I use heat template to create/change security group. As we need to add new rules for the created security group, we update the template to a new version. However, there is an issue with the update. So the stack-update result is "update failed". We fix the error in the template and re-run stack-update. Looks like that the Heat engine doesn't update the existing security group any more. Instead, it creates a new security group (with new UUID but same name) and deletes the old "update failed" security group.

The behaviour introduces issue to us as some VMs are associated with old security groups. So these VMs lost their security group association.

Is there any way which we keep the same UUID even the update failed?