Prevent CloudFormation Change Sets from piling up

Andreas Wittig – 10 Oct 2019

Recently, I’ve stumbled upon a problem when using aws cloudformation deploy within deployment pipelines (Jenkins, GitLab CI, …) that I wanted to share with you.

Prevent CloudFormation Change Sets from piling up

Usually, I’m using the AWS CLI to deploy CloudFormation stacks.

aws cloudformation package --template-file example.yml --output-template-file output.yml --s3-bucket example
aws cloudformation deploy --template-file output.yml --stack-name example --no-fail-on-empty-changeset

The aws cloudformation package command packages the template example.yml and uploads dependencies like nested stack templates to S3.

The aws cloudformation deploy command creates or updates the stack example. The option --no-fail-on-empty-changeset makes sure the command does not throw an error in case the template has not changed, which is very likely when using a deployment pipeline.

It is essential to know that the pipeline creates a change set whenever executing aws cloudformation deploy. Deploying a stack without making any changes to the template or the parameters leads to a failed change set: The submitted information didn't contain changes. Submit different information to create a change set.

Cover of Amazon Web Services in Action

Level up, strengthen your AWS skills.

Our book Amazon Web Services in Action is a comprehensive introduction to computing, storing, and networking in the AWS cloud. You'll find clear, relevant coverage of all the essential AWS services, emphasizing best practices for security, high availability, and scalability. Get the first chapter for free!

Unfortunately, the aws cloudformation deploy command does not clean up those failed change sets. This leads to change sets piling up. And one day or another your deployment pipeline will fail with the following error message:

An error occurred (LimitExceededException) when calling the CreateChangeSet operation: ChangeSet limit exceeded for stack ...

You have reached the maximum number of change sets for a stack.

How to fix that? It would be great if aws cloudformation deploy would clean up failed change sets automatically. Keep an eye on #4534 for progress on that.

For now, adding the following bash script to your deployment pipeline might help. The cleanup() function list all stacks starting with prefix, fetches the change sets for each stack, and deletes change sets in status FAILED.

# cleanup (region, prefix)
cleanup () {
stacks=$(aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE --query "StackSummaries[?starts_with(StackName, \`$2\`) == \`true\`].StackName" --output text --region $1)
for stack in $stacks
do
echo "${stack}: cleaning up change sets"
changesets=$(aws cloudformation list-change-sets --stack-name $stack --query 'Summaries[?Status==`FAILED`].ChangeSetId' --output text --region $1)
for changeset in $changesets
do
echo "${stack}: deleting change set ${changeset}"
aws cloudformation delete-change-set --change-set-name ${changeset} --region $1
done
done
}

The following command executes the function cleanup() for region eu-west-1 and stack name prefix example-.

cleanup eu-west-1 example-

In summary, aws cloudformation deploy leaves behind waste that you need to deal with.

Andreas Wittig

Andreas Wittig

I’m an independent consultant, technical writer, and programming founder. All these activities have to do with AWS. I’m writing this blog and all other projects together with my brother Michael.

In 2009, we joined the same company as software developers. Three years later, we were looking for a way to deploy our software—an online banking platform—in an agile way. We got excited about the possibilities in the cloud and the DevOps movement. It’s no wonder we ended up migrating the whole infrastructure of Tullius Walden Bank to AWS. This was a first in the finance industry, at least in Germany! Since 2015, we have accelerated the cloud journeys of startups, mid-sized companies, and enterprises. We have penned books like Amazon Web Services in Action and Rapid Docker on AWS, we regularly update our blog, and we are contributing to the Open Source community. Besides running a 2-headed consultancy, we are entrepreneurs building Software-as-a-Service products.

We are available for projects.

You can contact me via Email, Twitter, and LinkedIn.

Briefcase icon
Hire me