AWS CloudFormation Deletion Policy

Last updated on June 3, 2023

Deleting a stack on CloudFormation also removes all the provisioned resources in it. In some cases, you want some resources to be retained even after deleting its stack. The good thing is that you can do this by defining its DeletionPolicy.

This is pretty straightforward – you just need to define DeletionPolicy with Retain value and for the resources that support snapshot, (like RDS databases) you can set Snapshot as its value. With DeletionPolicy: Snapshot, a snapshot is created before a resource is deleted. This allows you to have a backup of the resource that’s been deleted from the stack.

Let’s say for example that you want to delete a deployed application. This app uses S3 for storing its object and RDS as its database, and you want to keep a copy of this resource as your reference. You may want to update its stack and add DeletionPolicy: Retain for S3 and DeletionPolicy: Snapshot for RDS before deleting it.

By default, deleting a stack will also delete its provisioned resources like the AWS::S3::Bucket that was launched using the below CloudFormation template.

This is an example of a CloudFormation stack template in YAML format:

AWSTemplateFormatVersion: 2010-09-09
Resources:
   SampleBucket:
     Type: AWS::S3::Bucket
Outputs:
     BucketName:
         Value: !Ref ‘SampleBucket’
        Description: This is a sample bucket

Retain

Adding DeletionPolicy: Retain on the template will retain the provisioned resources even after deleting its stack.

AWSTemplateFormatVersion: 2010-09-09
Resources:
   SampleBucket:
     Type: AWS::S3::Bucket
     DeletionPolicy: Retain
Outputs:
     BucketName:
     Value: !Ref ‘SampleBucket’
     Description: This is a sample bucket

Snapshot

DeletionPolicy: Snapshot can be added on resources that support snapshots like the following:

AWS::EC2::Volume

AWS::ElastiCache::CacheCluster

AWS::ElastiCache::ReplicationGroup

AWS::Neptune::DBCluster

AWS::RDS::DBCluster

AWS::RDS::DBInstance

AWS::Redshift::Cluster

In this example, we have here a Volume created along with an EC2 instance. Because Snapshot is defined as its DeletionPolicy, we expect this to create a snapshot when the stack is deleted.

AWSTemplateFormatVersion: 2010-09-09
Resources:
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0615132a0f36d24f4
TestVolume:
Type: AWS::EC2::Volume
DeletionPolicy: Snapshot
Properties:
Size: 10
AvailabilityZone: !GetAtt Ec2Instance.AvailabilityZone

You can see from the Resources tab that an EC2 instance and a separate Volume was created.

We have two volumes here, volume mounted on the EC2 instance and the volume that was defined on the CloudFormation template.

After deleting its stack, the provisioned EC2 instance and volumes are deleted as well.

But because of the deletion policy defined as “DeletionPolicy: Snapshot” on the YAML file, a snapshot was created before the volume was deleted.

Sources

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html

Written by: Lervin John Obando

Lervin is a Cloud Technology enthusiast and an AWS Community Builder whose expertise expands from Systems Administration, Database to Cloud Infrastructure. He is a Multi-Cloud Certified professional holding multiple certifications from AWS, Google, and Oracle. When he is not in front of his computer, you can find him spending time with his wife and dog.