Posted On: Oct 6, 2023
Amazon CloudFormation launches a deletion policy RetainExceptOnCreate that retains resources during stack deletions but does not retain resources during rollbacks of stack operations. CloudFormation rolls back a stack to the last-known stable state if it encounters provisioning failures, such as breaches of Amazon Web Services account limits, during stack operations. During rollbacks, CloudFormation deletes resources that were created in the stack operation before the failure. RetainExceptOnCreate only preserves resources that customers delete in a stack operation. It does not preserve resources that CloudFormation deletes during rollbacks. This allows customers to protect resources against accidental stack deletions while reducing manual intervention during stack operations.
Today, customers use deletion policy Retain to preserve in-use resources during stack deletions. This helps customers to prevent data loss in production environments. But Retain also preserves resources that are deleted from stacks before serving traffic, such as the resources that are deleted immediately after creation during rollbacks. These resources interfere with retries of the stack operation. Now, customers can use the deletion policy RetainExceptOnCreate to preserve in-use resources without requiring manual clean-up of newly-created resources. Alternatively, customers can use a new parameter RetainExceptOnCreate with the CreateStack, UpdateStack, and ExecuteChangeSet APIs to prevent Retain from preserving resources during rollbacks. These features allow customers to retry stack operations with CI/CD actions. Thismakes it easier to iterate on templates in test environments and prevent human error in production environments.
RetainExceptOnCreate is available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.
To learn more about deletion policies, see the DeletionPolicy documentation. To learn more about parameters for stack operations, see the UpdateStack documentation.