Posted On: Jul 31, 2023

AWS CloudFormation launches a new deletion policy called RetainExceptOnCreate that provides customers additional control over CloudFormation behavior when resources are deleted from stacks. Customers use deletion policies to preserve or backup resources during accidental stack deletions. Today, customers can mark resources with a deletion policy of Retain, Snapshot, or Delete. Now, customers can use RetainExceptOnCreate to protect in-use resources from accidental deletion without preserving resources that have not served traffic. This allows customers to reduce manual intervention during retries of stack operations.

RetainExceptOnCreate preserves resources that customers accidentally delete in a stack update or delete operation. RetainExceptOnCreate does not preserve resources that are deleted from stacks immediately after creation, such as the resources that CloudFormation deletes during rollbacks of stack operations. CloudFormation rolls back a stack to the last stable state when a stack operation encounters provisioning failures, such as insufficient AWS Identity and Access Management permissions for resource creation. Rollbacks allow customers to avoid service disruptions in production environments. During rollbacks, CloudFormation deletes resources that were created in the stack operation before provisioning failures occurred. If resources are preserved during rollbacks, they interfere with retries of the stack operation. RetainExceptOnCreate eliminates the need for manual clean-up of resources after rollbacks. This allows customers to retry stack operations with CI/CD actions, iterate faster on templates in test environments, and prevent human error in production environments.

RetainExceptOnCreate is available in AWS Regions where CloudFormation is available. Refer to the AWS Region table to see AWS Regions where CloudFormation is available. 

To learn more about deletion policies, see the DeletionPolicy documentation.