{"results":[{"id":"cdk-l1-l2-l3-construct-levels","text":"CDK L1 constructs (Cfn-prefixed) map 1:1 to CloudFormation resources and are auto-generated; L2 constructs are curated higher-level abstractions with defaults; L3 constructs (patterns) compose multiple resources into common architectures.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-adding-removing-replacement-property-triggers-replacement","text":"Adding or removing a CloudFormation property that requires replacement triggers replacement even if the effective value doesn't change.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-auto-resolves-resource-dependencies","text":"CloudFormation automatically resolves resource dependencies and determines creation order — users do not manually sequence resource creation.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-capability-named-iam-for-custom-names","text":"`CAPABILITY_NAMED_IAM` is required when CloudFormation templates include custom names for IAM resources; `CAPABILITY_IAM` suffices for IAM resources without custom names.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-change-set-execute-deletes-all-change-sets","text":"After executing a CloudFormation change set, all change sets associated with that stack are automatically deleted.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-change-set-no-stack-modification-until-execute","text":"CloudFormation does not modify the stack when creating a change set — changes only happen on explicit execution.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-change-set-no-success-guarantee","text":"CloudFormation change sets do not validate whether an update will succeed — they only preview changes, not check permissions, quotas, or resource update support.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-change-sets-do-not-validate-success","text":"CloudFormation change sets do not validate whether an update will succeed — they don't check account quotas, permissions, or whether a resource supports the proposed update.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-change-sets-preview-before-execute","text":"CloudFormation change sets let you preview proposed changes before executing them; the `deploy` command automatically creates and executes change sets","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-cloudtrail-parameter-values-never-logged","text":"CloudFormation parameter values are never logged in CloudTrail — only parameter key names appear in log entries (security measure to protect secrets).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-console-requires-create-upload-bucket-s3","text":"CloudFormation console users need `cloudformation:CreateUploadBucket` plus `s3:PutObject`, `s3:ListBucket`, `s3:GetObject`, and `s3:CreateBucket` permissions for template uploads.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-continue-update-rollback-resumes-failed","text":"CloudFormation `continue-update-rollback` resumes a stack update rollback that has previously failed","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-create-failed-rolls-back-by-default","text":"On `CREATE_FAILED`, CloudFormation rolls back by default and deletes created resources.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-custom-named-iam-globally-unique-no-reuse","text":"Custom-named IAM resources in CloudFormation templates are globally unique — do not reuse the same template with custom-named IAM resources across multiple stacks or regions.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-default-2000-stacks-per-account","text":"The default CloudFormation limit is 2,000 stacks per account (soft limit, can be increased via Service Quotas).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-delegated-admin-requires-call-as-flag","text":"Delegated administrators must pass `--call-as DELEGATED_ADMIN` in CLI commands for CloudFormation StackSet operations.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-delete-stack-does-not-delete-template-s3-bucket","text":"Deleting a CloudFormation stack deletes its resources but does not delete the S3 bucket storing the template — that requires separate cleanup.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-deleted-stackset-shows-deleted-status","text":"Deleted CloudFormation StackSets appear with a `DELETED` status in `list-stack-sets` output rather than being immediately purged.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-deleting-stack-deletes-all-resources","text":"Deleting a CloudFormation stack deletes all resources within it, unless deletion policies are configured to retain specific resources.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cfn-dual-layer-permissions-required","text":"CloudFormation users need permissions for both CloudFormation actions (e.g., `cloudformation:CreateStack`) AND permissions for the underlying AWS services referenced in templates (e.g., `sqs:*` for SQS queues).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":134,"limit":20,"offset":0}