diff --git a/lib/plugins/aws/lib/get-create-change-set-params.js b/lib/plugins/aws/lib/get-create-change-set-params.js
index 4d78461da..26e6c1ac6 100644
--- a/lib/plugins/aws/lib/get-create-change-set-params.js
+++ b/lib/plugins/aws/lib/get-create-change-set-params.js
@@ -60,16 +60,6 @@ module.exports = {
       createChangeSetParams.Parameters = this.serverless.service.provider.stackParameters;
     }
 
-    // Policy must have at least one statement, otherwise no updates would be possible at all
-    if (
-      this.serverless.service.provider.stackPolicy &&
-      Object.keys(this.serverless.service.provider.stackPolicy).length
-    ) {
-      createChangeSetParams.StackPolicyBody = JSON.stringify({
-        Statement: this.serverless.service.provider.stackPolicy,
-      });
-    }
-
     if (this.serverless.service.provider.rollbackConfiguration) {
       createChangeSetParams.RollbackConfiguration =
         this.serverless.service.provider.rollbackConfiguration;
diff --git a/lib/plugins/aws/lib/update-stack.js b/lib/plugins/aws/lib/update-stack.js
index 68a5ecce6..0bd107085 100644
--- a/lib/plugins/aws/lib/update-stack.js
+++ b/lib/plugins/aws/lib/update-stack.js
@@ -91,6 +91,21 @@ module.exports = {
       return false;
     }
 
+    // Policy must have at least one statement, otherwise no updates would be possible at all
+    if (
+      this.serverless.service.provider.stackPolicy &&
+      Object.keys(this.serverless.service.provider.stackPolicy).length
+    ) {
+      log.info('Setting stack policy');
+      const stackPolicyBody = JSON.stringify({
+        Statement: this.serverless.service.provider.stackPolicy,
+      });
+      await this.provider.request('CloudFormation', 'setStackPolicy', {
+        StackName: stackName,
+        StackPolicyBody: stackPolicyBody,
+      });
+    }
+
     log.info('Executing created change set');
     await this.provider.request('CloudFormation', 'executeChangeSet', executeChangeSetParams);
 
diff --git a/test/unit/lib/plugins/aws/deploy/index.test.js b/test/unit/lib/plugins/aws/deploy/index.test.js
index 2dfd4c3f0..ff941fa72 100644
--- a/test/unit/lib/plugins/aws/deploy/index.test.js
+++ b/test/unit/lib/plugins/aws/deploy/index.test.js
@@ -683,6 +683,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
   describe('custom deployment-related properties', () => {
     let createChangeSetStub;
     let executeChangeSetStub;
+    let setStackPolicyStub;
     const deploymentRole = 'arn:xxx';
     const notificationArns = ['arn:xxx', 'arn:yyy'];
     const stackParameters = [
@@ -724,6 +725,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
         .resolves({ Stacks: [{}] });
       createChangeSetStub = sinon.stub().resolves({});
       executeChangeSetStub = sinon.stub().resolves({});
+      setStackPolicyStub = sinon.stub().resolves({});
       const awsRequestStubMap = {
         ...baseAwsRequestStubMap,
         ECR: {
@@ -748,6 +750,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
             StackName: 'new-service-dev',
             Status: 'CREATE_COMPLETE',
           },
+          setStackPolicy: setStackPolicyStub,
           describeStackEvents: {
             StackEvents: [
               {
@@ -807,7 +810,7 @@ describe('test/unit/lib/plugins/aws/deploy/index.test.js', () => {
     });
 
     it('should support `stackPolicy`', () => {
-      expect(createChangeSetStub.getCall(1).args[0].StackPolicyBody).to.deep.equal(
+      expect(setStackPolicyStub.getCall(0).args[0].StackPolicyBody).to.equal(
         JSON.stringify({ Statement: stackPolicy })
       );
     });