localstack
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model.py‎
Lines changed: 2 additions & 8 deletions b/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model.py‎
Lines changed: 2 additions & 8 deletions
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_executor.py‎
Lines changed: 73 additions & 44 deletions b/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_executor.py‎
Lines changed: 73 additions & 44 deletions
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_preproc.py‎
Lines changed: 39 additions & 0 deletions b/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_preproc.py‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎tests/aws/services/cloudformation/engine/test_deletion_policy.py‎
Lines changed: 85 additions & 0 deletions b/‎tests/aws/services/cloudformation/engine/test_deletion_policy.py‎
Lines changed: 85 additions & 0 deletions
@@ -1046,26 +1046,20 @@ def _visit_type(self, scope: Scope, before_type: Any, after_type: Any) -> Termin
 
     def _visit_deletion_policy(
         self, scope: Scope, before_deletion_policy: Any, after_deletion_policy: Any
-    ) -> TerminalValue:
+    ) -> ChangeSetEntity:
         value = self._visit_value(
             scope=scope, before_value=before_deletion_policy, after_value=after_deletion_policy
         )
-        if not isinstance(value, TerminalValue):
-            # TODO: decide where template schema validation should occur.
-            raise RuntimeError()
         return value
 
     def _visit_update_replace_policy(
         self, scope: Scope, before_update_replace_policy: Any, after_deletion_policy: Any
-    ) -> TerminalValue:
+    ) -> ChangeSetEntity:
         value = self._visit_value(
             scope=scope,
             before_value=before_update_replace_policy,
             after_value=after_deletion_policy,
         )
-        if not isinstance(value, TerminalValue):
-            # TODO: decide where template schema validation should occur.
-            raise RuntimeError()
         return value
 
     def _visit_resource(
 
@@ -28,10 +28,12 @@
     _AWS_URL_SUFFIX,
     MOCKED_REFERENCE,
     ChangeSetModelPreproc,
+    DeletionPolicy,
     PreprocEntityDelta,
     PreprocOutput,
     PreprocProperties,
     PreprocResource,
+    UpdateReplacePolicy,
 )
 from localstack.services.cloudformation.engine.v2.unsupported_resource import (
     should_ignore_unsupported_resource_type,
@@ -165,19 +167,25 @@ def _process_event(
         resource_type: str,
         special_action: str = None,
         reason: str = None,
+        custom_status: ResourceStatus | str | None = None,
     ):
         status_from_action = special_action or EventOperationFromAction[action.value]
+
+        status: ResourceStatus
         if event_status == OperationStatus.SUCCESS:
-            status = f"{status_from_action}_COMPLETE"
+            status = ResourceStatus(f"{status_from_action}_COMPLETE")
         else:
-            status = f"{status_from_action}_{event_status.name}"
+            status = ResourceStatus(f"{status_from_action}_{event_status.name}")
+
+        if custom_status:
+            status = ResourceStatus(custom_status)
 
         physical_resource_id = self._get_physical_id(logical_resource_id, False)
         self._change_set.stack.set_resource_status(
             logical_resource_id=logical_resource_id,
             physical_resource_id=physical_resource_id,
             resource_type=resource_type,
-            status=ResourceStatus(status),
+            status=status,
             resource_status_reason=reason,
         )
 
@@ -335,27 +343,37 @@ def _execute_resource_change(
                     )
 
                     def cleanup():
-                        self._process_event(
-                            action=ChangeAction.Remove,
-                            logical_resource_id=name,
-                            event_status=OperationStatus.IN_PROGRESS,
-                            resource_type=before.resource_type,
-                        )
-                        event = self._execute_resource_action(
-                            action=ChangeAction.Remove,
-                            logical_resource_id=name,
-                            resource_type=before.resource_type,
-                            before_properties=before_properties,
-                            after_properties=None,
-                            part_of_replacement=True,
-                        )
-                        self._process_event(
-                            action=ChangeAction.Remove,
-                            logical_resource_id=name,
-                            event_status=event.status,
-                            resource_type=before.resource_type,
-                            reason=event.message,
-                        )
+                        # TODO: handle other update replace policy values
+                        if after.update_replace_policy != UpdateReplacePolicy.Retain:
+                            self._process_event(
+                                action=ChangeAction.Remove,
+                                logical_resource_id=name,
+                                event_status=OperationStatus.IN_PROGRESS,
+                                resource_type=before.resource_type,
+                            )
+                            event = self._execute_resource_action(
+                                action=ChangeAction.Remove,
+                                logical_resource_id=name,
+                                resource_type=before.resource_type,
+                                before_properties=before_properties,
+                                after_properties=None,
+                                part_of_replacement=True,
+                            )
+                            self._process_event(
+                                action=ChangeAction.Remove,
+                                logical_resource_id=name,
+                                event_status=event.status,
+                                resource_type=before.resource_type,
+                                reason=event.message,
+                            )
+                        else:
+                            self._process_event(
+                                action=ChangeAction.Remove,
+                                logical_resource_id=name,
+                                event_status=OperationStatus.SUCCESS,
+                                resource_type=before.resource_type,
+                                custom_status=ResourceStatus.DELETE_SKIPPED,
+                            )
 
