AWS Certified Solutions Architect - Professional 2020

Sign Up Free or Log In to participate!

Challenge 2 question – contains no explicit requirement that colleague needs or wants to make any changes.

There is no explicit requirement stated in the question that once the stack is up the colleague needs or wants to make any changes. There is only his requirement that the database be protected.

So, maybe consider updating the question, because otherwise options A and/or D would seem to be the correct answers ?

Unless I’m missing something entirely ?

1 Answers

Hi Rowan,

This question tests your knowledge around knowing that any updates not explicitly allowed are denied by default.  It comes straight from the documentation (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html )

You’re correct that the question does not explicitly say we need to make chances to other resources, hence requiring the Allow component.  But, we also cannot assume the production database is the only resource in the stack.  If you were a consultant, you’d want to guide the client to implement the stack policy that is most specific to the need.  You wouldn’t wait until the client complained that they couldn’t update the Dev database to say "well you didn’t say you wanted to update other resources".

–Scott

Rowan Williams

Fair enough. Thanks for answering Scott.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?