Stack Retention Disabled
- Query id: 17d5ba1d-7667-4729-b1a6-b11fde3db7f7
- Query name: Stack Retention Disabled
- Platform: Ansible
- Severity: Medium
- Category: Backup
- URL: Github
Description¶
Make sure that retain_stack is enabled to keep the Stack and it's associated resources during resource destruction
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create a stack set with instances in two accounts
community.aws.cloudformation_stack_set:
name: my-stack2
description: Test stack in two accounts
state: present
template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
accounts: [1234567890, 2345678901]
regions:
- us-east-1
- name: on subsequent calls, templates are optional but parameters and tags can be altered
community.aws.cloudformation_stack_set:
name: my-stack3
state: present
parameters:
InstanceName: my_stacked_instance
tags:
foo: bar
test: stack
accounts: [1234567890, 2345678901]
regions:
- us-east-1
purge_stacks: true
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Create a stack set with instances in two accounts
community.aws.cloudformation_stack_set:
name: my-stack
description: Test stack in two accounts
state: present
template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
accounts: [1234567890, 2345678901]
regions:
- us-east-1
purge_stacks: false