Modifying an AWS CloudFormation Stack Policy To get current stack policy, run the following command: aws cloudformation get-stack-policy --region AWS_REGION --stack-name STACK_NAME | jq '.StackPolicyBody' | sed 's/"{/{/g' | sed 's/}"/}/g' | sed 's/\\n/ /g' | sed 's/\\"/"/g' | jq '.' To allow further modification of a stack policy, run the following command: aws cloudformation set-stack-policy --region AWS_REGION --stack-name STACK_NAME ...

jq is a lightweight and flexible command-line JSON processor

AWS: Prevent Updates to Stack Resources

When you create a stack, all update actions are allowed on all resources. By default, anyone with stack update permissions can update all of the resources in the stack. During an update, some resources might require an interruption or be completely replaced, resulting in new physical IDs or completely new storage. You can prevent stack ...