If I create a brand new AWS::WAFv2::LoggingConfiguration with an invalid ResourceArn the creation fails as expected, but then CloudFormation tries to rollback by deleting the non existing resource.
Expected Behavior
During rollback, CloudFormation should not try to delete a WAFv2 LoggingConfiguration that has never been created (due to invalid ResourceArn).
Observed Behavior
TS
Logical ID
Status
Status reason
17:37
StackSet
UPDATE_ROLLBACK_COMPLETE
Update successful. One or more resources could not be deleted.
17:36
LoggingConfig
DELETE_FAILED
Resource handler returned message: "Error reason: The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: NOT_AN_ARN (Service: Wafv2, Status Code: 400, Request ID: xxxx)" (RequestToken: xxxx, HandlerErrorCode: InvalidRequest)
17:36
LoggingConfig
DELETE_IN_PROGRESS
-
14:35
LoggingConfig
DELETE_FAILED
Resource handler returned message: "Error reason: The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: NOT_AN_ARN (Service: Wafv2, Status Code: 400, Request ID: xxxx)" (RequestToken: xxxx, HandlerErrorCode: InvalidRequest)
14:34
LoggingConfig
DELETE_IN_PROGRESS
-
11:33
LogGroup
DELETE_COMPLETE
-
11:32
LogGroup
DELETE_IN_PROGRESS
-
11:31
LoggingConfig
DELETE_FAILED
Resource handler returned message: "Error reason: The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: NOT_AN_ARN (Service: Wafv2, Status Code: 400, Request ID: xxxx)" (RequestToken: xxxx, HandlerErrorCode: InvalidRequest)
11:30
LoggingConfig
DELETE_IN_PROGRESS
-
11:29
StackSet
UPDATE_ROLLBACK_COMPLETE _CLEANUP_IN_PROGRESS
-
11:28
WafApvizIoPrivate
UPDATE_COMPLETE
-
11:26
WafApvizIoPrivate
UPDATE_IN_PROGRESS
-
11:23
StackSet
UPDATE_ROLLBACK_IN_PROGRESS
The following resource(s) failed to create: [LoggingConfig].
11:23
LoggingConfig
CREATE_FAILED
Resource handler returned message: "Error reason: The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: NOT_AN_ARN (Service: Wafv2, Status Code: 400, Request ID: xxxx)" (RequestToken: xxxx, HandlerErrorCode: InvalidRequest)
Name of the resource
AWS::WAFv2::LoggingConfiguration
Resource Name
No response
Issue Description
If I create a brand new
AWS::WAFv2::LoggingConfiguration
with an invalidResourceArn
the creation fails as expected, but then CloudFormation tries to rollback by deleting the non existing resource.Expected Behavior
During rollback, CloudFormation should not try to delete a WAFv2 LoggingConfiguration that has never been created (due to invalid
ResourceArn
).Observed Behavior
Test Cases
Other Details
Not that I'm facing the problem in a StackSet, I have not tested in a classic stack.