aws · mergify · Aug 3, 2023 · Aug 1, 2023 · Aug 2, 2023 · Aug 2, 2023
diff --git a/packages/aws-cdk-lib/core/lib/cfn-resource-policy.ts b/packages/aws-cdk-lib/core/lib/cfn-resource-policy.ts
@@ -91,6 +91,14 @@ export enum CfnDeletionPolicy {
    */
   RETAIN = 'Retain',
 
+  /**
+   * RetainExceptOnCreate behaves like Retain for stack operations, except for the stack operation that initially created the resource.
+   * If the stack operation that created the resource is rolled back, CloudFormation deletes the resource. For all other stack operations,
+   * such as stack deletion, CloudFormation retains the resource and its contents. The result is that new, empty, and unused resources are deleted,
+   * while in-use resources and their data are retained.
+   */
+  RETAIN_EXCEPT_ON_CREATE = 'RetainExceptOnCreate',
+
   /**
    * For resources that support snapshots (AWS::EC2::Volume, AWS::ElastiCache::CacheCluster, AWS::ElastiCache::ReplicationGroup,
    * AWS::RDS::DBInstance, AWS::RDS::DBCluster, and AWS::Redshift::Cluster), AWS CloudFormation creates a snapshot for the

diff --git a/packages/aws-cdk-lib/core/lib/cfn-resource.ts b/packages/aws-cdk-lib/core/lib/cfn-resource.ts
@@ -120,14 +120,22 @@ export class CfnResource extends CfnRefElement {
     policy = policy || options.default || RemovalPolicy.RETAIN;
 
     let deletionPolicy;
+    let updateReplacePolicy;
 
     switch (policy) {
       case RemovalPolicy.DESTROY:
         deletionPolicy = CfnDeletionPolicy.DELETE;
+        updateReplacePolicy = CfnDeletionPolicy.DELETE;
         break;
 
       case RemovalPolicy.RETAIN:
         deletionPolicy = CfnDeletionPolicy.RETAIN;
+        updateReplacePolicy = CfnDeletionPolicy.RETAIN;
+        break;
+
+      case RemovalPolicy.RETAIN_EXISTING:
+        deletionPolicy = CfnDeletionPolicy.RETAIN_EXCEPT_ON_CREATE;
+        updateReplacePolicy = CfnDeletionPolicy.RETAIN;
         break;
 
       case RemovalPolicy.SNAPSHOT:
@@ -153,6 +161,7 @@ export class CfnResource extends CfnRefElement {
         }
 
         deletionPolicy = CfnDeletionPolicy.SNAPSHOT;
+        updateReplacePolicy = CfnDeletionPolicy.SNAPSHOT;
         break;
 
       default:
@@ -161,7 +170,7 @@ export class CfnResource extends CfnRefElement {
 
     this.cfnOptions.deletionPolicy = deletionPolicy;
     if (options.applyToUpdateReplacePolicy !== false) {
-      this.cfnOptions.updateReplacePolicy = deletionPolicy;
+      this.cfnOptions.updateReplacePolicy = updateReplacePolicy;
     }
   }
 

diff --git a/packages/aws-cdk-lib/core/lib/removal-policy.ts b/packages/aws-cdk-lib/core/lib/removal-policy.ts
@@ -48,6 +48,19 @@ export enum RemovalPolicy {
    * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
    */
   SNAPSHOT = 'snapshot',
+
+  /**
+   * This uses the 'RetainExceptOnCreate' DeletionPolicy which behaves like Retain for stack operations,
+   * except for the stack operation that initially created the resource.
+   * When `applyToUpdateReplacePolicy` is set, this uses the 'Retain' UpdateReplacePolicy.
+   *
+   * If the stack operation that created the resource is rolled back, it will delete the resource.
+   * For all other stack operations, such as stack deletion, it retains the resource and its contents.
+   * The result is that new, empty, and unused resources are deleted, while in-use resources and their data are retained.
+   *
+   * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
+   */
+  RETAIN_EXCEPT_ON_CREATE= 'retain-except-on-create',
 }
 
 export interface RemovalPolicyOptions {

diff --git a/packages/aws-cdk-lib/core/test/removal-policy.test.ts b/packages/aws-cdk-lib/core/test/removal-policy.test.ts
@@ -0,0 +1,48 @@
+import { toCloudFormation } from './util';
+import { CfnResource, Stack, RemovalPolicy } from '../lib';
+
+describe('removal policy', () => {
+  test.each([
+    [RemovalPolicy.RETAIN, 'Retain'],
+    [RemovalPolicy.DESTROY, 'Delete'],
+    [RemovalPolicy.SNAPSHOT, 'Snapshot'],
+    [RemovalPolicy.RETAIN_EXCEPT_ON_CREATE, 'RetainExceptOnCreate'],
+  ])('should set correct DeletionPolicy for RemovalPolicy.%s', (removalPolicy: RemovalPolicy, deletionPolicy: string) => {
+    const stack = new Stack();
+
+    const resource = new CfnResource(stack, 'Resource', { type: 'MOCK' });
+    resource.applyRemovalPolicy(removalPolicy);
+
+    expect(toCloudFormation(stack)).toEqual({
+      Resources: {
+        Resource: expect.objectContaining({
+          Type: 'MOCK',
+          DeletionPolicy: deletionPolicy,
+        }),
+      },
+    });
+  });
+
+  test.each([
+    [RemovalPolicy.RETAIN, 'Retain'],
+    [RemovalPolicy.DESTROY, 'Delete'],
+    [RemovalPolicy.SNAPSHOT, 'Snapshot'],
+    [RemovalPolicy.RETAIN_EXCEPT_ON_CREATE, 'Retain'],
+  ])('should set correct UpdateReplacePolicy for RemovalPolicy.%s', (removalPolicy: RemovalPolicy, updateReplacePolicy: string) => {
+    const stack = new Stack();
+
+    const resource = new CfnResource(stack, 'Resource', { type: 'MOCK' });
+    resource.applyRemovalPolicy(removalPolicy, {
+      applyToUpdateReplacePolicy: true,
+    });
+
+    expect(toCloudFormation(stack)).toEqual({
+      Resources: {
+        Resource: expect.objectContaining({
+          Type: 'MOCK',
+          UpdateReplacePolicy: updateReplacePolicy,
+        }),
+      },
+    });
+  });
+});