Preventing Updates to AWS CloudFormation Resources with Stack Policies

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Securing AWS CloudFormation Resources with a Stack Policy
lock
Overriding AWS CloudFormation Stack Policies

Ready for the real environment experience?

DifficultyIntermediate
Time Limit45m
Students10
Ratings
5/5
starstarstarstarstar

Description

In AWS CloudFormation, a newly created stack allows updates to all stack resources by default. A stack update can be carried out by anyone with stack update permissions, and certain updates may result in a complete replacement of a resource. When using AWS CloudFormation to manage cloud infrastructure, it's essential to employ the correct safeguards to avoid unintentional updates to business-critical services.

Defining a stack policy along with your CloudFormation stack can prevent resources from being unintentionally updated or deleted during a stack update.

In this lab, you will learn how to apply and override a stack policy that is associated with an AWS CloudFormation stack.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Apply a stack policy to an AWS CloudFormation stack to prevent updates or deletion of stack resources
  • Override a stack policy for a one-time stack update

Intended Audience

  • Candidates for the AWS Certified DevOps Engineer - Professional exam
  • Cloud Architects
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • AWS CloudFormation
  • Amazon EC2

The following content can be used to fulfill the prerequisite:

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW
About the Author
Students16711
Labs52
Learning paths3

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content.