Clear stack policy in Cloudformation?

Question

After creating a stack in CloudFormation, I set policy, which prohibits updates against the stack. Later, I decided I still want to keep changing the environment, I'd like to clear the set policy.

I set StackPolicy with aws cli, so looked again the aws cloudformation help command. Grepped stack-policy and all I found was set-stack-policy and get-stack-policy.

I also tried to set empty-ish policy with aws cloudformation set-stack-policy --stack-name $STACK_NAME --stack-policy-body '{"Statement": []}', which resulted in:

An error occurred (ValidationError) when calling the SetStackPolicy operation: Error validating stack policy: Invalid stack policy

Question

• Is there any way to clear a stack policy from a stack, after some policy has been set?

Answer 1

According to Amazon's own documentation, you can't delete (clear) a stack policy from a stack. They don't bother explain why, but they do suggest a workaround:

---

You can't delete a stack policy. To remove all protection from all resources, you modify the policy to explicitly allow all actions on all resources. The following policy allows all updates on all resources:

.

{
  "Statement" : [
    {
      "Effect" : "Allow",
      "Action" : "Update:*",
      "Principal": "*",
      "Resource" : "*"
    }  
  ]
}

which is essentially equivalent to not having a stack policy attached at all.