CloudFormation – 8 – Stack Policies

We have such a yaml template:

And a json Stack Policy:

This stack policy which will allow us to update SSHSecurityGroup but update of CriticalSecurityGroup will be denied.

So lets’s create a stack:

Next ->

Next ->

Next -> Create stack

The Stack has been created with stack  policy. Now let’s try to update it.

First we will update CidrSSH subnet:

Next -> Next ->  Update stack

And update has finished because stack policy allowed for this.

Now let’s try to update CidrHTTP:

Next -> Next -> Update stack

Update of stack has failed because action was denied by the stack policy.