AWS CloudFormation Review Questions & Answers, (Basic → Intermediate → Advanced → Expert).

AWS CloudFormation Review Questions & Answers, (Basic → Intermediate → Advanced → Expert).

Scope:

• Tailored for AWS:
• Solutions Architect,
• DevOps Engineer,
• DevSecOps Engineers ,
• Site Reliability Engineers (SRE),
• SysOps Engineers.

BASIC CloudFormation Interview Questions & Answers

1. What is AWS CloudFormation?

• CloudFormation is an Infrastructure-as-Code (IaC) service that allows twtech to:
• Define, 
• Provision, 
• And manage AWS infrastructure using YAML or JSON templates.

2. What is a CloudFormation Stack?

• A stack is a group of resources created from a CloudFormation template. 
• The Stack include Operations like:
• Create, 
• Update, 
• Delete that are apply to the entire stack.

3. What are the major sections of a CloudFormation template?

• AWSTemplateFormatVersion
• Description
• Parameters
• Mappings
• Conditions
• Resources (mandatory)
• Outputs
• Metadata
• Transform

4. What’s the difference between Resources and Parameters?

• Parameters → Dynamic inputs passed at deploy time
• Resources → Actual AWS components created include:
• EC2, 
• S3, 
• VPC, etc.

5. What happens during stack creation failure?

• CloudFormation automatically rolls back to the last known working state unless rollback is disabled.

6. What template formats does CloudFormation support?

•  YAML (preferred)
•  JSON

7. What is a Change Set?

• A Change Set shows what will change in the stack before applying an update.

 INTERMEDIATE CloudFormation Interview Questions & Answers

8. What are intrinsic functions in CloudFormation?

These are Built-in functions used inside templates, such as:

• Ref
• Fn::Sub
• Fn::Join
• Fn::GetAtt
• Fn::FindInMap
• Fn::ImportValue

9. What is Drift Detection?

• A feature that detects unmanaged changes to stack resources made outside of CloudFormation.

10. What are Mappings used for? 

• Mappings store static lookup tables:

Sample:

AMI IDs per region → env → instance type

11. What is the difference between Ref and Fn::GetAtt?

•  Ref returns the value of a parameter or resource name.
•  GetAtt returns a specific attribute of a resource:
•  e.g., DNSName of an ALB.

12. What is a Nested Stack?

• A stack inside another stack.
• Used to modularize and reuse CloudFormation components.

13. How does twtech pass data to EC2 instances via CloudFormation?

Using:

• UserData
• cfn-init (bootstrapping)
• cfn-signal
• Metadata section

14. How does CloudFormation handle dependencies between resources?

• Automatically handles dependencies using:
• Ref
• GetAtt
• DependsOn (manually specified if needed)

15. What is the Transform section used for?

• Supports macros or special systems like:
• AWS::Serverless-2016-10-31 (SAM)
• AWS::LanguageExtensions

 ADVANCED CloudFormation Interview Questions & Answers

16. What is the difference between StackSets and Nested Stacks?

Nested Stacks	StackSets
Template modularity	Multi-account, multi-region deployments
Included in same stack	Deployed to AWS Organizations
No cross-account	Cross-account support

17. Can CloudFormation update an EC2 instance without replacement?

• Yes, 
• but only if the updated property is modifiable.

Instance replacement occurs when changing:

• Instance type (sometimes)
• Launch template
• Subnet
• Security groups (in some cases)
• Block device mappings

18. What are Rollback Triggers?

• Rollback triggers monitor CloudWatch Alarms during update/create.
• If the alarm breaches, CloudFormation rolls back to last-known-good state.

19. How does CloudFormation handle IAM resources?

IAM resources require:

• Capabilities flags
•    CAPABILITY_NAMED_IAM
•    CAPABILITY_IAM

NB:

• This grants permission for CloudFormation to modify IAM.

20. How do you reuse values across stacks?

Using:

• Outputs
• Export/ImportValue

21. What happens if a resource is deleted manually?

• CloudFormation drift detection will identify it, 
• but the stack may fail during updates.

22. What are CloudFormation Macros?

• Custom code (often Lambda) that transforms templates at deployment time.

23. How can you speed up large stack deployments?

• Use parallel resource creation (CloudFormation does automatically)
• Break template into nested stacks
• Cache AMIs with preinstalled software
• Use SSM parameters instead of Mappings

24. What are Hooks?

• Hooks are Used to enforce policy before provisioning.
• Sample: enforce tagging or security standards across an org.

25. What’s the difference between CloudFormation & AWS CDK?

CloudFormation	CDK
Declarative	Imperative + Declarative
YAML/JSON	TypeScript/Python/Go/Java
Pure IaC	IaC with full programming logic
Verbose	Concise

NB:

• CDK synthesizes to CloudFormation templates.

