logoStacktape docs

Policies

Introduction

  • Policies allow you enforce certain rules for all the stacks deployed using the given stacktape configuration.
  • They can be used to enforce organization-level best practices and avoid accidental mistakes.
Policies  API reference
allowedStages

List of the stages (environments) this stack can be deployed to.

Type: Array of string

allowedRegions

List of the regions this stack can be deployed to.

Type: Array of string ENUM

Possible values: af-south-1ap-east-1ap-northeast-1ap-northeast-2ap-northeast-3ap-south-1ap-southeast-1ap-southeast-2ca-central-1eu-central-1eu-north-1eu-south-1eu-west-1eu-west-2eu-west-3me-south-1sa-east-1us-east-1us-east-2us-west-1us-west-2

cloudformationStackPolicies

Cloudformation stack policies to be applied to this stack.

Type: Array of CfStackPolicyStatement

  • Stack policies allow you to restrict specific operations (such as update or delete) to specific resources defined in the stack.
  • By default, Stacktape creates stack policies that restrict update/delete for databases with deletionProtection enabled.
  • To learn more about stack policies, refer to AWS docs

Simple policies

allowedStages

  • The stack can be deployed to only specified stages.
allowedStages: ["production", "staging", "testing", "dev-john", "dev-jane"]


allowedStages

  • The stack can be deployed to only specified regions.
allowedRegions: ["eu-west-1"]


More policies will be added soon.

Cloudformation stack policies

  • Stack policies allow you to restrict specific operations (such as update or delete) to specific resources defined in the stack.
  • By default, Stacktape creates stack policies that restrict update/delete for databases with deletionProtection enabled.
  • To learn more about stack policies, refer to AWS docs
CfStackPolicyStatement  API reference
Parent API reference: Policies
Resource
Required

List of resources that the policy applies to

Type: Array of string

  • see AWS reference here.

Principal
Required

Principal to whom policy applies to

Type: string "*"

  • see AWS reference here.

Effect

Effect of the statement

Type: string ENUM

Possible values: AllowDeny

  • see AWS reference here.

Action

List of actions allowed/denied by the statement

Type: Array of string ENUM

Possible values: Update:*Update:DeleteUpdate:ModifyUpdate:Replace

  • see AWS reference here.

Condition

No description

Type: UNSPECIFIED