5 Ways to Prevent Accidentally Deleting Your CloudFormation Resources

1. Review the Changeset

  1. go to your CloudFormation console and select the stack that you want to update
  2. click the Stack actions button and then select Create change set for current stack.
  3. Choose Replace current template and upload your new template, or enter an S3 path to the file.
  4. From there, just follow the guide in order to create the changeset

2. Retain Specific Resources

3. Define a Stack Policy

4. Enable Stack Termination Protection

  1. Go to CloudFormation and select the stack that you want to protect.
  2. Chose Stack actions followed by Edit termination protection
  3. Chose Enabled and hit Save

5. Place Sensitive Resources in Different Stacks

Which One Should You Use?

Conclusion

  • Review the changeset is good if you want to sporadically review changes manually before applying some important changes.
  • The DeletionPolicy attribute will save your data in the event of a resource removal or stack deletion, but it won’t help against resource replacement.
  • Stack Policies will save you from accidentally removing a resource from the stack and changes that force a replacement. On the other hand, it won’t be of any help if the stack is deleted altogether.
  • Stack termination protection will only prevent accidental deletion of the stack.
  • Placing sensitive resources in isolation will help against some human mistakes, but on its own, it will not protect your data.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store