Q60 — AWS DOP-C02 Ch.2

Question 60 of 100 | ← Chapter 2

A company uses AWS CloudFormation stacks to deploy updates to an application. The stack comprises various resources, including an AWS Auto Scaling group, Amazon EC2 instances, an Application Load Balancer (ALB), and other resources required to launch and maintain independent stacks. Modifications to application resources outside CloudFormation stack updates are prohibited. The company recently attempted to update the application stack using the AWS CLI. The stack update failed with the error message: 'Error: Deployment and CloudFormation stack rollback both failed. Deployment failed because the following resource could not be updated: [AutoScalingGroup].' The stack remains in UPDATE_ROLLBACK_FAILED state. Which solution resolves this issue?

Correct Answer: B. Update the IAM role by providing permissions required to update the stack. Run the aws cloudformation continue-update-rollback AWS CLI command.

Explanation

When a CloudFormation stack enters UPDATE_ROLLBACK_FAILED state, the appropriate recovery action is to use the aws cloudformation continue-update-rollback command, which resumes the rollback process. This command requires that the underlying cause of the original failure—often missing IAM permissions—is resolved first. Option B correctly identifies updating the IAM role to grant necessary permissions and then executing continue-update-rollback. Option A misapplies stack-set commands irrelevant to single-stack recovery. Option C addresses quota issues but does not resolve the root cause of the rollback failure. Option D attempts manual deletion, violating CloudFormation’s declarative model and risking stack inconsistency. AWS documentation confirms continue-update-rollback is the standard resolution for UPDATE_ROLLBACK_FAILED states after fixing permission or configuration issues.