Delete AWS CloudFormation stack but preserve Route53 record set

3
votes

Context: I have been using CloudFormation for provisioning application resources for a while, and that has worked out just fine. However, I recently moved my application over to different infrastructure (Kubernetes), and to go live with that change, I modified the Route53 DNS record to point to the new resources, and left up all the AWS resources created by CloudFormation. For clarity, the DNS record which I modified was created as part of the CloudFormation stack.

Problem: I want to delete the now unused resources, including the CloudFormation stack itself. However, doing so would either delete a DNS record that I very much care about, or fail to delete the DNS record because it has been modified, rolling back the entire operation.

Question: Does anybody know a clever way I can remove a CloudFormation stack while still preserving the Route53 entries created by it with zero downtime?

Note: I do not want to manually delete the resources created by CloudFormation, except for the DNS records, and leave the stack hanging around.

2
amazon-web-servicesdnsamazon-cloudformationamazon-route53
Read about deletion policy, and retain. You may be able to modify your template to indicate "DeletionPolicy" : "Retain" for the relevant DNS resources, then run a CF update stack, then later run a CF delete stack. Probably worth testing on a throwaway stack before you commit to this route.jarmod

2 Answers

1
votes

Deny delete privileges for Route53 and delete the stack in 2 phases.

Delete Stack Fails

When stacks are in the DELETE_FAILED state because AWS CloudFormation couldn't delete a resource, rerun the deletion with the RetainResources parameter and specify the resource that AWS CloudFormation can't delete. AWS CloudFormation deletes the stack without deleting the retained resource. Retaining resources is useful when you can't delete a resource, such as an S3 bucket that contains objects that you want to keep, but you still want to delete the stack. After you delete the stack, you can manually delete retained resources by using their associated AWS service.

2
votes

I recently had a need to preserve my Route53 records that were created with CloudFormation. I performed the following exercise based on @jarmod response and it worked perfectly. The key here is the: "DeletionPolicy" : "Retain" More information on the DeletionPolicy attribute. I'll also note that when I applied the change set to change my deletion policy, CloudFormation DID NOT detect any drift in the Route53 entry. Success!

  1. Create a basic CloudFormation stack; Load Balancer, ASG and a Route53 record pointing to the Load Balancer
  2. Change the Route53 entry to point to another location using the Route53 console
  3. Apply the "DeletionPolicy" : "Retain" to my Route53 resource block via a change set
  4. Delete the CloudFormation stack from the AWS console
  5. Confirm Route53 still has your entries after the stack has been deleted

Image of CloudFormation Skipping Delete