Ensure that none of your Amazon CloudFormation stacks are in 'Failed' mode for more than 6 hours. A stack is on 'Failed' mode when its status is set to 'CREATE_FAILED' - unsuccessful creation of the stack, 'DELETE_FAILED' - unsuccessful deletion of the stack, 'ROLLBACK_FAILED' - unsuccessful removal of the stack after the creation process failed or 'UPDATE_ROLLBACK_FAILED' - unsuccessful return of the stack to a previous working state after a failed update.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
excellence
Any failed CloudFormation stacks that are not fixed on time can lead to application downtime, security issues or unexpected costs on your AWS bill. For example, the unsuccessful deletion ("DELETE_FAILED") of one or more stacks can accrue charges for the unused AWS resources provisioned by the stack.
Audit
To determine if there are any failed Amazon CloudFormation stacks available in your account, perform the following:
Remediation / Resolution
To remove any Amazon CloudFormation stacks available in "Failed" mode for more than 6 hours, perform the following:
References
- AWS Documentation
- AWS CloudFormation Concepts
- Describing and Listing Your Stacks
- Troubleshooting AWS CloudFormation
- Deleting a Stack on the AWS CloudFormation Console
- AWS Command Line Interface (CLI) Documentation
- cloudformation
- list-stacks
- describe-stack-events
- delete-stack
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
AWS CloudFormation Stack Failed Status
Risk level: Medium