 EXPERT CloudFormation Interview Questions & Answers

26. Explain the CloudFormation internals & execution workflow.

     1.     Template is uploaded
2.     Template is parsed by the CloudFormation engine
3.     Dependency graph is created
4.     Resources are created in parallel
5.     Events are streamed to the console
6.     If error occure → there is rollback
7.     This Stores stack metadata in S3 backend

27. How does twtech perform Blue/Green Deployments with CloudFormation?

It Uses:

•  Change Sets
•  Route 53 weighted routing
•  Lambda or EC2 Auto Scaling replacing instances
•  Swap out ALB target groups

28. How does twtech manage secrets securely in CloudFormation?

•   It Uses SSM Parameter Store (SecureString)
•  Its Uses Secrets Manager
•  Its Uses Ref to pull values without exposing plaintext

NB:

Never hard-code secrets.

29. How does twtech validate CloudFormation templates automatically?

It Uses:

•  aws cloudformation validate-template
•  cfn-lint
•  GitHub Actions / CodePipeline
•  CFN Guard (policy-as-code)

30. How does twtech avoid CloudFormation resource replacement during updates?

Strategies:

• It Uses UpdatePolicy
• It Uses CreationPolicy
• It Defines immutable resources (create new → swap → delete)
• It  Uses Fn::If to conditionally deploy
• Parameterize only replaceable properties

31. How does twtech migrate manually created resources into CloudFormation?

Options:

     1.     It Imports Resources into a stack
2.     OR It uses Drift Detection → create template → import
3.     OR It recreates them using IaC (recommended)

32. How does CloudFormation handle circular dependencies?

• It detects them and throws an error.
• Fix by:

• Using logical dependencies (DependsOn)
• Splitting into nested stacks
• Using Fn::Sub instead of Join

33. Explain CloudFormation’s rollback behavior in distributed systems.

• If a resource in parallel creation fails:
• CloudFormation will delete successfully created resources
• If a resource cannot be deleted cleanly → stack goes to ROLLBACK_FAILED state and requires manual fix

34. How does CloudFormation handle eventual consistency in AWS APIs?

• It automatically retries resource operations and polls AWS APIs until the resource reaches a stable state.

35. What is the best CloudFormation design pattern for large enterprise systems?

• Multi-account deployment via StackSets
• Modular templates using nested stacks
• Versioned templates stored in Git
• Enforced governance using hooks
• Drift detection enabled
• Use parameters from SSM Parameter Store
• ALBs, VPCs, IAM roles as foundational stacks
• Environment-specific stacks layered on top

Quick Review Questions & Answers (Straight-to-the-point Responses):

CloudFormation Interview Questions & Answers (Basic → Expert)
BASIC Level.
1. What is AWS CloudFormation?

Answer: A service that automates provisioning of AWS resources using templates.

2. What is a CloudFormation template?

Answer: A JSON/YAML document describing AWS resources to create.

3. What is a Stack?

Answer: A deployed CloudFormation template containing created resources.

4. Benefits of CloudFormation?

Answer: IaC, repeatability, automation, rollback, version control.

5. What is a Change Set?

Answer: A preview of changes before applying updates to a stack.

INTERMEDIATE Level.
6. Difference between Parameters, Mappings, and Outputs?

Answer: Parameters = user input; Mappings = static lookups; Outputs = exported or displayed values.

7. What are Resource Dependencies?

Answer: CloudFormation automatically manages dependencies; explicit via DependsOn.

8. What is Drift Detection?

Answer: Identifies differences between template and actual deployed resources.

9. What are Conditions?

Answer: Logic to control resource creation based on parameters (e.g., regions, environment).

10. What are Intrinsic Functions?

Answer: Functions like !Ref, !GetAtt, Fn::Join, Fn::Sub used for dynamic values.

ADVANCED Level.
11. How do Nested Stacks work?

Answer: Modular templates that allow reuse and separation of concerns.

12. What is StackSet?

Answer: Deployment of CloudFormation stacks across multiple accounts and regions.

13. How do you manage Secrets in CloudFormation?

Answer: Use AWS Secrets Manager, SSM Parameter Store (SecureString), or NoEcho parameters.

14. Difference between Update Policy and Creation Policy?

Answer: UpdatePolicy controls rolling updates; CreationPolicy waits for signals before marking success.

15. How do you handle rollback failures?

Answer: Use “DisableRollback,” retain failed resources, or investigate via stack events.

EXPERT Level.
16. What is CloudFormation Macro?

Answer: Lambda-powered transformations that modify templates before provisioning.

17. What is a Transformation?

Answer: Pre-processing directive such as AWS::Serverless for SAM.

18. How do you optimize large templates?

Answer: Use nested stacks, modules, YAML anchors, macros, StackSets.

19. How do you enforce governance?

Answer: Use IAM boundaries, Service Catalog, Config rules, StackSet guardrails.

20. How do you migrate infrastructure to CloudFormation?

Answer: Use resource import, drift detection, retrofitting templates, AWS Application Composer.