You must be logged in to view saved presets
Prevent Creating or Updating CloudFormation Stacks that Contain Specific AWS Resource Types
An IAM policy that prevents creating or updating CloudFormation stacks that contain specific resource types by using the cloudformation:ResourceTypes condition key (This policy uses IAM resources as the default example). This policy also provides the permissions necessary to complete this action on the console.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Resource": "*",
"Effect": "Deny",
"Condition": {
"StringNotEquals": {
"cloudformation:ResourceTypes": [
"AWS::IAM::*"
]
}
}
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:UpdateStack"
],
"Resource": "*",
"Effect": "Deny",
"Condition": {
"Null": {
"cloudformation:ResourceTypes": "true"
}
}
}
]
}Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.