How do I resolve change set errors in CloudFormation?

Resolution

Based on your error type, complete the steps in the related section to troubleshoot the error.

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Modified output error

The Outputs sections in both templates must be the same. If you create a new stack with a resource import template that has outputs through the CloudFormation console, then you receive an error similar to the following:

"There was an error creating this change set. As part of the import operation, you cannot modify or add [Outputs]"

This error also occurs when you try to import a resource into a stack.

To resolve this error, make sure that the Outputs section of the latest CloudFormation template matches the template that your stack currently uses. If the values aren't the same, then update the latest template to match the values and outputs in the Outputs section of the current template.

Important: The import operation can't contain additions and modifications to Logical ID, Description, Value, Export, or Outputs.

After the import operation completes, update the stack with the changes in the Outputs configuration. Or, you can import AWS resources into a CloudFormation stack automatically.

Validation error with stack attributes

If you use the AWS CLI or AWS SDK to create an IMPORT type change set that contains modified or added stack attributes, then you receive an error similar to the following:

"An error occurred (ValidationError) when calling the CreateChangeSet operation: As part of the import operation, you cannot modify or add [Tags]"

This error occurs when your IMPORT type change set includes modified stack attributes.

To resolve the error, confirm that the stack attributes that are included for the change set creation operation match the current attribute values of the stack.

Important: Don't update or add new attribute values.

After you import the resources, update your attributes in a separate update operation. Or, you can import AWS resources into a CloudFormation stack automatically.

Modified resource error

During an import operation, you can't create, update, or delete a resource. If you modify an existing resource during a resource import operation, then you receive an error similar to the following:

"There was an error creating this change set. You have modified resources [ResourceName] in your template that are not being imported. Update, create or delete operations cannot be executed during import operations."

To resolve this error, create an UPDATE type change set instead of an IMPORT type change set. This shows you the source of the change in the resource. Then, use the same Resources specification for the existing resources and add only the appropriate resources to import to the template. Or, you can import AWS resources into a CloudFormation stack automatically.

Resources to import list error

If you use the AWS CLI or AWS SDK to create an IMPORT type change set, then you receive one of the following error messages:

"An error occurred (ValidationError) when calling the CreateChangeSet operation: Resources [<ResourceName>] is missing from ResourceToImport list"

"Error: "An error occurred (ValidationError) when calling the CreateChangeSet operation: Must Provide at least one resource to import""

To resolve this error, verify that you pass a physical ID into the --resources-to-import property in your AWS CLI command. Or, use the ResourceToImport property in the CreateChangeSet API for the resources that you want to import to the stack.

In order to import, you must pass a physical ID to the new resources. To resolve this error, verify that you included --resources-to-import in your AWS CLI command or ResourceToImport in your API call. Also, make sure that you list the resources to import.

IAM capability error

If your change set includes IAM resources that you don't have permissions for, then you receive one of the following error messages:

"Error: Failed to create changeset for the stack: <StackName>, ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: For expression "Status" we matched expected path: "FAILED" Status: FAILED. Reason: Requires capabilities: [CAPABILITY_NAMED_IAM]"

"When calling the CreateChangeSet operation: Requires capabilities : [CAPABILITY_IAM/CAPABILITY_NAMED_IAM]"

"Please acknowledge all checkboxes before proceeding."

To resolve the error, complete the following steps:

1. Open the CloudFormation console.
2. Choose Create stack with existing resources or Update stack.
3. Continue to the Review page, and then choose I acknowledge that AWS CloudFormation might create IAM resources / I acknowledge that AWS CloudFormation might create IAM resources with custom names.

-or-

Use the create-stack and update-stack AWS CLI commands to specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for the --capabilities parameter.

Note: If your CloudFormation template includes AWS Identity and Access Management (IAM) resources, then you must acknowledge CAPABILITY_IAM. If your template includes custom names for IAM resources, then you must acknowledge CAPABILITY_NAMED_IAM. For more information, see the Capabilities section of AWS CloudFormation deploy action reference.

"Submitted information didn't contain changes" during update stack operation error

If you use the same stack template during the Update Stack operation, then you receive one of the following error messages:

"The submitted information didn't contain changes. Submit different information to create a change set"

"An error occurred (ValidationError) when calling the UpdateStack operation: No updates are to be performed."

To resolve this error, take the following actions:

• Confirm that you have made changes to the stack. CloudFormation doesn't consider modifications to Parameters or the Stack Description as changes to the stack template.
• Make sure that the resources have substantive changes. For example, if you want to add a description to the stack, then make the change the next time you update other resources in the stack.
• Make a substantive change, such as modifying the Stack Tags, to activate a change detection for the stack. For example, if you only add a Description to the template, then you might get an error. However, if you also modify the Stack Tags when you create a ChangeSet, then you won't get the error.
• Add Custom metadata to a resource to activate a change.
  Example template:

  Description: This description is the cause of the error when only updating this field.
  Resources:
    myResource:
      Type: MyResourceType
      Properties: MyResourceProperties
      Metadata: ### ADD THIS CUSTOM METADATA
        test: 1 ### ANY KEY-VALUE PAIR

  Note: Replace MyResourceType with your resource type and MyResourceProperties with your resource properties.

If you still can't update your stack, then contact AWS Support.

ExecuteChangeSet API call error

You can't simultaneously use the OnStackFailure parameter in the CreateChangeSet API and the DisableRollback parameter in the ExecuteChangeSet API.

"Either DisableRollback or OnStackFailure can be specified, but not both. Validation error as OnStackFailure parameter was specified during CreateChangeSet."

To resolve this error, make sure that you don't use these two parameters together.

Mismatch between input and format on console for change set error

If you use AWS Secrets Manager dynamic references with an incorrect format in the CloudFormation template, then you receive one of the following errors:

"Given input did not match expected format"

"Incorrect format is used in the following SSM reference"

To resolve this error, make sure that you follow the best practices for your Secrets Manager dynamic references. For more information, see Get values stored in other services using dynamic references.

Related information

Creating a stack from existing resources

Importing existing resources into a stack

Resource type support

Import AWS resources into a CloudFormation stack