You are responsible for maintaining dozens of CloudFormation templates.
Most of them use mappings to manage AMI IDs for different regions and instance types.
However, the AMI IDs can change regularly, such as when there are software updates.
In that case, you have to modify all related CloudFormation templates, which is very time-consuming.
You are considering an automated method to query and get the correct AMI IDs for CloudFormation.
Which two approaches together can help you achieve this? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer - A, C.
The question asks for an automated method to fetch the AMI IDs for EC2 resources in the CloudFormation template.
The manual methods should be avoided.
Refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html for the suggested approach.
Option A is CORRECT: Because this Lambda function can use region and instance type as inputs and get the related AMIs.
It then returns the IDs to the custom resource which is mentioned in Option.
C.Option B is incorrect: Because there is no other option that can help execute the script in an automated way.
Option C is CORRECT: Because this custom resource can associate a Lambda function to get the AMI IDs.
The stack can only proceed after the AMIs are received from the Lambda.
Option D is incorrect: Although the latest AMIs can be returned, there is no available option to provide the latest AMIs to CloudFormation templates.
Option E is incorrect: Because this needs manual intervention, which should be avoided considering the number of templates to maintain.
The challenge in this scenario is the need to update the AMI IDs in multiple CloudFormation templates, which can be a time-consuming task. There are various ways to automate this process and reduce the workload. Two possible solutions are:
A. Create a Lambda function to get the latest AMIs for a given region and instance type. B. Prepare a shell script to fetch the latest AMIs for any region and instance type by using AWS CLI command such as ec2 describe-images.
A Lambda function can be used to retrieve the latest AMI IDs for a given region and instance type. This function can be invoked from within the CloudFormation templates, either through a custom resource or a CloudFormation intrinsic function like Fn::ImportValue. The advantage of using a Lambda function is that it can be written in any programming language supported by AWS Lambda, and it can be triggered automatically by various AWS services, such as CloudWatch Events or S3 events.
On the other hand, a shell script that utilizes the AWS CLI can also be used to retrieve the latest AMI IDs. This script can be scheduled to run periodically, and the results can be stored in a centralized location, such as an S3 bucket or a parameter store. The CloudFormation templates can then reference these stored values when launching new instances.
In addition to these two options, there are also other ways to automate the process of retrieving the latest AMI IDs:
C. In the CloudFormation template, create a custom resource type to invoke and send input values to a Lambda function to get the correct AMIs. After the custom resource gets a proper response, the stack proceeds with other resources. This approach is similar to option A, but instead of using a CloudFormation intrinsic function to invoke the Lambda function, a custom resource is created that can invoke any AWS service, including Lambda.
D. Use a CloudWatch Event rule to execute a Lambda function every day to get the latest AMI IDs. This approach is similar to option A, but instead of invoking the Lambda function from within the CloudFormation templates, it is triggered by a CloudWatch Event rule that runs on a schedule. The Lambda function retrieves the latest AMI IDs and stores them in a centralized location, such as an S3 bucket or a parameter store.
E. Add a new AMI ID parameter in the CloudFormation templates. When creating CloudFormation stacks, input the latest AMI ID parameter. This approach is the most straightforward, but it requires manual intervention every time a new AMI ID is released. It also increases the risk of errors, as manual input can be prone to mistakes.
In summary, automating the process of retrieving the latest AMI IDs can significantly reduce the workload involved in managing multiple CloudFormation templates. The best approach depends on the specific use case and the available resources, but options A and B provide a good starting point for most scenarios.