Deleting AWS Resources, Nucleator Cages and Stacksets

What to consider when deleting AWS Resources that are created and managed by Nucleator and CloudFormation, as well as those that are not
Icon
  • Nucleator provisions resources that are primarily assoicated with one or more CloudFormation Stacks
  • Manually deleting individual resources will in general cause those stacks to cease functioning, with no ability to update to get back to a consistent state
  • Updating Nucleator templates can often have the desired effect of resource updates or replacement, and in some cases is preferred to deleting and re-creating individual resources or whole environments
  • You can easily delete entire Nucleator Stacksets using either the Nucleator CLI or the CloudFormation Console
  • You will need to delete manually created resources that depend on Nucleator-provisioned resources to be able to delete the Nucleator Cage or Stackset upon which those resources depend

 

All Cages and Stacksets that are part of the Nucleator core distribution rely heavily on Cloudformation.  AWS Resources created by Nucleator, with very few exceptions (e.g. EC2 Keypairs) are associated with a CloudFormation stack.  Each Nucleator Cage or Stackset results in a set of parent/child CloudFormation stacks.  This greatly simplifies governance and management of resources within your AWS Account.

After you use Nucleator to create one or more Cages and Stacksets in your Account, you will see lots of AWS resources in your Account that have been created by Nucleator.  In general, you will likely have a better experience if you use the Nucleator CLI or the CloudFormation Console to delete entire sets of related resources.

Deleting an individual resource will lead to a CloudFormation template with an incomplete set of resources under management.  In our experience, CloudFormation will not attempt to replace resources that have been manually deleted.  This will result in your Cage or Stackset not functioning as anticipated.

The orchestration and dependency management logic in CloudFormation is highly capable.  In many cases, updating the underlying template to reflect a desired change will lead to CloudFormation to update stacks in place, replacing resources as required to come into alignment with the desired end state.  Because Nucleator is so heavily automated, you can often prototype and demonstrate the desired changes in a non-production or non-operational environment, and once demonstrated promote the template changes to your operational environment.  In many cases, this is preferred to manually deleting and replacing resources.

If you intend to delete an entire Nucleator Cage or Stackset, the best way to do so is to use the delete subcommands from the Nucleator CLI, or to navigate to the appropriate parent CloudFormation stack in the CloudFormation Console, and initiate its deletion.  CloudFormation manages the orchestration of which resources need to be deleted in which order, to avoid dependent resource ordering conflicts.

Before doing so, you will need to ensure that any dependent resources that you have introduced to your Account manually, or using other DevOps tools, have themselves been deleted.  Failure to do so will lead to DELETE_FAILED events in the underlying CloudFormation stacks that you will need to diagnose yourself.

 

Next: De-provisioning a Nucleator Account

 

Installation Documentation Releases License Community