AWS CloudFormation Rollbacks Overview

• Stack Creation Failures:
  • Default behavior: Rollback (delete all resources) upon failure.
  • Option to disable rollback for troubleshooting.
• Stack Update Failures:
  • By default, the stack rolls back to the last known working state.
  • Newly created resources during the update are deleted.
• Rollback Failures:
  • If rollback fails (usually due to manual changes), manual intervention is required.
  • Use ContinueUpdateRollback via console, API, or CLI to retry the rollback.

Practice with Stack Failures

• Triggering a Creation Failure:
  • Upload a problematic template (e.g., trigger-failure.yaml) with a non-existent AMI ID.
  • Stack failure options:
    • Roll back all stack resources (default).
    • Preserve successfully provisioned resources (non-default).
• Example of Creation Failure:
  • If you choose to preserve resources, successfully created resources (e.g., an SSH security group) are kept for troubleshooting.
  • Failed resources are rolled back.
  • It's necessary to delete the stack afterward to clean up.
• Triggering an Update Failure:
  • Create a stack with a correct template (e.g., just-ec2.yaml).
  • Update the stack with a problematic template to trigger a failure.
  • Stack failure options are the same as for creation.
• Example of Update Failure:
  • If rollback is enabled, all resources revert to the last known state.
  • If preserving resources is chosen, successfully updated resources remain despite the failure.

Exercise for Trainees

• Actions:
  • Create and update stacks with different templates to experience both rollback options.
  • Observe the behavior of CloudFormation in both scenarios.
  • Delete the stack after experimentation.

Conclusion

• Understanding CloudFormation rollbacks is crucial for the AWS exam.
• Trainees should practice creating and updating stacks to understand rollback behaviors.
• Always clean up by deleting stacks after practicing to avoid unnecessary charges or clutter.