By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

cloudformation stuck cleaning up function url

0

stack status is UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS since 30 hours. it is a standalone stack, and it has no custom resources.

previously a change set failed, and the newly created lambda function and a lambda function url needed to be deleted during cleanup. for unknown reasons, the url deletion failed. however, CF proceeded with deleting the function to which the url belongs. then a repeated delete attempt also failed.

the lambda function url was (intended to be) attached to a cloudfront distribution as origin. it didn't happen though, because the template contained errors.

last relevant events:

2023-03-20 17:54:52 UTC+0100	LambdaOriginAuthParseUrl DELETE_FAILED  Internal Failure
2023-03-20 17:54:51 UTC+0100	LambdaOriginAuthParseUrl DELETE_IN_PROGRESS 	-
2023-03-20 17:54:59 UTC+0100	LambdaOriginAuthParse DELETE_COMPLETE -
2023-03-20 17:54:53 UTC+0100	LambdaOriginAuthParse DELETE_IN_PROGRESS -
2023-03-20 17:58:01 UTC+0100	LambdaOriginAuthParseUrl DELETE_FAILED 	Internal Failure
2023-03-20 17:58:00 UTC+0100	LambdaOriginAuthParseUrl DELETE_IN_PROGRESS	-

in this time interval, CloudTrail logs contain NO record of any Url deletion attempts. there are a bunch of other modifications done by CF, but the only activity related to this function is:

2023-03-20T16:54:54Z	lambda.amazonaws.com	DeleteFunction20150331

which coincides the function deletion. before that time code, the function is not modified in any way, according to CloudTrail.

the resource is now in CREATE_COMPLETE state. the function itself is not in the resource list, it has been deleted.

LambdaOriginAuthParseUrl	arn:aws:lambda:us-east-1:<redacted>:function:knowledgebase-LambdaOriginAuthParse-HkGjunQNhg7B	AWS::Lambda::Url  CREATE_COMPLETE	-

at this point, the stack refuses the following CLI actions:

  • cancel-update-stack
  • continue-update-rollback
  • continue-update-rollback --resources-to-skip
  • delete-stack
  • delete-stack --retain-resources
  • deploy
  • detect-stack-drift
  • rollback-stack
  • signal-resource
  • update-stack

the error message is, in every case, indicates that the operation is not available in this state. note that delete-task is also not available.

Topics
ServerlessComputeManagement & Governance
Tags
AWS LambdaAWS CloudFormation
Language
English
Krisztian Pinter
asked a year ago244 views
1 Answer
0

amazing. after exactly 48 hours (to the second), the status changed to update failed, and the stack is back to normal. almost.

the template at this point doesn't contain the offending function nor its url. the resource list still contains the url, but not the function. drift detection detects the missing asset. creating a change set will not show the url as to be deleted. executing the change set will not delete the url.

Krisztian Pinter
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content