delstack

What is

A CLI tool for deleting AWS CloudFormation stacks. Handles everything from routine deletions to stacks containing resources that fail to delete. Unlike CloudFormation's built-in FORCE_DELETE_STACK which leaves failed resources behind, delstack actually cleans them up with no orphaned resources.

Works with stacks from AWS CDK, AWS SAM, AWS Amplify, Serverless Framework, and any IaC tool using CloudFormation.

Features

• Force delete undeletable resources: Automatically cleans up resources blocking deletion, such as non-empty S3 buckets, and more resource types
• Parallel deletion with dependency resolution: Deletes multiple stacks with maximum parallelism while respecting inter-stack dependencies
• Interactive stack selection: Search and select stacks in a TUI with case-insensitive filtering
• Deletion protection handling: Detects resource-level protection (EC2, RDS, Cognito, etc.) and stack TerminationProtection. With -f, automatically disables them before deletion
• Pre-deletion optimization: Detaches Lambda VPC configurations in parallel to eliminate ENI cleanup wait time
• Retain policy override: Force deletes resources with Retain or RetainExceptOnCreate deletion policies via -f
• GitHub Actions support: Available as a GitHub Actions workflow for CI/CD stack cleanup
• CDK integration: Run delstack cdk in a CDK app directory to synthesize, discover all stacks (including cross-region), and delete them with dependency resolution

Install

• Homebrew

  brew install go-to-k/tap/delstack
  

• Linux, Darwin (macOS) and Windows

  curl -fsSL https://raw.githubusercontent.com/go-to-k/delstack/main/install.sh | sh
  delstack -h
  
  # To install a specific version of delstack
  # e.g. version 1.2.0
  curl -fsSL https://raw.githubusercontent.com/go-to-k/delstack/main/install.sh | sh -s "v1.2.0"
  delstack -h
  

• aqua

  aqua g -i go-to-k/delstack
  

• Binary

  • Releases

• Git Clone and install (for developers)

  git clone https://github.com/go-to-k/delstack.git
  cd delstack
  make install
  

How to use

delstack [-s <stackName>] [-p <profile>] [-r <region>] [-i|--interactive] [-f|--force] [-y|--yes] [-n <concurrencyNumber>]

• -s, --stackName: optional
  • CloudFormation stack name
    • Required in non-interactive mode
    • In interactive mode, you can select stacks from the UI instead
  • Multiple stack names can be specified.
    • delstack -s test1 -s test2
    • Multiple stacks are deleted in parallel by default, taking dependencies between stacks into account.
    • You can limit the number of parallel deletions with the -n option (e.g., delstack -s test1 -s test2 -s test3 -n 2).
• -p, --profile: optional
  • AWS profile name
• -r, --region: optional(default: us-east-1)
  • AWS Region
• -i, --interactive: optional
  • Interactive Mode
• -f, --force: optional
  • Force Mode to delete stacks including resources with deletion policy Retain/RetainExceptOnCreate, resources with deletion protection, and stacks with TerminationProtection
• -y, --yes: optional
  • Skip confirmation prompts (e.g., TerminationProtection disable confirmation)
• -n, --concurrencyNumber: optional(default: unlimited)
  • Specify the number of parallel stack deletions. Default is unlimited (delete all stacks in parallel).

CDK Integration

delstack cdk [-s <stackName>] [-a <cdkOutPath>] [-c <key=value>] [-p <profile>] [-i] [-f] [-y] [-n <concurrencyNumber>]

• -a, --app: optional

  • Path to an existing cdk.out directory. When specified, npx cdk synth is skipped and the manifest is read directly.

• -c, --context: optional (repeatable)

  • CDK context values in key=value format, passed to npx cdk synth -c key=value.

• All global options (-s, -p, -r, -i, -f, -y, -n) also work with the cdk subcommand.

• Requires: AWS CDK CLI installed (unless using -a).

  delstack cdk                         # Synthesize and delete all stacks
  delstack cdk -c env=dev              # With CDK context
  delstack cdk -a ./cdk.out            # Use existing cdk.out (skip synthesis)
  delstack cdk -s MyStack              # Delete specific stack
  delstack cdk -i                      # Interactive selection
  delstack cdk -f -y                   # Force delete, skip confirmation
  

For details on cross-region deletion, see CDK Integration Details.

