How do I delete a CloudFormation stack that's stuck in DELETE_FAILED status?

Short description

Your stack might be stuck in the DELETE_FAILED status for one of the following reasons:

• A stack resource has a dependent object or other dependencies that you can't delete.
• The service role that you're using isn't valid or you can't assume the AWS Identity and Access Management (IAM) role.
• A custom resource doesn't stabilize within the default response timeout.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Delete a stack that has dependencies that you can't delete

Dependency issues might occur when you make an out-of-band change. For example, your stack has a security group that's attached to an elastic network interface that isn't part of your stack. You can't delete your stack because you can't delete the security group. To delete a stack, but retain the resource that has dependencies, use the CloudFormation console to force delete the stack. Or, run the following AWS CLI commands.

To delete a stack that's stuck in the DELETE_FAILED status and retain the resources that didn't delete, run the following delete-stack command:

aws cloudformation delete-stack --stack-name my-stack --retain-resources myresource1 myresource2

Note: Replace my-stack with the name of your stack, and myresource1 and myresource2 with the IDs of the resources that didn't delete.

CloudFormation deletes the stack, but doesn't delete the resources that you retained. The status of your stack changes to DELETE_COMPLETE.

Note: To avoid charges for the retained resources, manually delete the retained resources after you delete your stack.

To force delete a stack that has dependencies you can't delete, run the following delete-stack command:

 aws cloudformation delete-stack --stack-name my-stack --deletion-mode FORCE_DELETE_STACK

Note: Replace my-stack with the name of your stack.

Delete a stack with a role that's not valid

If you try to delete a stack that uses a service role that no longer exists, then you receive the following error:

"An error occurred (ValidationError) when calling the DeleteStack operation: Role is invalid or cannot be assumed."

To resolve this issue, complete the following steps:

1. Open the CloudFormation console.
2. Select the stack that you want to delete.
3. In the Stack info tab, note the name of the stack's IAM role.
4. Create an IAM role that has the same name as the IAM role in the previous step. Important: When you create your IAM role, verify that it has permissions to delete the resources in the stack.
5. Use the CloudFormation console to delete the stack.

If you don't remember the permissions for a deleted role, then you can't create a new role with the same permissions to delete the stack. Get a new role, and then run the following delete-stack command with the new role to delete the stack:

aws cloudformation delete-stack --stack-name my-stack --role-arn new_role

Note: Replace my-stack with your stack name and new_role with your new role's Amazon Resource Number (ARN).

Delete a stack for a custom resource that doesn't stabilize

To troubleshoot this issue, see How do I delete a Lambda-backed custom resource that's stuck in DELETE_FAILED status or DELETE_IN_PROGRESS status in CloudFormation?

Related information

DeleteStack