Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
An IAM policy that allows users to create new or update existing CloudFormation stacks, as long as the template URL used is allowed (by using the cloudformation:TemplateURL condition key). This policy also provides the permissions necessary to complete this action on the console.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Resource": "*",
"Effect": "Deny",
"Condition": {
"StringNotEquals": {
"cloudformation:TemplateURL": [
""
]
}
}
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:UpdateStack"
],
"Resource": "*",
"Effect": "Deny",
"Condition": {
"Null": {
"cloudformation:TemplateURL": "true"
}
}
}
]
}