Skip to main content
Welcome — this lesson explains how to diagnose and recover from AWS CloudFormation stack creation failures, with a focus on the ROLLBACK_COMPLETE state. When you create a stack (provide a template, parameters, and click Create), CloudFormation attempts to provision all resources. If a creation error occurs, CloudFormation will usually roll back any partially created resources and place the stack into a terminal failed state named ROLLBACK_COMPLETE. What ROLLBACK_COMPLETE means:
  • The stack creation failed.
  • CloudFormation attempted to delete any partially created resources.
  • The stack is in a terminal state and cannot be updated or repaired in place.
  • You must delete the failed stack and recreate it after fixing the root cause.
A presentation slide titled "Evaluating Stack Creation Failures" showing a ROLLBACK_COMPLETE state with icons for creation failed, partial resources cleaned up, and stack creation unsuccessful. It notes that failed stacks can't be updated or fixed and must be deleted and recreated.
Recommended troubleshooting and recovery steps
  1. Inspect the stack Events tab
    • The Events timeline shows the sequence of create/delete actions and any error messages returned by resource providers. Identify the first resource that reported an error — that is usually the root cause.
  2. Check resource-specific logs and consoles
    • For Lambda: CloudWatch Logs.
    • For EC2: EC2 console and instance system logs (or CloudWatch if configured).
    • For S3 or API access errors: check S3 console, bucket policies, and IAM policies.
  3. Verify permissions and configuration
    • Confirm IAM roles/policies referenced by resources exist and have required permissions.
    • Validate template parameters, resource names, ARNs, VPC/subnet IDs, and other environment-specific values.
  4. Fix the underlying issue in the template, parameter set, or account configuration.
  5. Delete the failed stack (required for ROLLBACK_COMPLETE) and recreate the stack after applying the fix.
Troubleshooting checklist (summary)
StepActionWhy it helps
Inspect EventsOpen the CloudFormation Events tabShows which resource failed and the provider error message
Check resource logsCloudWatch Logs, EC2 console, S3 consoleProvides detailed error information from the resource
Validate IAM & parametersConfirm roles, policies, input valuesPrevents permission and configuration failures
Delete & recreateRemove the ROLLBACK_COMPLETE stack and create againROLLBACK_COMPLETE stacks are terminal and cannot be updated
Helpful AWS CLI commands
  • Delete a failed stack:
aws cloudformation delete-stack --stack-name my-stack
  • View recent stack events (helps identify the failing resource):
aws cloudformation describe-stack-events --stack-name my-stack
  • Check current stack status:
aws cloudformation describe-stacks --stack-name my-stack --query 'Stacks[0].StackStatus' --output text
A stack in ROLLBACK_COMPLETE represents a terminal create failure. You cannot update it in place — you must delete it and create a new stack once the cause of the failure is resolved.
Keep in mind
  • CloudFormation’s default create-time behavior is “all-or-nothing”: it attempts to leave no partial infrastructure by rolling back on failures.
  • Use the Events tab plus resource logs to pinpoint the first failing resource, correct the root cause, then delete and recreate the stack.
  • When iterating on templates, test changes in smaller or isolated stacks to reduce rebuild time and risk.
Links and references

Watch Video