Keywords: AWS CloudFormation | ROLLBACK_COMPLETE | Stack Management
Abstract: This paper provides an in-depth analysis of the ROLLBACK_COMPLETE state in AWS CloudFormation, including its causes, implications, and resolution strategies. When stack creation fails, it defaults to the ROLLBACK_COMPLETE state, preventing direct updates. The article examines different failure handling options (DO_NOTHING, DELETE) and demonstrates proper stack deletion and redeployment through code examples. Additionally, it compares related states like CREATE_FAILED and UPDATE_ROLLBACK_COMPLETE, offering comprehensive troubleshooting guidance for developers.
Technical Background of ROLLBACK_COMPLETE State
During AWS CloudFormation deployment using the aws cloudformation deploy command, you may encounter the following error:
An error occurred (ValidationError) when calling the CreateChangeSet operation: Stack:arn:aws:cloudformation:stack/service/7e1d8c70-d60f-11e9-9728-0a4501e4ce4c is in ROLLBACK_COMPLETE state and can not be updated.
This error indicates that the target stack is in the ROLLBACK_COMPLETE state, which typically occurs when stack creation fails. By default, AWS automatically rolls back all created resources upon failure, leaving the stack in ROLLBACK_COMPLETE state. The stack itself persists, but all associated AWS resources have been deleted.
In-depth State Mechanism Analysis
The core characteristic of the ROLLBACK_COMPLETE state is that the stack cannot accept any updates. From CloudFormation's perspective, the stack has completed its rollback process and is in a "finalized" state. To understand this fully, it's essential to compare it with other related states:
- CREATE_FAILED: When using the
--on-failure DO_NOTHINGoption, failed stack creation results in this state, with created resources remaining intact - UPDATE_ROLLBACK_COMPLETE: When updates to an existing stack fail and rollback successfully, the stack returns to this state, allowing update retries
The following code examples demonstrate different failure handling approaches:
# Default behavior: automatic rollback
aws cloudformation create-stack \
--stack-name my-stack \
--template-body file://template.yaml
# Disable rollback
aws cloudformation create-stack \
--stack-name my-stack \
--template-body file://template.yaml \
--on-failure DO_NOTHING
# Delete stack on failure
aws cloudformation create-stack \
--stack-name my-stack \
--template-body file://template.yaml \
--on-failure DELETESolutions and Best Practices
The standard approach to handle ROLLBACK_COMPLETE state involves manually deleting the stack and redeploying. Deletion can be performed via AWS Management Console or CLI command:
aws cloudformation delete-stack --stack-name ABCThe deletion process typically takes a few minutes, depending on the complexity of stack resources. After successful deletion, you can re-execute the deployment command:
aws cloudformation deploy \
--region us-east-1 \
--stack-name ABC \
--template-file template.yamlTo minimize encounters with ROLLBACK_COMPLETE state, consider these preventive measures:
- Thoroughly test CloudFormation templates before deployment
- Use Change Sets to preview deployment effects
- Implement phased deployment strategies for production environments
- Monitor stack events for early problem detection and resolution
Advanced Configuration Options
AWS CloudFormation offers various configuration options to control stack behavior during failures. Beyond the basic --on-failure parameter, you can implement stack policies and IAM policies for granular resource management control. For instance, you can configure specific resource protection policies to prevent critical resources from being accidentally deleted during rollback.
In practical applications, understanding these state transitions is crucial for building reliable deployment pipelines. Through proper error handling and monitoring mechanisms, you can significantly improve the success rate of Infrastructure as Code (IaC) deployments.