Stack-Policies should be applied before stacks are applied if Stack already exists
Closed this issue · 1 comments
scoutkarlsson commented
If a stack is already existing and you add a Stack Policy to it, this policy is not added until the stack sync has finished. This means that when you do the sync with the stack policy, it will still be possible to do changes that are forbidden by the stack policy.
It also means that if you temporarily want to change a policy to make it more allowing to be able to do a change, this won't be possible because the stack-sync will fail and the policy will never be updated.
Desired behavior would be that if the stack is already existing in the account, it should apply the policy first, if not it should first create the stack and then apply the policy.
marco-hoyer commented
will be available with cfn-sphere 1.0