CloudFormation has the stack retention disabled

ID

aws_cloudformation_stack_retention

Severity

low

Vendor

AWS

Resource

Backup Recovery

Tags

non-reachable

Description

CloudFormation has the stack retention disabled. When you delete a CloudFormation stack you remove all the stack’s resources. To keep these resources you must enable the retention stack.

To fix it you must configure purge_stacks=false.

Learn more about this topic at Ansible AWS CloudFormation module.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Stack
      community.aws.cloudformation_stack_set:
        state: absent
        name: my-stack
        description: Test stack in two accounts
        template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
        accounts: [1234567890, 2345678901]
        regions:
        - us-east-1

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a stack
      community.aws.cloudformation_stack_set:
        state: absent
        name: my-stack
        description: Test stack in two accounts
        template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
        accounts: [1234567890, 2345678901]
        regions:
         - us-east-1
        purge_stacks: false