Your application uses CloudFormation to orchestrate your application’s resources. During your testing phase before the
application went live, your Amazon RDS instance type was changed and caused the instance to be re-created, resulting
In the loss of test data. How should you prevent this from occurring in the future?
Within the AWS CloudFormation parameter with which users can select the Amazon RDS instance type, set AllowedValues to only
contain the current instance type.
Use an AWS CloudFormation stack policy to deny updates to the instance. Only allow UpdateStack permission to IAM principals that
are denied SetStackPolicy.
In the AWS CloudFormation template, set the AWS::RDS::DBInstance’s DBlnstanceClass property to be read-only.
Subscribe to the AWS CloudFormation notification “BeforeResourceUpdate,” and call CancelStackUpdate if the resource identified is
the Amazon RDS instance.
In the AWS CloudFormation template, set the DeletionPolicy of the AWS::RDS::DBInstance’s DeletionPolicy property to “Retain.”