Prevent CloudFormation Change Sets from piling up

Andreas Wittig – 10 Oct 2019

Recently, I’ve stumbled upon a problem when using aws cloudformation deploy within deployment pipelines (Jenkins, GitLab CI, …) that I wanted to share with you.

Prevent CloudFormation Change Sets from piling up

Usually, I’m using the AWS CLI to deploy CloudFormation stacks.

aws cloudformation package --template-file example.yml --output-template-file output.yml --s3-bucket example
aws cloudformation deploy --template-file output.yml --stack-name example --no-fail-on-empty-changeset

The aws cloudformation package command packages the template example.yml and uploads dependencies like nested stack templates to S3.

The aws cloudformation deploy command creates or updates the stack example. The option --no-fail-on-empty-changeset makes sure the command does not throw an error in case the template has not changed, which is very likely when using a deployment pipeline.

It is essential to know that the pipeline creates a change set whenever executing aws cloudformation deploy. Deploying a stack without making any changes to the template or the parameters leads to a failed change set: The submitted information didn't contain changes. Submit different information to create a change set.

Unfortunately, the aws cloudformation deploy command does not clean up those failed change sets. This leads to change sets piling up. And one day or another your deployment pipeline will fail with the following error message:

An error occurred (LimitExceededException) when calling the CreateChangeSet operation: ChangeSet limit exceeded for stack ...

You have reached the maximum number of change sets for a stack.

How to fix that? It would be great if aws cloudformation deploy would clean up failed change sets automatically. Keep an eye on #4534 for progress on that.

For now, adding the following bash script to your deployment pipeline might help. The cleanup() function list all stacks starting with prefix, fetches the change sets for each stack, and deletes change sets in status FAILED.

# cleanup (region, prefix)
cleanup () {
stacks=$(aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE --query "StackSummaries[?starts_with(StackName, \`$2\`) == \`true\`].StackName" --output text --region $1)
for stack in $stacks
do
echo "${stack}: cleaning up change sets"
changesets=$(aws cloudformation list-change-sets --stack-name $stack --query 'Summaries[?Status==`FAILED`].ChangeSetId' --output text --region $1)
for changeset in $changesets
do
echo "${stack}: deleting change set ${changeset}"
aws cloudformation delete-change-set --change-set-name ${changeset} --region $1
done
done
}

The following command executes the function cleanup() for region eu-west-1 and stack name prefix example-.

cleanup eu-west-1 example-

In summary, aws cloudformation deploy leaves behind waste that you need to deal with.

Andreas Wittig

Andreas Wittig

I’m the author of Amazon Web Services in Action. I work as a software engineer, and independent consultant focused on AWS and DevOps.

You can contact me via Email, Twitter, and LinkedIn.

Briefcase icon
Hire me
Cover of Rapid Docker on AWS

New book: Rapid Docker on AWS

A rapid way to get your web application up and running on AWS. Made for web developers and DevOps engineers who want to dockerize their web applications and run their containers on Amazon Web Services. Prior knowledge of Docker and AWS is not required.

Buy icon
Buy now
Marbot Logo

Incident Management for Slack

Team up to solve incidents with our chatbot marbot. Never miss a critical alert. Escalate alerts from your AWS infrastructure among your team members. Strong integrations with all parts of your AWS infrastructure: CloudWatch, Elastic Beanstalk, RDS, EC2, ...

Slack icon
Try for free
📚 Rapid Docker on AWS
A rapid way to get your web application up and running on AWS. Learn how to package your application into Docker containers. Learn more.