Configuring stack policies

When you configure a stack policy, the Effect, Action, Principal, and Resource elements are required. You can optionally define a Condition element too.

When you create a stack policy, by default, it prevents updates for all resources in the stack. You customize the stack policy to define which actions are explicitly allowed. If you want to invert the policy, you can define an Allow statement that permits all actions and then specify explicit Deny statements that prevent actions on only specific resources. For reference, see this example stack policy in the CloudFormation documentation.

For more information about using these elements to create custom stack policies and more example policies, see Defining a stack policy and More example stack policies in the CloudFormation documentation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Stack policies

Setting and overriding stack policies