Stack policies

Guide on AWS CloudFormation Stack Policies

AWS CloudFormation Stack Policies are a key concept for AWS Solution Architects.

What is it: Stack policies are JSON documents that define the update actions that can be performed on designated resources.

Why it is important: Stack policies provide an additional level of security by preventing unintentional updates to stack resources, which can help protect critical resources from being accidentally deleted or updated.

How it works: They control how AWS CloudFormation manages updates to particular resources in an AWS CloudFormation stack. When you associate a policy with your stack, CloudFormation checks the policy when you submit an update request.

Answering Questions on Stack Policies: When answering an exam question about stack policies, keep in mind that stack policies provide protection for resources, limiting the actions that can be taken on them. Use a policy to prevent stack resources from being unintentionally updated or deleted during stack operations. Always remember, stack policy doesn’t prevent or roll back resource updates that are initiated outside of AWS CloudFormation(i.e., updates initiated through a different service).

Exam Tips: Understanding the syntax and key components of stack policies is an important part of succeeding in the exam. Recognize the difference between permissions and policies: the former controls who can perform stack operations, the latter controls how AWS CloudFormation manages updates to resources in the stack.

Practice: Always practice creating and managing stack policies in AWS CloudFormation to get a full understanding of how they work.