How do I update my CloudFormation stack when it's stuck in the UPDATE_ROLLBACK_FAILED state?

Short description

For CloudFormation stacks in the UPDATE_ROLLBACK_FAILED state, use either the ContinueUpdateRollback action to recover the stack or the DeleteStack action to delete the stack. To retry the rollback, first resolve errors, and then use ContinueUpdateRollback to perform the rollback operation.

Note: To resolve the error, you might need to change permissions or modify other settings.

For information about errors that cause update rollback failures, see Update rollback failed.

In some cases, the error doesn't resolve when you retry the rollback. When this happens, you must skip the failed resources when you perform the ContinueUpdateRollback action. When the stack is in the UPDATE_ROLLBACK_COMPLETE state, you can update the stack as usual.

Resolution

To roll back the stack to a working state, use either the CloudFormation console or AWS Command Line Interface (AWS CLI).

Note: If you receive errors when you run AWS CLI commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Use the CloudFormation console

To roll the stack back and not skip resources, complete the following steps:

1. Open the CloudFormation console.
2. In the navigation pane, choose Stacks.
3. From the Stack name column, select the stack that's stuck in UPDATE_ROLLBACK_FAILED status.
4. Choose Stack Actions, and then choose Continue update rollback.
5. Choose Continue update rollback in the new window.

To roll the stack back and skip failed resources, complete the following steps:

1. Open the CloudFormation console.
2. In the navigation pane, choose Stacks.
3. From the Stack name column, select the stack that's stuck in UPDATE_ROLLBACK_FAILED status.
4. Choose Stack actions, and then choose Continue update rollback.
5. In the Continue update rollback dialog, expand Advanced troubleshooting.
6. In the Resources to skip - optional section, select the resources that you want to skip.
7. Choose Continue update rollback.

Use the AWS CLI

To roll the stack back, run the following continue-update-rollback AWS CLI command:

$ aws cloudformation continue-update-rollback --stack-name awsstackname123 --resources-to-skip awsfaultyresource123

Note: Replace awsstackname123 with the name of your stack and awsfaultyresource123 with the logical IDs of your resources.

If the CLI command is successful, then you don't see errors in the response.

Update the stack or resources so that they're consistent

CloudFormation sets the status of specified resources to UPDATE_COMPLETE. Then, CloudFormation continues to roll back the stack. After the rollback completes, the state of the skipped resources isn't consistent with the state of the resources in the stack template.

Before you perform another stack update, you must update the stack or the resources to be consistent with each other. If you don't do this, then subsequent stack updates can fail, and the stack becomes unrecoverable.

Roll back nested stacks

When you roll back the parent stack in a nested stack, the child stacks also rolls back. If there are too many resources to process, then the nested stack might get stuck in the UPDATE_ROLLBACK_FAILED state. To resolve this issue, skip the child stacks, and continue the update rollback.

If the specified resource that you're skipping from the nested stack doesn't follow the NestedStackName.ResourceLogicalID format, then you might get the following error message:

"Nested stack resources can only be skipped when their embedded stack statuses are one of [DELETE_COMPLETE, DELETE_IN_PROGRESS, DELETE_FAILED"]"

For more information about how to roll back nested stacks to a working state, see Continue rolling back an update.