Stack Retention Disabled

  • Query id: 6e0e2f68-3fd9-4cd8-a5e4-e2213ef0df97
  • Query name: Stack Retention Disabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Backup
  • CWE: 404
  • URL: Github

Description

Make sure that retain_stack is enabled to keep the Stack and it's associated resources during resource destruction
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_cloudformation_stack_set_instance" "positive1" {
  account_id     = "123456789012"
  region         = "us-east-1"
  stack_set_name = aws_cloudformation_stack_set.example.name
  retain_stack   = false
}

resource "aws_cloudformation_stack_set_instance" "positive2" {
  account_id     = "123456789012"
  region         = "us-east-1"
  stack_set_name = aws_cloudformation_stack_set.example.name
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_cloudformation_stack_set_instance" "negative1" {
  account_id     = "123456789012"
  region         = "us-east-1"
  stack_set_name = aws_cloudformation_stack_set.example.name
  retain_stack     = true
}