU.

by Charlene at Jul 17, 2024, 02:02 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Derrick

7 days ago

The DeletionPolicy attribute sounds like the most efficient solution to ensure the S3 bucket is deleted along with the stack. Elegantly handles the issue without additional custom code.

upvoted 0 times

...

Adell

12 days ago

That's a good point too. We should consider the pros and cons of each option before making a decision.

upvoted 0 times

...

Hui

13 days ago

I disagree, I believe option A is the way to go. Adding a DeletionPolicy attribute to the S3 bucket resource will ensure it is removed when the stack is deleted.

upvoted 0 times

...

Adell

24 days ago

I think option B is the best solution. Adding a custom resource with an AWS Lambda function to delete all objects from the S3 bucket when the stack is deleted seems efficient.

upvoted 0 times

...