Member-only story
CloudFormation’s Hidden Gem: Why I Switched from Retain to RetainExceptOnCreate
While working on our infrastructure as code, I came across an interesting CloudFormation attribute called DeletionPolicy. Initially, I was using `Retain` for our DynamoDB tables to prevent accidental deletions. However, during development, I noticed this was creating orphaned tables from failed stack creations. This led me to explore `RetainExceptOnCreate` and understand the differences between these options.
What is DeletionPolicy?
DeletionPolicy is a CloudFormation attribute that determines what happens to a resource when its stack is deleted. While the default behaviour is to delete the resource, you can use `Retain` or `RetainExceptOnCreate` to keep resources under certain conditions.
Let’s look at how each policy behaves in different scenarios:
Exploring Different Scenarios
Let’s say we have a DynamoDB table in our stack:
Resources:
MyDynamoTable:
Type: AWS::DynamoDB::Table
DeletionPolicy: RetainExceptOnCreate
Properties:
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
…
