Q60 — AWS DOP-C02 Ch.2
Question 60 of 100 | ← Chapter 2
A company uses AWS CloudFormation stacks to deploy updates to an application. The stack comprises various resources, including an AWS Auto Scaling group, Amazon EC2 instances, an Application Load Balancer (ALB), and other resources required to launch and maintain independent stacks. Modifications to application resources outside CloudFormation stack updates are prohibited. The company recently attempted to update the application stack using the AWS CLI. The stack update failed with the error message: 'Error: Deployment and CloudFormation stack rollback both failed. Deployment failed because the following resource could not be updated: [AutoScalingGroup].' The stack remains in UPDATE_ROLLBACK_FAILED state. Which solution resolves this issue?
- A. Update the subnet mappings configured for the ALB. Run the aws cloudformation update-stack-set AWS CLI command.
- B. Update the IAM role by providing permissions required to update the stack. Run the aws cloudformation continue-update-rollback AWS CLI command. ✓
- C. Submit a request to increase the account’s EC2 instance quota. Run the aws cloudformation cancel-update-stack AWS CLI command.
- D. Delete the Auto Scaling Group resource. Run the aws cloudformation rollback-stack AWS CLI command.
Correct Answer: B. Update the IAM role by providing permissions required to update the stack. Run the aws cloudformation continue-update-rollback AWS CLI command.
Explanation
When a CloudFormation stack enters UPDATE_ROLLBACK_FAILED state, the appropriate recovery action is to use the aws cloudformation continue-update-rollback command, which resumes the rollback process. This command requires that the underlying cause of the original failure—often missing IAM permissions—is resolved first. Option B correctly identifies updating the IAM role to grant necessary permissions and then executing continue-update-rollback. Option A misapplies stack-set commands irrelevant to single-stack recovery. Option C addresses quota issues but does not resolve the root cause of the rollback failure. Option D attempts manual deletion, violating CloudFormation’s declarative model and risking stack inconsistency. AWS documentation confirms continue-update-rollback is the standard resolution for UPDATE_ROLLBACK_FAILED states after fixing permission or configuration issues.