Automatically Deleting a Failed CloudFormation Stack in a Rollback State | by Teri Radichel | Cloud Security | Oct, 2022

ACM.92 Reducing manual actions to get things deployed with CloudFormation

This is a continuation of my series on Automating Cybersecurity Metrics.

I’m just writing this because I’m tired of deleting stacks in a rolled back state. I don’t know why CloudFormation doesn’t do this for you or have better options to control it. Here’s what I did:

The first command above does the following:

  • Describe the stack
  • Get the status value
  • Added or true (|| true) to ignore errors
  • Added 2>/dev/ null to not print out errors — — something I generally tell people not to do but in this case it makes sense.

The next command checks if the stack is in a ROLLBACK_COMPLETE state and deletes the stack if it is. I’m presuming here you waited for your rollback to complete before trying to redeploy a stack. 🙂

Now the problem is…the stack is still trying to delete. We have to wait until it gets into a state where we can proceed, or it could end up in a failure state of some kind. The easiest thing to do is probably wait until the stack is not in this state: DELETE_IN_PROGRESS.

Since I now have to check the status multiple times, using the principal of abstraction I’ve written about many times in this blog, I moved the status check to it’s own function. I also realized that I needed the /dev/null in a different place to prevent getting the error message when the stack does not exist.

Then I end up with this code in my deploy stack function:

That should save me a little time at least.

Now back to what I really want to be doing. Testing out our user’s ability to log into an EC2 instance with the key we created.

Follow for updates.

Teri Radichel

If you liked this story please clap and follow:

Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research

© 2nd Sight Lab 2022

All the posts in this series:

Github Repo



Cybersecurity for Executives in the Age of Cloud on Amazon

Need Cloud Security Training? 2nd Sight Lab Cloud Security Training

Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.

Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts

Source link