                     self._defer_action(f"cleanup-from-replacement-{name}", cleanup)
                 else:
@@ -419,26 +437,37 @@ def perform_deletion():
             before_properties = self._merge_before_properties(name, before)
 
             def perform_deletion():
-                self._process_event(
-                    action=ChangeAction.Remove,
-                    logical_resource_id=name,
-                    resource_type=before.resource_type,
-                    event_status=OperationStatus.IN_PROGRESS,
-                )
-                event = self._execute_resource_action(
-                    action=ChangeAction.Remove,
-                    logical_resource_id=name,
-                    resource_type=before.resource_type,
-                    before_properties=before_properties,
-                    after_properties=None,
-                )
-                self._process_event(
-                    action=ChangeAction.Remove,
-                    logical_resource_id=name,
-                    event_status=event.status,
-                    resource_type=before.resource_type,
-                    reason=event.message,
-                )
+                # TODO: other deletion policies
+                if before.deletion_policy != DeletionPolicy.Retain:
+                    self._process_event(
+                        action=ChangeAction.Remove,
+                        logical_resource_id=name,
+                        resource_type=before.resource_type,
+                        event_status=OperationStatus.IN_PROGRESS,
+                    )
+                    event = self._execute_resource_action(
+                        action=ChangeAction.Remove,
+                        logical_resource_id=name,
+                        resource_type=before.resource_type,
+                        before_properties=before_properties,
+                        after_properties=None,
+                    )
+
+                    self._process_event(
+                        action=ChangeAction.Remove,
+                        logical_resource_id=name,
+                        event_status=event.status,
+                        resource_type=before.resource_type,
+                        reason=event.message,
+                    )
+                else:
+                    self._process_event(
+                        action=ChangeAction.Remove,
+                        logical_resource_id=name,
+                        event_status=OperationStatus.SUCCESS,
+                        resource_type=before.resource_type,
+                        custom_status=ResourceStatus.DELETE_SKIPPED,
+                    )
 
             self._defer_action(f"remove-{name}", perform_deletion)
         elif not is_nothing(after):
 
@@ -4,6 +4,7 @@
 import copy
 import re
 from collections.abc import Callable
+from enum import StrEnum
 from typing import Any, Final
 
 from botocore.exceptions import ClientError
@@ -114,6 +115,19 @@ def __eq__(self, other):
         return self.properties == other.properties
 
 
+class DeletionPolicy(StrEnum):
+    Retain = "Retain"
+    Delete = "Delete"
+    RetainExceptOnCreate = "RetainExceptOnCreate"
+    Snapshot = "Snapshot"
+
+
+class UpdateReplacePolicy(StrEnum):
+    Delete = "Delete"
+    Retain = "Retain"
+    Snapshot = "Snapshot"
+
+
 class PreprocResource:
     logical_id: str
     physical_resource_id: str | None
@@ -123,6 +137,9 @@ class PreprocResource:
     depends_on: list[str] | None
     requires_replacement: bool
     status: ResourceStatus | None
+    # TODO: typing
+    deletion_policy: DeletionPolicy | None
+    update_replace_policy: UpdateReplacePolicy | None
 
     def __init__(
         self,
@@ -134,6 +151,8 @@ def __init__(
         depends_on: list[str] | None,
         requires_replacement: bool,
         status: ResourceStatus | None = None,
+        deletion_policy: str | None = None,
+        update_replace_policy: str | None = None,
     ):
         self.logical_id = logical_id
         self.physical_resource_id = physical_resource_id
@@ -143,6 +162,8 @@ def __init__(
         self.depends_on = depends_on
         self.requires_replacement = requires_replacement
         self.status = status
+        self.deletion_policy = deletion_policy
+        self.update_replace_policy = update_replace_policy
 
