Question #851
A company's developer deployed an application using AWS CloudFormation, which includes an S3 bucket configured with CORS settings. The application can modify the bucket's CORS configuration. During a stack update to add new IAM roles, the developer noticed the CORS settings reverted to their original values, overwriting the application's changes. The developer needs to prevent this while minimizing development effort.
Which solution will meet these requirements with the LEAST development effort?
Modify the CloudFormation stack to set the DeletionPolicy to Retain for the S3 bucket.
Create an Amazon DynamoDB table in the stack to store CORS configurations. Update the application to use DynamoDB instead of the S3 bucket's CORS settings.
Use an Amazon RDS instance to store CORS configurations. Update the application to retrieve settings from RDS.
Modify the CloudFormation stack policy to deny updates to the S3 bucket's CORS configuration.
Explanation
Answer A is correct because setting the DeletionPolicy to 'Retain' ensures that CloudFormation does not delete or modify the S3 bucket's configuration (including CORS settings) during stack updates. This allows the application's changes to persist without requiring code changes.
Other options are incorrect because:
- B & C require significant development effort to implement DynamoDB/RDS for CORS storage.
- D (stack policy) would block updates to CORS via CloudFormation but does not prevent CloudFormation from reapplying the original CORS settings during stack updates, as stack policies only restrict intentional updates, not drift correction.
Key Point: DeletionPolicy='Retain' minimizes effort by decoupling the S3 bucket's lifecycle from stack updates, preserving runtime modifications.
Answer
The correct answer is: A