Resource Types that can be forced to delete

This tool supports force deletion of the following resource types that cause DELETE_FAILED in normal CloudFormation stack deletion. All other resources are deleted normally, so you can use this tool for any stack.

If you need support for additional resource types, please create an issue at GitHub.

| RESOURCE TYPE | DETAILS | | ---- | ---- | | AWS::S3::Bucket | S3 Buckets, including non-empty buckets or buckets with Versioning enabled. | | AWS::S3Express::DirectoryBucket | S3 Directory Buckets for S3 Express One Zone, including non-empty buckets. | | AWS::S3Tables::TableBucket | S3 Table Buckets, including buckets with any namespaces or tables. | | AWS::S3Tables::Namespace | S3 Table Namespaces, including namespaces with any tables. | | AWS::S3Vectors::VectorBucket | S3 Vector Buckets, including buckets with any indexes. | | AWS::IAM::Group | IAM Groups, including groups with IAM users from outside the stack. In that case, this tool detaches the IAM users and then deletes the IAM group (but not the IAM users themselves). | | AWS::ECR::Repository | ECR Repositories, including repositories that contain images and where the EmptyOnDelete is not true. | | AWS::Backup::BackupVault | Backup Vaults, including vaults containing recovery points. | | AWS::Athena::WorkGroup | Athena WorkGroups, including workgroups containing named queries or prepared statements. | | AWS::Lambda::Function | Lambda Functions, including Lambda@Edge functions with replicas still being cleaned up by AWS. Waits for AWS to finish removing edge replicas. | | AWS::CloudFormation::Stack | Nested Child Stacks that failed to delete. If any of the other resources are included in the child stack, they too will be deleted. | | AWS::CloudFormation::CustomResource | Custom Resources (AWS::CloudFormation::CustomResource), including resources that do not return a SUCCESS status. | | Custom::Xxx | Custom Resources (Custom::Xxx), including resources that do not return a SUCCESS status. |

Note: If there are resources other than those listed above that result in DELETE_FAILED, the deletion will fail. Resources that are referenced by stacks outside the deletion targets are not supported for force deletion. However, if all dependent stacks are included in the deletion targets, they are deleted in the correct dependency order automatically.

Pre-deletion Processing

This tool automatically performs the following processing before CloudFormation deletion starts.

Deletion Protection Check

Checks for resource-level deletion protection before attempting stack deletion.

Without -f option: If any resources have deletion protection enabled, the tool reports them and aborts without attempting deletion.

With -f option: Deletion protection is automatically disabled before deletion proceeds.

| RESOURCE TYPE | | ---- | | AWS::EC2::Instance | | AWS::RDS::DBInstance | | AWS::RDS::DBCluster | | AWS::Cognito::UserPool | | AWS::Logs::LogGroup | | AWS::ElasticLoadBalancingV2::LoadBalancer |

Performance Optimization

The following resources do not fail during normal deletion, but are optimized in advance to improve deletion speed.

| RESOURCE TYPE | DETAILS | | ---- | ---- | | AWS::Lambda::Function | Automatically detaches VPC configurations from Lambda functions and deletes their ENIs in parallel, eliminating ENI cleanup wait time. All Lambda functions within a stack (including nested stacks) are processed in parallel for maximum performance. |

Interactive Mode

Stack Name Selection

When using interactive mode (-i, --interactive) without specifying stack names, you can search stack names case-insensitively and select stacks.

The filter keyword can be empty.

❯ delstack -i
Filter a keyword of stack names(case-insensitive): goto

Then you select stack names in the UI.

? Select StackNames.
Nested child stacks, XXX_IN_PROGRESS(e.g. ROLLBACK_IN_PROGRESS) status stacks and EnableTerminationProtection stacks are not displayed.
  [Use arrows to move, space to select, <right> to all, <left> to none, type to filter]
  [x]  dev-goto-04-TestStack
  [ ]  dev-GOTO-03-TestStack
> [x]  dev-Goto-02-TestStack
  [ ]  dev-goto-01-TestStack

Stacks excluded from interactive selection

• Nested child stacks: Parent stacks should generally be deleted as a whole. If you need to delete a child stack directly, specify its name with the -s option instead