Stack policy
You specify a stack policy with the stackPolicy property. It accepts a string or an object.
Examples​
Setting a stack policy as a string:
stackPolicy: |
{
"Statement": [
{
"Effect": "Allow",
"NotAction": "Update:Delete",
"Principal": "*",
"Resource": "*"
}
]
}
Setting a stack policy as an object:
stackPolicy:
Statement:
- Effect: Allow
NotAction: Update:Delete
Principal: "*"
Resource: "*"
Stack policy during update​
You specify a stack policy to use during stack update with the stackPolicyDuringUpdate property. It works the same way as the stackPolicy property.
Examples​
Setting a stack policy to use during the stack update as an object:
stackPolicyDuringUpdate:
Statement:
- Effect: Allow
Action: Update:*
Principal: "*"
Resource: "*"
Deleting stack policy​
CloudFormation doesn't support removing of a stack policy once it has been created. As a workaround, when you remove the stack policy from the stack configuration, Takomo updates the policy with the allow all policy shown below, which is essentially equivalent to not having a stack policy attached at all.
{
"Statement": [
{
"Effect": "Allow",
"Action": "Update:*",
"Principal": "*",
"Resource": "*"
}
]
}
Where to define​
The stackPolicy and stackPolicyDuringUpdate properties can be defined in stack and stack group configuration files. If specified in a stack group, the stack group's children and stacks inherit the value. Stack groups and stacks can overwrite the policies they inherited from their parent.
Requirements​
The stackPolicy and stackPolicyDuringUpdate properties must satisfy these requirements:
- Must be a valid JSON document