CloudFormation:阻止删除资源 [英] CloudFormation: Block deleting resources
问题描述
从此问题中衍生出来。试图在更改期间使cloudformation模板安全。
A spinoff from this question. Trying to make a cloudformation template safe during changes.
有没有一种方法实际上阻止删除角色和表?会提供政策帮助吗?
Is there a way to actually block the deletion of the role and table? Would adding a policy help?
给出以下模板摘录:
{
...
"Parameters" : {
"ShouldCreateTable" : {
...
"Description" : "If true then the underlying DynamoDB table will be created with the CloudFormation stack."
},
...
},
"Conditions" : {
"CreateDynamoTable" : {"Fn::Equals" : [{"Ref" : "ShouldCreateTable"}, "true"]},
...
},
"Resources" : {
"Get" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
...
"Role": {"Fn::If" : ["CreateRole", {"Fn::GetAtt":["LambdaRole", "Arn"]}, {"Ref":"RoleARN"}]},
"Environment" : {
"Variables" : {
"AppDynamoTable" : { "Fn::If" : ["CreateDynamoTable", {"Ref":"DynamoTable"}, { "Ref" : "TableName" } ] }
}
},
...
}
},
"LambdaRole":{
"Type":"AWS::IAM::Role",
...
},
"DynamoTable" : {
"Type" : "AWS::DynamoDB::Table",
...
}
},
}
推荐答案
解决方案可以e使用 DeletionPolicy属性 。您可以轻松地在要阻止删除的资源中添加 DeletionPolicy:保留 。
The solution could be to use DeletionPolicy Attribute. You can easily add "DeletionPolicy" : "Retain" to your resources where you want to "block" the deletion.
AWS CloudFormation保留资源而不删除资源,或者在删除其堆栈时保留
内容。您可以将此删除
策略添加到任何资源类型。
AWS CloudFormation keeps the resource without deleting the resource or its contents when its stack is deleted. You can add this deletion policy to any resource type.
在给定的示例中看起来像这样:
This would look in your given example like this:
"LambdaRole":{
"Type":"AWS::IAM::Role",
"DeletionPolicy" : "Retain",
...
},
"DynamoTable" : {
"Type" : "AWS::DynamoDB::Table",
"DeletionPolicy" : "Retain",
...
}
这篇关于CloudFormation:阻止删除资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
