Menu
After creating a stack in CloudFormation, I set policy, which prohibits updates against the stack. Later, I decided I still want to keep changing the environment, I'd like to clear the set policy.
I set StackPolicy with aws cli, so looked again the aws cloudformation help command. Grepped stack-policy and all I found was set-stack-policy and get-stack-policy.
I also tried to set empty-ish policy with aws cloudformation set-stack-policy --stack-name $STACK_NAME --stack-policy-body '{"Statement": []}', which resulted in:
An error occurred (ValidationError) when calling the SetStackPolicy operation: Error validating stack policy: Invalid stack policy
799
According to Amazon's own documentation, you can't delete (clear) a stack policy from a stack. They don't bother explain why, but they do suggest a workaround:
You can't delete a stack policy. To remove all protection from all resources, you modify the policy to explicitly allow all actions on all resources. The following policy allows all updates on all resources:
.
{
"Statement" : [
{
"Effect" : "Allow",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
}
]
}
which is essentially equivalent to not having a stack policy attached at all.
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
