Generally the documentation says when update of a property requires replacement or not, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html for example. I've seen cases where requiring replacement was a bug, and there was discussion about on the CloudFormation Coverage Roadmap https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues. But in this case it appears to be by design - "The policy description is immutable. After a value is assigned, it cannot be changed.". I don't know why it's immutable; if it's a security issue it's not obvious to me.
- Accepted Answerasked a year ago
- How do I set up single stack ownership of an AWS::StepFunctions::Activity resource in CloudFormation?AWS OFFICIALUpdated 2 years ago
- How do I resolve the AWS CloudFormation error "Cannot update a stack when a custom-named resource requires replacing"?AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated a year ago
- EXPERTpublished 3 months ago