Amazon DOP-C02 Exam - Topic 4 Question 30 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 30
Topic #: 4

An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application. The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running.

All resources should be removed when the CloudFormation stack is deleted. However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket created by the stack is not deleted.

How can the team resolve the error in the MOST efficient manner to ensure that all resources are deleted without errors?

AAdd a DelelionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted.

BAdd a custom resource with an AWS Lambda function with the DependsOn attribute specifying the S3 bucket, and an IAM role. Write the Lambda function to delete all objects from the bucket when RequestType is Delete.

CIdentify the resource that was not deleted. Manually empty the S3 bucket and then delete it.

DReplace the EC2 and S3 bucket resources with a single AWS OpsWorks Stacks resource. Define a custom recipe for the stack to create and delete the EC2 instance and the S3 bucket.

Show Suggested Answer

Suggested Answer: B, E

You need to understand how SCP inheritance works in AWS. The way it works for Deny policies is different that allow policies.

Allow polices are passing down to children ONLY if they don't have an allow policy.

Deny policies always pass down to children.

That's why there is always an SCP set to the Root to allow everything by default. If you limit this policy, the whole organization will be limited, not matter what other policies are saying for the other OUs. So it's not A. It's not D because it restricts the wrong OU.

by Charlene at Jul 17, 2024, 02:02 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Mozell

3 months ago

I thought S3 buckets auto-delete when stacks are removed? Surprised they don't!

upvoted 0 times

...

Alisha

3 months ago

Wait, why would you need a Lambda function for this?

upvoted 0 times

...

Lenny

3 months ago

C is just manual work, not efficient at all.

upvoted 0 times

...

Francene

4 months ago

I disagree, B sounds more robust for handling deletions.

upvoted 0 times

...

Dulce

4 months ago

Option A seems like the simplest fix!

upvoted 0 times

...

Dion

4 months ago

Option C seems like a manual workaround, but I feel like there should be a more automated way to handle the deletion process.

upvoted 0 times

...

Janine

4 months ago

I practiced a similar question where we had to manage resources in CloudFormation, but I can't recall if using a Lambda function is the most efficient solution here.

upvoted 0 times

...

Merlyn

4 months ago

I think option A sounds familiar; adding a DeletionPolicy might be the right way to ensure the bucket gets deleted automatically.

upvoted 0 times

...

Galen

5 months ago

I remember discussing how S3 buckets can cause issues during deletion if they aren't empty, but I'm not sure which option directly addresses that.

upvoted 0 times

...

Bernadine

5 months ago

Option D seems a bit overkill for this scenario. Replacing the existing resources with an OpsWorks Stacks resource might be more complex than necessary.

upvoted 0 times

...

Domingo

5 months ago

Option B looks promising - using a custom resource with a Lambda function to delete the objects in the S3 bucket. That could be a good way to handle the deletion issue.

upvoted 0 times

...

Angella

5 months ago

Hmm, I'm a bit confused. I'm not sure which option is the most efficient. I'll need to think this through carefully.

upvoted 0 times

...

Coleen

5 months ago

This seems like a straightforward question. I think the key is to find the most efficient way to ensure all resources are deleted without errors.

upvoted 0 times

...

Jeannetta

5 months ago

I'm leaning towards Option A. Adding the DeletionPolicy attribute to the S3 bucket resource seems like a simple and effective solution.

upvoted 0 times

...

Johnson

5 months ago

I've got this! The three types of transport nodes in NSX-T are NSX Edges, NSX Controllers, and Hypervisors. I'm pretty sure about that.

upvoted 0 times

...

Trina

5 months ago

Okay, let's see. Crashing the project involves adding resources to speed up the timeline, so it's not really a risk response per se. I'm leaning towards D on this one.

upvoted 0 times

...

Darrel

9 months ago

Hold up, did someone say 'Delete forcing'? That's my kind of party trick! Just make sure the bucket's not hosting your company's crown jewels, eh?

upvoted 0 times

...

Tracie

9 months ago

OpsWorks Stacks? Isn't that a bit overkill for this simple use case? I'd stick with the CloudFormation template and the DeletionPolicy.

upvoted 0 times

...

Shaun

9 months ago

Manually cleaning up the bucket? That's so 2010. Let's embrace the power of CloudFormation and automate this cleanup process!

upvoted 0 times

...

Keshia

10 months ago

A custom Lambda function to delete the objects in the bucket is a good idea, but it adds unnecessary complexity. The DeletionPolicy seems like the way to go here.

upvoted 0 times

Aileen

8 months ago

C) Identify the resource that was not deleted. Manually empty the S3 bucket and then delete it.

upvoted 0 times

...

Myra

8 months ago

B) Add a custom resource with an AWS Lambda function with the DependsOn attribute specifying the S3 bucket, and an IAM role. Write the Lambda function to delete all objects from the bucket when RequestType is Delete.

upvoted 0 times

...

Tuyet

9 months ago

C) Identify the resource that was not deleted. Manually empty the S3 bucket and then delete it.

upvoted 0 times

...

Quentin

9 months ago

upvoted 0 times

...

Ahmed

9 months ago

A) Add a DeletionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted.

upvoted 0 times

...

Nidia

9 months ago

A) Add a DeletionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted.

upvoted 0 times

...

Derrick

10 months ago

The DeletionPolicy attribute sounds like the most efficient solution to ensure the S3 bucket is deleted along with the stack. Elegantly handles the issue without additional custom code.

upvoted 0 times

Tyra

9 months ago

C) I agree, it's important to address these issues efficiently to avoid any lingering resources.

upvoted 0 times

...

Timothy

10 months ago

A) Yes, it's a simple and effective way to handle the deletion of resources.

upvoted 0 times

...

Colette

10 months ago

B) That sounds like a good solution to ensure everything gets deleted properly.

upvoted 0 times

...

Sarina

10 months ago

A) Add a DeletionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted.

upvoted 0 times

...

Adell

10 months ago

That's a good point too. We should consider the pros and cons of each option before making a decision.

upvoted 0 times

...

Hui

10 months ago

I disagree, I believe option A is the way to go. Adding a DeletionPolicy attribute to the S3 bucket resource will ensure it is removed when the stack is deleted.

upvoted 0 times

...

Adell

11 months ago

I think option B is the best solution. Adding a custom resource with an AWS Lambda function to delete all objects from the S3 bucket when the stack is deleted seems efficient.

upvoted 0 times

...