Ensure that Amazon CloudFormation stacks have Termination Protection feature enabled in order to protect them from being accidentally deleted. The safety feature can be enabled when you create the CloudFormation stack or for existing stacks using the AWS API (UpdateTerminationProtection command). Once enabled, if you attempt to delete an AWS CloudFormation stack with the feature enabled, the deletion fails and the stack (including its current status), will remain unchanged. For production stacks, Cloud Conformity strongly recommends to use Termination Protection feature in addition to a well-defined Stack Policy in order to make your stack even safer.
With Termination Protection safety feature enabled, you have the guarantee that your CloudFormation stacks cannot be terminated (i.e. permanently deleted) accidentally and make sure that your AWS environment created by the stack and its data remains safe. Note: The CloudFormation Stack Policy is also a feature that enables you to prevent stack resources from being unintentionally updated or deleted during a stack update process. However, Stack Policy cannot protect your stack from being terminated as IAM users who have the permission to delete the stack, can still delete it.
To determine if your Amazon CloudFormation stacks have Termination Protection feature enabled, perform the following:
To enable Termination Protection safety feature for your Amazon CloudFormation stacks, perform the following: