CloudFormation is one of the most frequently asked topics in AWS Cloud Engineer, DevOps Engineer, Solutions Architect, Platform Engineer, Site Reliability Engineer (SRE), and Data Engineer interviews.
1. What is AWS CloudFormation?
Answer
AWS CloudFormation is an Infrastructure as Code (IaC) service that allows you to define, provision, and manage AWS infrastructure using code templates.
Instead of manually creating resources through the AWS Console, you define infrastructure in YAML or JSON templates.
Benefits
- Infrastructure as Code
- Automated deployments
- Version control
- Repeatable environments
- Reduced manual errors
- Easy rollback
- Compliance and governance
Example:
Resources:
MyBucket:
Type: AWS::S3::BucketThis template creates an S3 bucket automatically.
2. What is Infrastructure as Code (IaC)?
Answer
Infrastructure as Code means managing infrastructure using code rather than manual processes.
Benefits:
- Automation
- Consistency
- Reusability
- Version Control
- Faster deployments
Examples:
- CloudFormation
- Terraform
- AWS CDK
- Pulumi
3. What are CloudFormation Templates?
Answer
Templates are text files written in:
- YAML
- JSON
They describe AWS resources and configurations.
Example:
AWSTemplateFormatVersion: '2010-09-09'
Description: Sample Template
Resources:
MyEC2:
Type: AWS::EC2::Instance4. What are the main sections of a CloudFormation Template?
Answer
Common sections:
| Section | Purpose |
|---|---|
| AWSTemplateFormatVersion | Template version |
| Description | Template description |
| Metadata | Additional info |
| Parameters | User inputs |
| Mappings | Static values |
| Conditions | Conditional logic |
| Resources | AWS resources |
| Outputs | Return values |
Example:
Parameters:
InstanceType:
Type: String
Resources:
MyEC2:
Type: AWS::EC2::Instance5. Which formats are supported by CloudFormation?
Answer
Supported:
- YAML (Preferred)
- JSON
YAML advantages:
- Easier readability
- Smaller size
- Supports comments
6. What is a Stack?
Answer
A Stack is a collection of AWS resources created from a CloudFormation template.
Example:
A stack may contain:
- VPC
- Subnets
- EC2
- Security Groups
- Load Balancer
All resources are managed together.
7. What is a StackSet?
Answer
StackSets allow deployment of stacks across:
- Multiple AWS Accounts
- Multiple AWS Regions
Used for enterprise-wide deployments.
Example:
Deploy CloudTrail to:
- 100 AWS accounts
- 10 AWS regions
using one StackSet.
8. Difference Between Stack and StackSet?
| Feature | Stack | StackSet |
|---|---|---|
| Single Account | Yes | No |
| Multi Account | No | Yes |
| Multi Region | Limited | Yes |
| Enterprise Deployment | No | Yes |
9. What is Change Set?
Answer
A Change Set previews changes before applying them.
Benefits:
- Risk reduction
- Change visibility
- Safer deployments
Example:
Before update:
t3.microAfter update:
t3.mediumChange Set shows impact before execution.
10. What happens during Stack Creation?
Answer
CloudFormation:
- Reads template
- Validates syntax
- Resolves dependencies
- Creates resources
- Monitors status
- Marks stack complete
States:
CREATE_IN_PROGRESS
CREATE_COMPLETE
CREATE_FAILED11. What happens if Stack Creation fails?
Answer
By default:
CloudFormation performs rollback.
CREATE_FAILED
ROLLBACK_IN_PROGRESS
ROLLBACK_COMPLETEFailed resources are deleted automatically.
12. What is Rollback?
Answer
Rollback restores infrastructure to the previous stable state.
Example:
If RDS creation fails:
- EC2 removed
- VPC removed
- Stack reverted
13. What is Drift Detection?
Answer
Drift Detection identifies resources modified outside CloudFormation.
Example:
Template:
EC2 = t3.microAdmin changes manually:
EC2 = t3.largeDrift detection reports difference.
14. Why is Drift Detection important?
Answer
Benefits:
- Compliance
- Governance
- Auditing
- Detect manual changes
Common enterprise requirement.
15. What are Parameters?
Answer
Parameters allow dynamic input.
Example:
Parameters:
InstanceType:
Type: StringUser provides:
t3.microor
t3.medium16. What are Mappings?
Answer
Mappings are static lookup tables.
Example:
Mappings:
RegionMap:
us-east-1:
AMI: ami-12345Useful for region-specific values.
17. What are Conditions?
Answer
Conditions control resource creation.
Example:
Conditions:
IsProd: !Equals [!Ref Environment, prod]Create resource only in production.
18. What are Outputs?
Answer
Outputs expose resource values.
Example:
Outputs:
VPCID:
Value: !Ref MyVPCUsed by other stacks.
19. What are Intrinsic Functions?
Answer
Built-in CloudFormation functions.
Examples:
!Ref
!Sub
!GetAtt
!Join
!ImportValue
!FindInMap
!If20. Explain Ref Function
Answer
Returns resource identifier.
!Ref MyBucketReturns bucket name.
21. Explain GetAtt
Answer
Retrieves resource attributes.
Example:
!GetAtt MyEC2.PublicIpReturns EC2 public IP.
