How do I delete an AWS CloudFormation stack that's stuck in the DELETE_FAILED status?

Last updated: 2020-04-14

I want to delete my AWS CloudFormation stack, but my stack is stuck in the DELETE_FAILED status.

Short Description

Your stack could be stuck in the DELETE_FAILED status for the following reasons:

  • A stack resource has a dependent object or other dependencies that can't be deleted. To resolve this issue, complete the steps in the Delete a stack with a dependent object or other dependencies that can't be deleted section.
  • A security token included in the delete request is invalid, or the role is invalid or can't be assumed. To resolve this issue, complete the steps in the Delete a stack with an invalid security token or invalid role section.
  • A custom resource failed to stabilize in the expected amount of time. To resolve this issue, complete the steps in the Delete a stack for a custom resource that failed to stabilize section.

Resolution

Delete a stack with a dependent object or other dependencies that can't be deleted

Dependency issues usually occur when you make an out-of-band change. For example, your stack fails if a security group that's part of your stack is attached to an elastic network interface (ENI) that's not part of your stack. The stack fails because the security group resource can't be deleted. To delete the stack, you must retain that resource.

To delete a stack while retaining a resource, complete the following steps:

  1. Open the AWS CloudFormation console.
  2. Choose the stack that's stuck in the DELETE_FAILED status.
  3. Choose Delete. A pop-up window opens and lists the resources that failed to delete.
  4. In the pop-up window, select all the resources that you want to retain, and then choose Delete stack.

The AWS CloudFormation stack tries to delete the stack again, but doesn't delete any of the resources that you selected to retain. The status of your stack should change to DELETE_COMPLETE.

Important: To avoid unnecessary charges, you must manually delete the resources that are retained when the stack is deleted.

Delete a stack with an invalid security token or invalid role

If you try to delete a stack that was created using a service role that doesn't exist, then you receive the following error: "The security token included in the request is invalid. Role is invalid or cannot be assumed."

To resolve this error, complete the following steps:

  1. Open the AWS CloudFormation console.
  2. To see the details of your stack, choose the stack name that's stuck in the DELETE_FAILED status.
  3. In the Stack info tab, note the name of the IAM role assigned to the stack.
  4. Create an AWS Identity and Access Management (IAM) role using the same name as the IAM role in step 3.
    Important: When you create your IAM role, verify that your IAM role has the right permissions to delete the stack.
  5. In the AWS CloudFormation console, delete the stack that's stuck in the DELETE_FAILED status.

The status of your stack changes to DELETE_COMPLETE.

Delete a stack for a custom resource that failed to stabilize

To delete a stack for a custom resource that failed to stabilize in the expected amount of time, see How do I troubleshoot an AWS Lambda-backed custom resource that's stuck in DELETE_FAILED status or DELETE_IN_PROGRESS status in AWS CloudFormation?


Did this article help you?

Anything we could improve?


Need more help?