Triage AWS Cloudformation Stacks should have Termination Protection enabled STACK_TERMINATION_PROTECTION_NOT_ENABLED
Quick Links
- Configure AWS Cloudformation Stacks should have Termination Protection enabled
- Use Case for AWS Cloudformation Stacks should have Termination Protection enabled
- Triage Guides by Violation Type
Why should I care about fixing this issue?
To get started on understanding CloudFormation Stack Termination Protection, read our use-case page.
What is the data source for this policy?
This policy relies on a call to cloudformation:DescribeStacks. If the response of the property EnableTerminationProtection is not true, then a violation is opened by the policy.
Does this policy scan on a schedule? If so, when?
No, it's triggered when changes to matching resources are detected.
How do I enable termination protection using AWS Console?
See the console instructions on To enable or disable termination protection on an existing stack.
How do I enable termination protection using CloudFormation?
Nested stacks AWS::CloudFormation::Stack inherit the termination status of the parent stack, see To enable or disable termination protection on a nested stack.
Setting termination protection on a top-level stack will vary depending on the tool used for managing your stacks.
How do I enable termination protection using AWS CDK?
Set terminationProtection to true on your Stack (construct) (defaults to false).
How do I enable termination protection using Terraform?
Terraform does not support enabling termination protection for CloudFormation stacks managed by Terraform. (see Feature Request: Add support for CloudFormation Stack Termination Protection #3496).
How do I enable termination protection using AWS CLI?
aws \
cloudformation update-termination-protection \
--stack-name example \
--enable-termination-protection
When is it appropriate to mark this violation as "by design"?
To get started on understanding CloudFormation Stack Termination Protection, read our use-case page.