If the CloudFormation create has an error, the CloudFormation doesn’t roll back so it has to be deleted and recreated. To avoid multiple initial create/delete, the best approach is to use a null CloudFormation. An example is below:
AWSTemplateFormatVersion: 2010-09-09 Description: CloudFormation Starter Conditions: Never: !Equals [ a, b ] Resources: NullResource: Type: Custom::Null Condition: Never
When AWS infrastructure configured in “traditional” compute/storage/network style, identifying, referencing and patching AMIs in all regions in use is crucial. Cloudformation has a way to redirect AMI references through SSM Parameter Store.
This represents a tradeoff, as recreating the Cloudformation stack might pickup the next (patched) AMI hence it is no longer immutable. But resulting state is similar to externally patched Linux/Windows images which also cannot be recreated by simply redeploying Cloudformation.