     @staticmethod
     def _compare_conditions(c1: bool, c2: bool):
@@ -1276,6 +1297,20 @@ def visit_node_resource(
         else:
             properties_delta = PreprocEntityDelta(before=Nothing, after=Nothing)
 
+        deletion_policy_before = Nothing
+        deletion_policy_after = Nothing
+        if not is_nothing(node_resource.deletion_policy):
+            deletion_policy_delta = self.visit(node_resource.deletion_policy)
+            deletion_policy_before = deletion_policy_delta.before
+            deletion_policy_after = deletion_policy_delta.after
+
+        update_replace_policy_before = Nothing
+        update_replace_policy_after = Nothing
+        if not is_nothing(node_resource.update_replace_policy):
+            update_replace_policy_delta = self.visit(node_resource.update_replace_policy)
+            update_replace_policy_before = update_replace_policy_delta.before
+            update_replace_policy_after = update_replace_policy_delta.after
+
         before = Nothing
         after = Nothing
         if should_process_before:
@@ -1291,6 +1326,8 @@ def visit_node_resource(
                 properties=properties_delta.before,
                 depends_on=depends_on_before,
                 requires_replacement=False,
+                deletion_policy=deletion_policy_before,
+                update_replace_policy=update_replace_policy_before,
             )
         if should_process_after:
             logical_resource_id = node_resource.name
@@ -1308,6 +1345,8 @@ def visit_node_resource(
                 properties=properties_delta.after,
                 depends_on=depends_on_after,
                 requires_replacement=node_resource.requires_replacement,
+                deletion_policy=deletion_policy_after,
+                update_replace_policy=update_replace_policy_after,
             )
         return PreprocEntityDelta(before=before, after=after)
 
 
@@ -0,0 +1,85 @@
+import os
+
+import pytest
+from botocore.exceptions import ClientError
+from tests.aws.services.cloudformation.conftest import skip_if_legacy_engine
+
+from localstack.testing.pytest import markers
+from localstack.utils.strings import short_uid
+
+
+@markers.snapshot.skip_snapshot_verify(
+    paths=[
+        # our message is different. The AWS message does not seem to include the parameter
+        # name but ours does
+        "$..message",
+    ]
+)
+@markers.aws.validated
+def test_deletion_policy_with_deletion(aws_client, deploy_cfn_template, snapshot):
+    template_path = os.path.join(
+        os.path.dirname(__file__),
+        "../../../templates/deletion_policy.yaml",
+    )
+    parameter_value = short_uid()
+    stack = deploy_cfn_template(
+        template_path=template_path,
+        parameters={
+            "EnvType": "dev",
+            "ParameterValue": parameter_value,
+        },
+    )
+
+    parameter_name = stack.outputs["ParameterName"]
+    value = aws_client.ssm.get_parameter(Name=parameter_name)["Parameter"]["Value"]
+    assert value == parameter_value
+
+    stack.destroy()
+
+    with pytest.raises(ClientError) as exc_info:
+        aws_client.ssm.get_parameter(Name=parameter_name)
+
+    snapshot.match("error", {"message": str(exc_info.value)})
+
+
+@markers.aws.validated
+@markers.snapshot.skip_snapshot_verify(
+    paths=[
+        "$..PhysicalResourceId",
+    ]
+)
+@skip_if_legacy_engine()
+def test_deletion_policy_with_retain(
+    aws_client, deploy_cfn_template, capture_per_resource_events, snapshot, cleanups
+):
+    snapshot.add_transformer(snapshot.transform.cloudformation_api())
+    template_path = os.path.join(
+        os.path.dirname(__file__),
+        "../../../templates/deletion_policy.yaml",
+    )
+    parameter_value = short_uid()
+    stack = deploy_cfn_template(
+        template_path=template_path,
+        parameters={
+            "EnvType": "prod",
+            "ParameterValue": parameter_value,
+        },
+    )
+
+    snapshot.add_transformer(snapshot.transform.regex(stack.stack_name, "<stack-name>"))
+
+    parameter_name = stack.outputs["ParameterName"]
+
+    # make sure we clean up the parameter
+    cleanups.append(lambda: aws_client.ssm.delete_parameter(Name=parameter_name))
+
+    value = aws_client.ssm.get_parameter(Name=parameter_name)["Parameter"]["Value"]
+    assert value == parameter_value
+
+    stack.destroy()
+
+    value = aws_client.ssm.get_parameter(Name=parameter_name)["Parameter"]["Value"]
+    assert value == parameter_value
+
+    events = capture_per_resource_events(stack.stack_id)
+    snapshot.match("per-resource-events", events)