22. Explain Sub Function
Answer
String substitution.
!Sub arn:aws:s3:::${BucketName}Dynamic string generation.
23. Explain Join Function
Answer
Concatenates strings.
!Join
- "-"
- [dev, app]Output:
dev-app24. Explain ImportValue
Answer
Imports output from another stack.
Stack A:
Outputs:
VPCID:
Export:
Name: SharedVPCStack B:
!ImportValue SharedVPC25. What are Nested Stacks?
Answer
A stack inside another stack.
Benefits:
- Reusable modules
- Better organization
- Smaller templates
Example:
Network Stack
├── VPC
├── SubnetApplication Stack imports it.
26. What are CloudFormation Macros?
Answer
Macros transform templates before execution.
Often backed by:
AWS LambdaUse cases:
- Custom syntax
- Reusable logic
- Template simplification
27. What is CloudFormation Registry?
Answer
Registry allows custom resource types.
Examples:
Third-party resources
Custom resources28. What are Custom Resources?
Answer
Resources not natively supported by CloudFormation.
Implemented using:
Lambda
SNSExample:
- Create Jira ticket
- Configure external system
during deployment.
29. How does CloudFormation interact with Lambda?
Answer
CloudFormation invokes Lambda for:
- Custom resources
- Macros
Workflow:
CloudFormation
↓
Lambda
↓
External System30. What are CloudFormation Hooks?
Answer
Hooks validate resources before deployment.
Example:
Prevent:
Public S3 bucketsfrom being created.
31. What is DeletionPolicy?
Answer
Controls resource behavior during stack deletion.
Options:
DeletionPolicy: Delete
DeletionPolicy: Retain
DeletionPolicy: SnapshotExample:
DeletionPolicy: RetainRDS survives stack deletion.
32. Difference Between Retain and Snapshot?
Answer
Retain:
Resource stays intactSnapshot:
Creates backup snapshot
Deletes resourceCommon for RDS/EBS.
33. What is UpdateReplacePolicy?
Answer
Controls behavior when resources are replaced during updates.
UpdateReplacePolicy: RetainPrevents accidental data loss.
34. What are CloudFormation Limits?
Answer
Common limits:
- 500 resources per template
- 200 outputs
- 200 parameters
- 60 dynamic references
Interviewers often ask about scaling strategies.
35. How do you secure CloudFormation templates?
Answer
Best practices:
- Use IAM least privilege
- Use Secrets Manager
- Use SSM Parameter Store
- Avoid hardcoded passwords
- Enable CloudTrail
- Use Stack Policies
36. What is a Stack Policy?
Answer
Protects critical resources from updates.
Example:
Prevent deletion of:
Production Databaseeven during stack updates.
37. What is CloudFormation Designer?
Answer
Visual template design tool.
Allows drag-and-drop architecture creation.
38. What is AWS CDK and how is it related?
Answer
AWS CDK generates CloudFormation templates using code.
Languages:
- Python
- Java
- TypeScript
- C#
- Go
Flow:
CDK Code
↓
CloudFormation Template
↓
AWS Resources39. CloudFormation vs Terraform
| Feature | CloudFormation | Terraform |
|---|---|---|
| AWS Native | Yes | No |
| Multi Cloud | No | Yes |
| Third Party Providers | Limited | Extensive |
| AWS Integration | Excellent | Good |
| State Management | AWS Managed | User Managed |
40. Senior-Level Interview Question
How would you deploy a multi-account enterprise landing zone using CloudFormation?
Answer
Architecture:
AWS Organizations
│
StackSets
│
├── IAM Roles
├── CloudTrail
├── Config
├── Security Hub
├── GuardDuty
├── Logging Buckets
└── SCP PoliciesApproach:
- Create Organization
- Configure delegated admin
- Deploy baseline via StackSets
- Use Change Sets
- Enable Drift Detection
- Protect critical resources using Stack Policies
- CI/CD integration with CodePipeline/GitHub Actions
This answer demonstrates senior-level AWS architecture expertise.
Top 25 CloudFormation Interview Questions Asked Most Frequently
- What is CloudFormation?
- Why use Infrastructure as Code?
- What is a Stack?
- What is a StackSet?
- What are Parameters?
- What are Outputs?
- What is Drift Detection?
- What is a Change Set?
- What are Intrinsic Functions?
- Explain Ref.
- Explain GetAtt.
- Explain Sub.
- Explain ImportValue.
- What are Nested Stacks?
- What are Custom Resources?
- How do Rollbacks work?
- What is DeletionPolicy?
- What is UpdateReplacePolicy?
- What is a Stack Policy?
- CloudFormation vs Terraform?
- CloudFormation vs CDK?
- How do you manage secrets?
- How do StackSets work?
- How do you secure templates?
- Design a multi-account CloudFormation deployment strategy.
For AWS Solutions Architect, DevOps Engineer, Cloud Engineer, and Data Engineer interviews in the U.S. market, I would also recommend mastering advanced topics such as CloudFormation StackSets, Nested Stacks, Macros, Custom Resources with Lambda, CI/CD integration, cross-account deployments, drift detection, and enterprise landing zone automation, since these are commonly discussed in senior-level interviews.
