Question 19943 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

How do I update DeletionPolicy from Retain to Delete

I have looked through a lot of CloudFormation documentations, but could not find any reference to update the DeletionPolicy from Retain to Delete for a resource in an already deployed stack.

The existing resource that is deployed in the stack has the DeletionPolicy set to Retain. I am unable to change it to Delete. When I try updating the stack with the deletionPolicy set to Delete, it says the Change set did not include any changes to be deployed.. But the change is obvious.

My intention is to get the deletionPolicy attribute removed from the resources in the stack or set them to Delete

Framework being used for deployments: Serverless

Consider the below resource template as an existing resource in the stack:

  ResourceA:
    Type: AWS::IAM::Role
    DeletionPolicy: Retain //This is how it is currently deployed
    Properties:
      RoleName: RoleName-${self:custom.env.stage}
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: events.amazonaws.com
            Action: sts:AssumeRole

Trying to get the above resource properties changed to:

  ResourceA:
    Type: AWS::IAM::Role
    DeletionPolicy: Delete // <--- The change
    Properties:
      RoleName: RoleName-${self:custom.env.stage}
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: events.amazonaws.com
            Action: sts:AssumeRole

The intention is to get rid of the deletion policy, but having the deletionPolicy as Delete would also allow me to continue with what I am intending to do.

  ResourceA:
    Type: AWS::IAM::Role
    Properties:
      RoleName: RoleName-${self:custom.env.stage}
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: events.amazonaws.com
            Action: sts:AssumeRole
Tags:

2

Answers


  1. 0

    @Gaurav: I had the same issue using the Serverless Framework. Just updating the DeletionPolicy resulted in a skipped update.

    The workaround for me was to add a dummy resource to the stack to get the update deployed, then remove the dummy resource and deploy again.

    Looks like a bug in Serverless Framework.

    Login or Signup to reply.
  2. 0

    This the expected behaviour of Retain as explained in AWS docs

    To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, Amazon S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.

    Apply some subsequent changes to see make sure it is applied

    Reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search