Where do we define the stack policy in a AWS SAM application? For example, if we have a table that should never be allowed to be destroyed due to data retention requirements. In the AWS CLI create-stack command there are --stack-policy-body and --stack-policy-url options, but I don't see a way to pass those on from AWS SAM CLI.
AWS SAM CLI does the stack deployment by calling CreateChangeSet and ExecuteChangeSet (instead of "CreateStack"), and these APIs don't have the option to provide a Stack Policy.
Since this is a one-time thing, I would suggest to actually just use the AWS CLI and call
aws cloudformation set-stack-policy --stack-name <your-stack-name>
right after the first time you create a Stack.