This is mostly useful for deployments performed using --no-rollback: if a failure occurs, the stack gets stuck in an UPDATE_FAILED state from which there are 2 options:
Try again using a new template
Roll back to the last stable state
There used to be no way to perform the second operation using the CDK CLI, but there now is.
cdk rollback works in 2 situations:
A paused fail state; it will initiating a fresh rollback (on CREATE_FAILED, UPDATE_FAILED).
A paused rollback state; it will retry the rollback, optionally skipping some resources (on UPDATE_ROLLBACK_FAILED -- it seems there is no way to continue a rollback in ROLLBACK_FAILED state).
cdk rollback --orphan <logicalid> can be used to skip resource rollbacks that are causing problems.
cdk rollback --force will look up all failed resources and continue skipping them until the rollback has finished.
This change requires new bootstrap permissions, so the bootstrap stack is updated to add the following IAM permissions to the deploy-action role:
Add a CLI feature to roll a stuck change back.
This is mostly useful for deployments performed using
--no-rollback
: if a failure occurs, the stack gets stuck in anUPDATE_FAILED
state from which there are 2 options:There used to be no way to perform the second operation using the CDK CLI, but there now is.
cdk rollback
works in 2 situations:CREATE_FAILED
,UPDATE_FAILED
).UPDATE_ROLLBACK_FAILED
-- it seems there is no way to continue a rollback inROLLBACK_FAILED
state).cdk rollback --orphan <logicalid>
can be used to skip resource rollbacks that are causing problems.cdk rollback --force
will look up all failed resources and continue skipping them until the rollback has finished.This change requires new bootstrap permissions, so the bootstrap stack is updated to add the following IAM permissions to the
deploy-action
role:These are necessary to call the 2 CloudFormation APIs that start and continue a rollback.
Relates to (but does not close yet) #30546.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license