Ensure your AWS CloudFormation stacks are using policies as a fail-safe mechanism in order to prevent accidental updates to stack resources. A CloudFormation stack policy is a JSON-based document that defines which actions can be performed on specified resources.
With CloudFormation stack policies you can protect all or certain resources in your stacks from being unintentionally updated or deleted during the update process.
To determine if your CloudFormation stacks are using policies to protect their resources from being unintentionally updated, perform the following:Note: Verifying CloudFormation stacks for policies using AWS Management Console is not currently supported.
To define CloudFormation stack policies based on your requirements and apply these policies to your existing stacks, perform the following:Note: Attaching policies to existing CloudFormation stacks using AWS Management Console is not currently supported.