Termination protection is a setting that can be enabled that blocks a CloudFormation stack from being deleted. To delete a stack with termination protection enabled, you would first need to disable it, then try to delete the stack, which requires a different set of permissions that you might not have. It's generally a best practice to enable termination protection on CloudFormation stacks, so although it doesn't directly affect us as attackers (unless we are trying to delete everything), it is good to check each stack for termination protection and note it as a potential misconfiguration in the environment. To check this value, we still use the DescribeStacks API, but it requires that we name the stacks specifically in the API call. Our demo stack is named Test-Lamp-Stack, so to determine the termination protection setting for that stack, we could run the following AWS CLI command:

aws cloudformation describe-stacks --stack-name Test-Lamp-Stack --region us-west-2

The results should be like what we have seen previously, but they will include the EnableTerminationProtection key, which is set to true or false, which specifies whether termination protection is enabled or not.