Takomo
  • What is Takomo?
  • Getting started
    • Installation
    • Quick start
    • Tutorial
  • Configuration
    • AWS credentials
    • Directory structure
    • Stacks and stack groups
    • Project configuration
  • Stack properties
    • Name
    • Regions
    • Template
    • Template bucket
    • Command role
    • Account ids
    • Depends
    • Parameters
    • Tags
    • Inherit tags
    • Termination protection
    • Timeout
    • Capabilities
    • Stack policy
    • Ignore
    • Obsolete
    • Hooks
    • Data
    • Schemas
  • Variables and templating
    • Introduction
    • Handlebars syntax
    • Environment variables
    • Command-line variables
    • Partials
    • Helpers
    • Available variables
  • Parameter resolvers
    • Built-in parameter resolvers
      • Stack output resolver
      • External stack output resolver
      • Command resolver
      • File contents resolver
      • Hook output resolver
      • SSM parameter resolver
      • Secret resolver
    • Custom parameter resolvers
  • Hooks
    • Built-in hooks
    • Custom hooks
    • Sharing data between hooks
  • Validation schemas
    • Custom validation schemas
  • Command-line usage
    • Common options
    • Deploy stacks
    • Undeploy stacks
    • Prune stacks
    • List stacks
    • Detect drift
    • Generate IAM policies
    • Inspect stack configuration
    • Inspect stack dependencies
  • Support
    • Getting help
    • Troubleshooting
  • Development
    • Change log
Powered by GitBook
On this page
  • Stack policy during update
  • Deleting stack policy
  • Where to define
  • Requirements

Was this helpful?

Export as PDF
  1. Stack properties

Stack policy

You specify a stack policy with the stackPolicy property. It accepts a string or an object.

Examples

Setting a stack policy as a string:

stackPolicy: |
  {
    "Statement": [
      {
        "Effect": "Allow",
        "NotAction": "Update:Delete",
        "Principal": "*",
        "Resource": "*"
      }
    ]
  }

Setting a stack policy as an object:

stackPolicy:
  Statement:
    - Effect: Allow
      NotAction: Update:Delete
      Principal: "*"
      Resource: "*"

Stack policy during update

You specify a stack policy to use during stack update with the stackPolicyDuringUpdate property. It works the same way as the stackPolicy property.

Examples

Setting a stack policy to use during the stack update as an object:

stackPolicyDuringUpdate:
  Statement:
    - Effect: Allow
      Action: Update:*
      Principal: "*"
      Resource: "*"

Deleting stack policy

CloudFormation doesn't support removing of a stack policy once it has been created. As a workaround, when you remove the stack policy from the stack configuration, Takomo updates the policy with the allow all policy shown below, which is essentially equivalent to not having a stack policy attached at all.

allow all stack policy
{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "Update:*",
      "Principal": "*",
      "Resource": "*"
    }
  ]
}

Where to define

The stackPolicy and stackPolicyDuringUpdate properties can be defined in stack and stack group configuration files. If specified in a stack group, the stack group's children and stacks inherit the value. Stack groups and stacks can overwrite the policies they inherited from their parent.

Requirements

The stackPolicy property must satisfy these requirements:

  • Must be a valid JSON document

PreviousCapabilitiesNextIgnore

Last updated 3 years ago

Was this helpful?