Stack-Policies should be applied before stacks are applied if Stack already exists

Question

Stack-Policies should be applied before stacks are applied if Stack already exists

Closed this issue 7 years ago · 1 comments

If a stack is already existing and you add a Stack Policy to it, this policy is not added until the stack sync has finished. This means that when you do the sync with the stack policy, it will still be possible to do changes that are forbidden by the stack policy.

It also means that if you temporarily want to change a policy to make it more allowing to be able to do a change, this won't be possible because the stack-sync will fail and the policy will never be updated.

Desired behavior would be that if the stack is already existing in the account, it should apply the policy first, if not it should first create the stack and then apply the policy.

Answer 1 · 2017-12-28T16:16:39.000Z

will be available with cfn-sphere 1.0