CloudFormation (UPDATE_ROLLBACK_FAILED)

0

I got the following error in the child stack: Resource handler returned message: "Certificate 'arn:aws:acm:us--2::certificate/*' not found (Service: ElasticLoadBalancingV2, Status Code: 400, Request ID: 45096cde -68c2-4ac5-90c4-e69ae2f302fc)" (RequestToken: 266abb04-9916-02d2-cc1d-240e9008e1f2, HandlerErrorCode: NotFound). And now even this command doesn't help me: aws cloudformation continue-update-rollback --stack-name, I always get the same error, I already deleted this cert and I don't know what to do.

1 Answer
0

Can you post a snippet of your CloudFormation template for the relevant resources that are failing and the full error message? There's not enough information to help troubleshoot the error with the information you provided. From your question, the only thing I can say is thatarn:aws:acm:us--2::certificate/* is not a valid certificate ARN so that may be the cause of the error unless that has been truncated somewhere.

profile pictureAWS
answered 5 months ago
  • I had a nested stack, I wanted to update, but after the update, it turned out that someone manually changed the certificate to the listener and it threw this error that it can't find it, then I tried to update through the parent stack, but it can't update because: "Stack:arn:aws:cloudformation:us--2::stack/Root-Stack-ALB-/ is in UPDATE_ROLLBACK_FAILED state and can not be updated." what with a nested stack, some problems (on errors, only this one on certificates).

  • If a resource has been deleted outside of CloudFormation and is causing the rollback to fail, I would recommend the following:

    1. Go through the steps described here to troubleshoot the failed rollback: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed
    2. If you are unable to recover the stack, you can continue with rollback and use the --resources-to-skip flag to skip the resource(s) that are causing the failure to recover the stack. Please review this documentation on how to do so: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html
    1. I can no longer return the certificate, because it is outdated and already issued by a different arn.
    2. I already tried this command, then after a while it goes into the update state and after a few seconds, it gives this error again

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions