Concepts & Fundamentals
Explain the meaning of “Infrastructure as Code (IaC)” in the context of AWS CloudFormation. Why is it important?
IaC means managing infrastructure (servers, databases, networks, etc.) using machine-readable templates (YAML/JSON) instead of manual processes. In AWS CloudFormation, IaC ensures repeatability, consistency, automation, and scalability, reducing human error and allowing version-controlled infrastructure
Differentiate between AWS Elastic Beanstalk and AWS CodeDeploy.
Elastic Beanstalk: Simplifies application deployment by automatically handling provisioning, scaling, load balancing, and monitoring (supports Java, Python, Node.js, Docker, etc.).
CodeDeploy: Focuses on automating application code updates on EC2, Lambda, or on-premises servers, using strategies like in-place or Blue/Green deployments
Discuss how CloudFormation templates act as “self-documenting” tools.
Templates describe exact infrastructure definitions in readable JSON/YAML. Since they contain only necessary steps, they double as deployment scripts and documentation, removing the need for separate manuals
A company is struggling with frequent “fat-finger” errors when configuring EC2 instances manually. Recommend a CloudFormation-based solution.
Use a CloudFormation template to define EC2 instances consistently. Templates are repeatable and validated, ensuring no misconfigurations occur due to manual errors
Compare manual AWS resource deployment with automated deployment using CloudFormation. Highlight at least three advantages of automation.
Manual deployment is time-consuming, error-prone, and difficult to document. CloudFormation automation:
Saves time by running essential steps only.
Improves security by enforcing controlled, reusable templates.
Ensures repeatability across development, staging, and production environments
Describe how the Blue/Green deployment strategy in AWS CodeDeploy reduces downtime and risks during updates.
Blue/Green creates a duplicate environment with the new version, shifts traffic to it once validated, and leaves the old version available for rollback. This minimizes downtime and avoids failures impacting users
Security is a concern when using manual deployments. How does CloudFormation address this with IAM?
CloudFormation templates can be restricted to specific IAM users and groups, ensuring only authorised people can deploy, update, or delete resources, reducing misconfigurations and human mistakes
You are tasked with setting up a CI/CD pipeline for a Node.js app. Outline AWS tools you would use.
CodeCommit/GitHub for source control.
CodeBuild to compile/test Node.js.
CodeDeploy to automate updates (e.g., Blue/Green).
CodePipeline to link all stages into an automated release process
What is a CloudFormation stack, and how does it simplify resource management?
A stack is a collection of related AWS resources managed as a single unit. CloudFormation simplifies management by letting you create, update, or delete all resources together, ensuring they remain consistent and aligned with the template
Explain the components of AWS CodePipeline and how they support CI/CD.
CodePipeline stages:
Source: fetches code from repositories.
Build: compiles and tests code.
Test: runs automated test cases.
Deploy: pushes to production.
Together, they automate the software release lifecycle, ensuring fast, consistent, and reliable deployments
Provide an example of how CloudFormation can scale infrastructure dynamically.
CloudFormation can define an Auto Scaling Group for EC2 instances that automatically adds or removes servers based on CPU utilization. This allows infrastructure to grow or shrink with demand
A team wants to catch misconfigured S3 policies before deployment. Which CloudFormation feature/tool would you suggest?
Use CloudFormation Hooks or CloudFormation Guard. They check compliance against policies (e.g., enforce encryption, block public buckets) before provisioning
Describe the role of “Outputs” in CloudFormation templates and provide one practical use case.
Outputs export details about created resources (e.g., database endpoint, S3 bucket name). A practical use case is sharing outputs between stacks for integration or allowing developers to quickly reference deployment details.
Discuss two benefits of using AWS CodeBuild as part of a CI/CD pipeline. Provide an example.
Serverless scaling (auto-adjusts to workload).
Pay-per-use pricing saves costs.
Example: compiling a Java application, running unit tests, and producing deployment artifacts before CodeDeploy pushes them live
Explain the concept of “CloudFormation Hooks.”
Hooks are code checks that run before provisioning, ensuring resource configurations (e.g., security settings) meet compliance requirements before deployment
Suppose a company wants to share standardized infrastructure patterns across teams. How could CloudFormation templates support this goal?
Teams can create reusable CloudFormation templates as blueprints for common setups (e.g., VPC design, load balancer). These can be shared and reused, promoting best practices and consistency
How do CloudFormation “change sets” improve the safety of infrastructure updates?
Change sets preview proposed modifications before applying them. This lets teams evaluate risks and impacts of changes, preventing unintended disruptions in production
AWS OpsWorks integrates Chef and Puppet. Explain their contribution to hybrid environment automation.
Chef and Puppet provide configuration management — automating tasks like patching, updating, and drift management across on-premise and cloud servers. OpsWorks integrates them to streamline hybrid deployments with consistent setups.
How does AWS CloudFormation Guard help enforce compliance?
Guard applies policy-as-code rules to validate templates (e.g., ensuring all S3 buckets enforce encryption). This enforces compliance automatically and consistently
A startup wants secure, cost-effective, automated infrastructure deployment. Which AWS services would you propose?
CloudFormation for automated IaC.
Systems Manager to secure and lock down deployment tasks.
CodePipeline for CI/CD automation.
Together, they reduce human error, control access, and lower costs by automating repeatable tasks