Preventing Updates to AWS CloudFormation Resources with Stack Policies
In AWS CloudFormation, a newly created stack allows updates to all stack resources by default. A stack update can be carried out by anyone with stack update permissions, and certain updates may result in a complete replacement of a resource. When using AWS CloudFormation to manage cloud infrastructure, it's essential to employ the correct safeguards to avoid unintentional updates to business-critical services.
Defining a stack policy along with your CloudFormation stack can prevent resources from being unintentionally updated or deleted during a stack update.
In this lab, you will learn how to apply and override a stack policy that is associated with an AWS CloudFormation stack.
Learning Objectives
Upon completion of this intermediate-level lab, you will be able to:
- Apply a stack policy to an AWS CloudFormation stack to prevent updates or deletion of stack resources
- Override a stack policy for a one-time stack update
Intended Audience
- Candidates for the AWS Certified DevOps Engineer - Professional exam
- Cloud Architects
- Software Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- AWS CloudFormation
- Amazon EC2
The following content can be used to fulfill the prerequisite:
Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications.
Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content.