💾 Archived View for cfdocs.wetterberg.nu › detect-drift-stack.gemini captured on 2024-05-12 at 16:00:13. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

Detect drift on an entire CloudFormation stack

Performing a drift detection operation on a stack determines whether the stack has drifted from its expected template configuration, and returns detailed information about the drift status of each resource in the stack that supports drift detection.

To detect drift on an entire stack using the AWS Management Console*

Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.
From the list of stacks, select the stack on which you want to perform drift detection. In the stack details pane, choose Stack actions, and then choose Detect drift.[The Detect drift for current stack command selected on the Stack actions menu for the selected stack.]CloudFormation displays an information bar stating that drift detection has been initiated for the selected stack.
Wait until CloudFormation completes the drift detection operation. When the drift detection operation completes, CloudFormation updates Drift status and Last drift check time for your stack. These fields are listed in the Overview section of the Stack info pane of the stack details page.The drift detection operation may take several minutes, depending on the number of resources included in the stack. You can only run a single drift detection operation on a given stack at the same time. CloudFormation continues the drift detection operation even after you dismiss the information bar.
Review the drift detection results for the stack and its resources. With your stack selected, from the Stack actions menu select View drift results.CloudFormation lists the overall drift status of the stack, as well as the last time drift detection was initiated on the stack or any of its individual resources. A stack is considered to have drifted if one or more of its resources have drifted.[The Drifts page for the selected stack, showing overall stack drift status, drift detection status, and the last time drift detection was initiated on the stack or any of its individual resources.]In the Resource drift status section, CloudFormation lists each stack resource, its drift status, and the last time drift detection was initiated on the resource. The logical ID and physical ID of each resource is displayed to help you identify them. In addition, for resources with a status of MODIFIED, CloudFormation displays resource drift details.You can sort the resources based on their drift status using the Drift status column.To view the details on a modified resource.With the modified resource selected, select View drift details.

https://console.aws.amazon.com/cloudformation

{P Image}

To detect drift on an entire stack using the AWS CLI*

To detect drift on an entire stack using the AWS CLI, use the following `aws cloudformation` commands:

detect-stack-drift to initiate a drift detection operation on a stack.
describe-stack-drift-detection-status to monitor the status of the stack drift detection operation.
describe-stack-resource-drifts to review the details of the stack drift detection operation.
Use the detect-stack-drift to detect drift on an entire stack. Specify the stack name or ARN. You can also specify the logical IDs of any specific resources that you want to use as filters for this drift detection operation.
Because stack drift detection operations can be long-running, use describe-stack-drift-detection-status to monitor the status of drift operation. This command takes the stack drift detection ID returned by the detect-stack-drift command.In the example below, we've taken the stack drift detection ID returned by the detect-stack-drift example above and passed it as a parameter to describe-stack-drift-detection-status. The parameter returns operation details that show that the drift detection operation has completed, a single stack resource has drifted, and that the entire stack is considered to have drifted as a result.
When the stack drift detection operation is complete, use the describe-stack-resource-drifts command to review the results, including actual and expected property values for resources that have drifted.The example below uses the stack-resource-drift-status-filters parameter to request stack drift information for those resources that have been modified or deleted. The request returns information on the one resource that has been modified, including details about two of its properties whose values have been changed. No resources have been deleted.