fix(AWS Deploy): Properly apply stackPolicy with changesets

2026-01-18 14:58:43 +00:00 · 2022-02-01 12:09:38 +01:00 · 2022-02-01 12:09:38 +01:00 · ee30a7be62
commit ee30a7be62
parent e3ab8a907e
3 changed files with 19 additions and 11 deletions
--- a/lib/plugins/aws/lib/get-create-change-set-params.js
+++ b/lib/plugins/aws/lib/get-create-change-set-params.js
@ -60,16 +60,6 @@ module.exports = {
      createChangeSetParams.Parameters = this.serverless.service.provider.stackParameters;
    }

-    // Policy must have at least one statement, otherwise no updates would be possible at all
-    if (
-      this.serverless.service.provider.stackPolicy &&
-      Object.keys(this.serverless.service.provider.stackPolicy).length
-    ) {
-      createChangeSetParams.StackPolicyBody = JSON.stringify({
-        Statement: this.serverless.service.provider.stackPolicy,
-      });
-    }
-
    if (this.serverless.service.provider.rollbackConfiguration) {
      createChangeSetParams.RollbackConfiguration =
        this.serverless.service.provider.rollbackConfiguration;
--- a/lib/plugins/aws/lib/update-stack.js
+++ b/lib/plugins/aws/lib/update-stack.js
@ -91,6 +91,21 @@ module.exports = {
      return false;
    }

+    // Policy must have at least one statement, otherwise no updates would be possible at all
+    if (
+      this.serverless.service.provider.stackPolicy &&
+      Object.keys(this.serverless.service.provider.stackPolicy).length
+    ) {
+      log.info('Setting stack policy');
+      const stackPolicyBody = JSON.stringify({
+        Statement: this.serverless.service.provider.stackPolicy,
+      });
+      await this.provider.request('CloudFormation', 'setStackPolicy', {
+        StackName: stackName,
+        StackPolicyBody: stackPolicyBody,
+      });
+    }
+
    log.info('Executing created change set');
    await this.provider.request('CloudFormation', 'executeChangeSet', executeChangeSetParams);

--- a/test/unit/lib/plugins/aws/deploy/index.test.js
+++ b/test/unit/lib/plugins/aws/deploy/index.test.js
@ -683,6 +683,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
  describe('custom deployment-related properties', () => {
    let createChangeSetStub;
    let executeChangeSetStub;
+    let setStackPolicyStub;
    const deploymentRole = 'arn:xxx';
    const notificationArns = ['arn:xxx', 'arn:yyy'];
    const stackParameters = [
@ -724,6 +725,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
        .resolves({ Stacks: [{}] });
      createChangeSetStub = sinon.stub().resolves({});
      executeChangeSetStub = sinon.stub().resolves({});
+      setStackPolicyStub = sinon.stub().resolves({});
      const awsRequestStubMap = {
        ...baseAwsRequestStubMap,
        ECR: {
@ -748,6 +750,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
            StackName: 'new-service-dev',
            Status: 'CREATE_COMPLETE',
          },
+          setStackPolicy: setStackPolicyStub,
          describeStackEvents: {
            StackEvents: [
              {
@ -807,7 +810,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
    });

    it('should support `stackPolicy`', () => {
-      expect(createChangeSetStub.getCall(1).args[0].StackPolicyBody).to.deep.equal(
+      expect(setStackPolicyStub.getCall(0).args[0].StackPolicyBody).to.equal(
        JSON.stringify({ Statement: stackPolicy })
      );
    });