Home / Blog

AWS CloudFormation adds disable feature in automatic rollback

Jason Li
Sr. Software Development Engineer
Skilled Angular and .NET developer, team leader for a healthcare insurance company.
September 08, 2021

A recent update in AWS CloudFormation facilitates users to promptly retry stack operations from the thrust of failure. CloudFormation is an Infrastructure as Code (IaC) service that extends users a simple means to shape a batch of suitable AWS and third-party resources, condition them shortly and consistently, and govern them throughout their life cycles.


Recently, when an error during configuration happened, CloudFormation rolled back the stack to the earlier strong constraint. For a stack update, it implied rebuilding the last configuration, which could take plenty of time in intricate domains while continuing for all of the resources to roll back before revising the template with the proper configuration. CloudFormation now permits users to disable the automatic rollback, hold the aids successfully built or updated before the error happens, and retry stack operations from the step of failure. The skill for AWS CloudFormation to retry stack operations from the juncture of loss is accessible at no extra charge in several AWS Regions.

AWS CloudFormation enables lessen downtime when you are deploying application and infrastructure resources and by default, it aids a deployment security strategy. This serves generously for production networks, but might not be a promising stroke for an improved workflow. Another choice authorizes development squads to stride quickly, which is crucial for software development; particularly to clients especially Formula One. A CloudFormation template characterizes your focus resources and you can use a template to develop, update, formulate and delete a whole stack as a sole unit, as repeatedly as you need to, rather than governing resources separately.

Rollback triggers assist you to possess AWS CloudFormation to oversee the state of your application during stack generation, updating roll back that procedure if the application breaches the threshold of any of the alarms you've authorized and for each rollback trigger, you formulate, you identify the CloudWatch alarm that CloudFormation should control. CloudFormation monitors the specified alarms during the stack composition or update process, and for a particular period, after all, services have been deployed, if one shifts to the other state during the stack operation or the monitoring interval, CloudFormation rolls back the whole stack procedure.

Rollbacks and stabilization

In the majority of the experiments, AWS CloudFormation attempts to fail fast and however, as the CloudFormation does not replace or successfully change the configuration of the target resource, it correctly assumes that no API call is necessary to roll back.

A rollback can expedite the reapplication of a prior configuration after a while and CloudFormation refers to this as stabilization where the CloudFormation performs an API call on behalf of a user. In addition, it attempts to ensure that, when a resource is labeled as CREATE COMPLETE, the resource is running in the desired state and Auto Scaling, for example, it sends a CreateAutoScalingGroup API call and then attempts to DescribeAutoScalingGroup until the group has a Min/Max Desired count equal to the count defined in the template and if it this does not occur, CloudFormation must then reapply the previous configuration.

One of the tremendous goals of cloud computing is that you have a permit to programmable infrastructure. This permits you to govern your infrastructure as code and pertains to the exact methods of application code advancement to infrastructure provisioning. AWS CloudFormation provides you a clear way to design an array of related AWS and other resources, outlay them instantly and invariably, and govern them. A CloudFormation template interprets your desired reserves their reliances so that one can commence and configure them jointly as a stack and it is hence useful for users to utilize a template to organize, modernize, and cancel an entire stack as a single unit instead of operating services each.

When you invent or update a stack, your effort might fail for various motives, for instance, there can be mistakes in the template, in the parameters of the template, or problems outside the template, such as AWS Identity and Access Management (IAM) permission errors. When such an error occurs, CloudFormation rolls back the stack to the earlier stable state. For a stack creation, that means erasing all aids expanded up to the notch of the error. For a stack update, it suggests restoring the old configuration and this rollback to the earlier state is incredible for creation but does not make it clear to comprehend the justification for the error. Confiding on the complexness of your template and the number of resources comprised, you might waste time staying for all the resources to roll back before you can revamp the template with the right configuration and retry the procedure.

A new way of developingThe disable feature in automatic rollback

Currently, CloudFormation permits you to disable the automatic rollback, keep the resources successfully built or updated before the error appears, and retry stack experiments from the threshold of fault. In this method, you can promptly iterate to fix and remediate errors and extensively curtail the time expected to assess a CloudFormation template in a growth atmosphere and you can connect this unique capacity when you formulate a stack when you update a stack, and when you execute a changeset.

Disable Rollback toils rigorously as it sounds and as handily as it sounds. If during the composition or update of a CloudFormation Stack a downfall emerges, instead of rolling back the generation or update of the stack, the prevailing state is retained. This is of advantage to those formulating CloudFormation templates as it enables the recent state of the stack’s resources to be interactively examined, the core reason for the failure to be understood, remediated and the stack innovation or update to be retried from the question of fault, lessening the time spent iterating through issues, spots, and trials. The feature is deployed as a runtime option and is given during the production or update of the stack, in terms, it is not a facet of the template or stack itself, so can be wisely stimulated or disabled (disabled being the default condition) during each of the composition or update enactment. As it's a runtime selection, it is available via the AWS CLI or the Console.

While this characteristic can operate standalone, it evolves increasingly positively when combined with a CloudFormation template growth pipeline. By initiating this element into the pipeline, and utilizing notifications, a creator can interpret a typical template development method of executing template modifications to a version control system of their preference, have a bug developed in their ticketing system (from the CloudFormation notification) when they create/update fails and sees, real-time, why the create/update gone wrong. Revisions can then be rendered via another commit, at which point the create/update proceeds from the loss extent.

Outward of the runtime choice, and the method it elicits, all other behaviors stay the same, comprising retention/cleanup, stack set, and changeset functionality, and custom resource behavior, where this is a crucial element to note as no other modifications expect to be done to templates, custom resources, or prevailing processes for organizing templates and stacks to formulate the design of this aspect. The same is true for error states, where a single resource update or creation failures (and their nuances for why their creation/update failed) will activate a failure of the stack creation/update and based on the enable/disable state of the Disable Rollback feature, the stack will be rolled back or not.

Rollback configuration

Facilitates you to possess CloudFormation to monitor the state of your stack during stack generation and updating, and to roll back that procedure if the stack breaches the limit of any of the alarms you've identified. Select the CloudWatch alarms that CloudFormation must monitor and if any of the alarms go to ALARM state during the stack operation or the monitoring interval, CloudFormation rolls back the whole stack operation.

Forcing a rollback

In an illustration, it forces this type of failure by boosting the Auto Scaling group’s capacity past the account limit for running On-Demand samples and this would, in switch, fail stabilization and trigger our rollback. At this step, CloudFormation would be unskilled to expose the formerly interpreted launch configuration and the stack would then arrive at the UPDATE_ROLLBACK_FAILED status. Nonetheless, this would implicate initiating multiple unused samples, which would not be relatively prudent. Rather, we can employ the CloudFormation Wait Condition resource to emulate an error and force a rollback.


The AWS CloudFormation disable feature in automatic rollback is very easy to use and relatively easy to affirm its potentials. The feature can operate standalone or can be incorporated into a pipeline, addressing the policies and prerogatives of a variety of people and institutions. Features such as this one will merely proceed to steer the adoption of CloudFormation and Infrastructure as Code, which itself is fascinating. Eventually, this ability dramatically curtails the advancement duration expected to build and deploy applications, which enables the creators to help the clients to expend extra time on their commodities and services and enables the developers to expend more time on architecture, subordination, safety, and regulated services.