AWS CloudFormation Rollback Errors with Nested Stacks and Deletion Policies
I've been struggling with this for a few days now and could really use some help. I'm stuck trying to I've been working on this all day and I'm currently working with an scenario with AWS CloudFormation where a nested stack fails to create, and during the rollback process, I receive the following behavior: `Resource handler returned message: "Resource creation cancelled"`. I have a main stack that includes a nested stack for provisioning an S3 bucket with a deletion policy set to `Retain`. However, the nested stack is failing because of a missing IAM role that is required by the Lambda function defined within it. I've tried to ensure that the IAM role is created in the parent stack before the nested stack is executed, but the creation depends on a parameter that is passed down to the nested stack. Here's a snippet of how I've structured my CloudFormation template: ```yaml Resources: MyMainStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://mybucket.s3.amazonaws.com/my-nested-stack.yml Parameters: RoleName: !Ref MyIAMRole MyIAMRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole Outputs: NestedStackOutput: Value: !GetAtt MyNestedStack.Outputs.SomeValue ``` In my nested stack YAML, I have defined the Lambda function like this: ```yaml Resources: MyLambdaFunction: Type: AWS::Lambda::Function Properties: Handler: index.handler Role: !ImportValue MyIAMRole Code: S3Bucket: mybucket S3Key: mylambda.zip Runtime: nodejs14.x Timeout: 30 ``` I also set a DeletionPolicy on the S3 bucket in the nested stack: ```yaml Resources: MyS3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain ``` Despite these settings, the nested stack fails during the creation and the rollback process tries to delete resources that are already failing to be created. Any thoughts on why this is happening or how I might go about troubleshooting this further? I've also checked the AWS documentation and ensured that the IAM role is correctly created before the nested stack is initiated, but the behavior continues. Thanks in advance for any insights! For context: I'm using Yaml on macOS. What am I doing wrong? This is my first time working with Yaml LTS. What's the correct way to implement this? Thanks, I really appreciate it!