What is the MOST likely cause and how can the DevOps engineer mitigate this problem for this and future versions of the website?

By:
In: DOP-C02
Tagged:
With: 1 Comment
A company has developed a static website hosted on an Amazon S3 bucket.The website is deployed using AWS CloudFormation.The CloudFormation template defines an S3 bucket and a custom resource that copies content into the bucket from a source location.The company has decided that it needs to move the website to a new location, so the existing CloudFormation stack must be deleted and re-created.However, CloudFormation reports that the stack could not be deleted cleanly.

What is the MOST likely cause and how can the DevOps engineer mitigate this problem for this and future versions of the website?

Deletion has failed because the S3 bucket has an active website configuration. Modify the CloudFormation template to remove the WebsiteConfiguration property from the S3 bucket resource.

Deletion has failed because the S3 bucket is not empty. Modify the custom resource’s AWS Lambda function code to recursively empty the bucket when RequestType is Delete.

Deletion has failed because the custom resource does not define a deletion policy. Add a DeletionPolicy property to the custom resource definition with a value of RemoveOnDeletion.

Deletion has failed because the S3 bucket is not empty. Modify the S3 bucket resource in the CloudFormation template to add a DeletionPolicy property with a value of Empty.

Explanations:

The deletion of the stack would not fail solely due to an active website configuration. CloudFormation can delete S3 buckets that have website configurations without any issue. The website configuration does not prevent the bucket from being deleted.

If the S3 bucket is not empty, CloudFormation will fail to delete the bucket because AWS does not allow the deletion of non-empty buckets. Modifying the custom resource’s AWS Lambda function to empty the bucket recursively during the deletion process would resolve this issue for current and future deployments by ensuring the bucket is empty before deletion.

A DeletionPolicy property in a custom resource is not relevant to the issue at hand. Custom resources that don’t have a defined DeletionPolicy will not prevent the stack from being deleted if the resource itself can be deleted. Furthermore, adding a policy like RemoveOnDeletion does not address the specific problem of the bucket not being empty.

Adding a DeletionPolicy with a value of Empty would not resolve the issue because the policy would typically be applied to the bucket itself, and the stack would still fail to delete if the bucket is not empty. A DeletionPolicy is not enforced during the delete operation; it simply dictates what happens to the resource if the stack is deleted, not the deletion success itself.

2025-10-12

1 Comment

  1. Karen
    Author

    I deduce that the answer is:
    Deletion has failed because the S3 bucket is not empty. Modify the custom resource’s AWS Lambda function code to recursively empty the bucket when RequestType is Delete.

Leave a Reply

Your email address will not be published. Required fields are marked *

three + four =