CloudFormation (UPDATE_ROLLBACK_FAILED)

I got the following error in the child stack: Resource handler returned message: "Certificate 'arn:aws:acm:us--2::certificate/*' not found (Service: ElasticLoadBalancingV2, Status Code: 400, Request ID: 45096cde -68c2-4ac5-90c4-e69ae2f302fc)" (RequestToken: 266abb04-9916-02d2-cc1d-240e9008e1f2, HandlerErrorCode: NotFound). And now even this command doesn't help me: aws cloudformation continue-update-rollback --stack-name, I always get the same error, I already deleted this cert and I don't know what to do.

Topics

Management & Governance DevOps Security, Identity, & Compliance

Tags

AWS Command Line Interface AWS CloudFormation DevOps AWS Certificate Manager

Language

English

Yurii

asked a month ago317 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Can you post a snippet of your CloudFormation template for the relevant resources that are failing and the full error message? There's not enough information to help troubleshoot the error with the information you provided. From your question, the only thing I can say is thatarn:aws:acm:us--2::certificate/* is not a valid certificate ARN so that may be the cause of the error unless that has been truncated somewhere.

Sean Nixon

answered a month ago

Yurii
a month ago
I had a nested stack, I wanted to update, but after the update, it turned out that someone manually changed the certificate to the listener and it threw this error that it can't find it, then I tried to update through the parent stack, but it can't update because: "Stack:arn:aws:cloudformation:us--2::stack/Root-Stack-ALB-/ is in UPDATE_ROLLBACK_FAILED state and can not be updated." what with a nested stack, some problems (on errors, only this one on certificates).
Sean Nixon
a month ago
If a resource has been deleted outside of CloudFormation and is causing the rollback to fail, I would recommend the following:

Go through the steps described here to troubleshoot the failed rollback: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed

If you are unable to recover the stack, you can continue with rollback and use the --resources-to-skip flag to skip the resource(s) that are causing the failure to recover the stack. Please review this documentation on how to do so: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html
Yurii
a month ago

I can no longer return the certificate, because it is outdated and already issued by a different arn.

I already tried this command, then after a while it goes into the update state and after a few seconds, it gives this error again

Relevant content

Resource handler returned message: "The REST API doesn't contain any methods
Accepted Answer
Nafiu
asked 10 months ago
getting Resource handler returned message: "Access to the resource https://sqs.us-east-1.amazonaws.com/ on cloudformation
ElhananAWS
asked 2 years ago
Resource handler returned message: "<resourceName> already exists
HingeAjit
asked 5 months ago
Stackset Error (Resource handler returned message: "OrganizationalUnitIds are required)
Accepted Answer
Nafiu
asked 2 months ago
How do I resolve the CloudFormation stack set errors "no stack instance found" or "Organizational unit not found in StackSet"?
AWS OFFICIALUpdated 4 months ago
How do I resolve the tagging permission error in my CloudFormation stack?
AWS OFFICIALUpdated 10 months ago
How do I resolve the "No Export named XYZ found" error in CloudFormation?
AWS OFFICIALUpdated 2 years ago
How do I resolve the CloudFormation error "the resource already exists in the stack"?
AWS OFFICIALUpdated 3 months ago
Tips and resources to prepare for Foundational, Associate and Professional AWS Certifications
EXPERT
Antonio_Lagrotteria
published a year ago
Creating a DynamoDB Table with CloudFormation and Adding Items at Creation Time
EXPERT
Leeroy Hannigan
published a year ago