hands-on lab

Preventing Updates to AWS CloudFormation Resources with Stack Policies

Up to 45m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


In AWS CloudFormation, a newly created stack allows updates to all stack resources by default. A stack update can be carried out by anyone with stack update permissions, and certain updates may result in a complete replacement of a resource. When using AWS CloudFormation to manage cloud infrastructure, it's essential to employ the correct safeguards to avoid unintentional updates to business-critical services.

Defining a stack policy along with your CloudFormation stack can prevent resources from being unintentionally updated or deleted during a stack update.

In this lab, you will learn how to apply and override a stack policy that is associated with an AWS CloudFormation stack.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Apply a stack policy to an AWS CloudFormation stack to prevent updates or deletion of stack resources
  • Override a stack policy for a one-time stack update

Intended Audience

  • Candidates for the AWS Certified DevOps Engineer - Professional exam
  • Cloud Architects
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS CloudFormation
  • Amazon EC2

The following content can be used to fulfill the prerequisite:

Environment before

Environment after

About the author

Jun Fritz, opens in a new tab
Cloud Labs Developer
Learning paths

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Securing AWS CloudFormation Resources with a Stack Policy
Overriding AWS CloudFormation Stack Policies