AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
An operations engineer needs to update a production CloudFormation stack containing an Amazon RDS DB instance. The engineer must ensure the database can never be unintentionally replaced or deleted during future stack updates, but routine parameter modifications must still be allowed. What is the MOST appropriate solution to meet this requirement?
Enable stack termination protection on the CloudFormation stack.
Add the DeletionPolicy attribute set to Retain to the RDS DB resource in the template.
Set the resource's UpdateReplacePolicy attribute to Snapshot.
Attach a stack policy that explicitly denies Update:Replace and Delete actions for the RDS logical resource but allows Update:Modify.
A stack policy can evaluate the type of update attempted on a specific logical resource. By denying the Update:Replace and Delete actions for the RDS logical ID while allowing Update:Modify, the policy blocks any change that would cause a replacement or removal of the database but still permits in-place modifications such as parameter group updates. The DeletionPolicy attribute protects only when the resource is deleted (for example, during stack deletion) and does not stop replacements triggered by updates. Stack termination protection prevents the entire stack from being deleted but has no effect on individual resource replacements. UpdateReplacePolicy controls what happens to the old resource when a replacement occurs; it does not stop the replacement itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a stack policy in AWS CloudFormation?
Open an interactive chat with Bash
What’s the difference between DeletionPolicy, UpdateReplacePolicy, and stack policy?
Open an interactive chat with Bash
How does allowing Update:Modify work in this example?
Open an interactive chat with Bash
What is a CloudFormation stack policy?
Open an interactive chat with Bash
What is the difference between DeletionPolicy and UpdateReplacePolicy?
Open an interactive chat with Bash
How does stack termination protection differ from a stack policy?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Deployment, Provisioning, and Automation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .