Master AWS Certified Solutions Architect Associate SAA-C03 Exam/

...

/

Stack Policies

Stack Policies

Get working knowledge of managing CloudFormation stacks with stack policies.

We'll cover the following...

Just like we restrict different users’ actions on different resources through IAM policies, we can also configure stack policies to define permissible actions on the CloudFormation stack resources.

Managing stack workflows with policies

We can define a stack policy as a JSON document that defines the permissible and impermissible actions that can be applied to the CloudFormation stack resources.

Press + to interact

The following diagram illustrates the workflow of the AWS CloudFormation Service when a stack policy is implemented. In this example, the user makes changes in the stack that we’ve denied in the stack policy:

Press + to interact
Workflow of how the stack policy restricts updates in a stack
Workflow of how the stack policy restricts updates in a stack

It’s useful to describe stack policies for stack with especially critical resources that cannot be modified or deleted. These resources need to be safeguarded from any unintended or unauthorized actions.

Anatomy of a stack policy

A stack policy is somewhat similar to a basic IAM resource policy. To illustrate, here’s the sample template for a stack ...