DELETE_FAILED and FORCE_DELETE_STACK
If you've ever worked with AWS CloudFormation, chances are you've encountered DELETE_FAILED. A non-empty S3 bucket, an ECR repository with images still in it, a Custom Resource that doesn't return SUCCESS... You end up manually emptying resources and retrying the deletion over and over. It's painful.
"What about FORCE_DELETE_STACK?" you might think. CloudFormation does provide this feature. However, it merely detaches failed resources from the stack. The resources themselves remain in your AWS account. In other words, it creates orphaned resources, and you still have to delete them manually.
When Stack Deletion Gets Complicated
CloudFormation stack deletion can get complicated beyond just DELETE_FAILED. To begin with, when you want to delete multiple stacks at once, CloudFormation offers no built-in way to do so. On top of that, the following problems come into play.
Inter-Stack Dependencies
When deleting multiple stacks, if there are dependencies via Exports/Imports, getting the order wrong causes an error. The more stacks you have, the less realistic it becomes to manually figure out the correct deletion order.
Slow Deletion Due to VPC Lambda
Stacks containing Lambda functions connected to a VPC have to wait for ENI (Elastic Network Interface) cleanup during deletion. This is extremely slow, sometimes taking tens of minutes for a single stack.
Resource Orphaning from Retain Policies
DeletionPolicy settings like Retain and RetainExceptOnCreate exist to protect important data. But there are times when you want to delete everything cleanly, such as tearing down a dev environment or recreating a stack. In those cases, the stack disappears but the resources remain, becoming orphans.
Deletion Protection
Resource-level deletion protection on EC2 instances, RDS clusters, Cognito user pools, and stack-level TerminationProtection are important safeguards against accidental deletion in production. However, when you actually want to delete an unneeded stack, you have to figure out which resources have protection enabled and disable them one by one.
delstack Solves All of These
delstack is a CLI tool I built to solve all of the problems above. It works with stacks from any IaC tool that uses CloudFormation: AWS CDK, SAM, Amplify, Serverless Framework, and more.
Force Deletion of DELETE_FAILED Resources: Zero Orphaned Resources
It automatically cleans up resources that cause normal deletion to fail, then deletes them. Unlike FORCE_DELETE_STACK, it doesn't leave resources behind. Nested child stacks are processed recursively as well.
It supports over 10 resource types including S3 buckets, S3 Directory/Table/Vector buckets, ECR repositories, Backup Vaults, Athena WorkGroups, IAM groups, nested stacks, and Custom Resources. See the README for the full list of supported resource types.
Resources not in this list are deleted normally without any issues, so delstack isn't just for DELETE_FAILED stacks. You can use it for everyday stack deletion as well.
Automatic Dependency Resolution with Parallel Deletion
When multiple stacks are specified, it automatically analyzes dependencies through CloudFormation Exports/Imports and determines the correct order using reverse topological sort. Independent stacks are deleted in parallel for maximum throughput, and rather than simple step-based batching, it uses dynamic scheduling: as soon as a stack's deletion completes, any stacks that depended on it are immediately started, keeping parallelism as high as possible at all times.
Example: Stacks A, B, C, D, E, F (C->A, D->A, E->B, F->C,D,E)
Step 1: Delete F (no stacks depend on it)
Step 2: Delete C, D, E in parallel (after F completes)
Step 3: Delete B (after E completes)
Step 4: Delete A (after both C and D complete)
VPC Lambda Pre-Optimization
Before deletion begins, it automatically detaches VPC configurations from Lambda functions and deletes their ENIs in parallel. This eliminates the ENI cleanup wait time entirely.
Retain Policy Override
With the -f option, resources with Retain/RetainExceptOnCreate policies are force deleted. Resources are reliably removed along with the stack.
Automatic Deletion Protection Removal
With the -f option, resource-level deletion protection on EC2, RDS, Cognito, CloudWatch Logs, ALB, and more, as well as stack TerminationProtection, are automatically detected and disabled before deletion proceeds. Without -f, protected resources are reported and the process is aborted before stack deletion begins, so it's safe by default.
How to Use
Install with Homebrew in one line.
brew install go-to-k/tap/delstack
For Linux/Windows, you can use the install script.
curl -fsSL https://raw.githubusercontent.com/go-to-k/delstack/main/install.sh | sh
For other installation methods, see the README.
With interactive mode (-i), just search and select your stacks. Add -f to enable force deletion of resources with Retain policies or deletion protection, and stacks with TerminationProtection.
delstack -i -f
Filter a keyword of stack names(case-insensitive): goto
? Select StackNames.
Nested child stacks and XXX_IN_PROGRESS(e.g. ROLLBACK_IN_PROGRESS) status stacks are not displayed.
(* = TerminationProtection)
[Use arrows to move, space to select, <right> to all, <left> to none, type to filter]
[ ] dev-GOTO-03-TestStack
> [x] dev-Goto-02-TestStack
[ ] * dev-goto-01-TestStack
You can also specify stack names directly instead of using interactive mode.
delstack -s stack1 -s stack2 -s stack3
GitHub Actions is supported too, making it easy to integrate stack cleanup into your CI/CD pipeline.
- name: Delete stack
uses: go-to-k/delstack@main
with:
stack-name: YourStack1, YourStack2
force: true
region: us-east-1
Conclusion
delstack solves every problem around CloudFormation stack deletion with a single command.
- Force deletion with zero orphaned resources
- Automatic parallel deletion with dependency resolution
- Faster deletion through VPC Lambda optimization
- Automatic handling of deletion protection and Retain policies
For detailed options and the full list of supported resources, see the README.
Issues and Stars are welcome: github.com/go-to-k/delstack
Top comments (0)