[ aws . cloudformation ]
Detects whether a stack’s actual configuration differs, or has drifted , from it’s expected configuration, as defined in the stack template and any values specified as template parameters. For each resource in the stack that supports drift detection, AWS CloudFormation compares the actual configuration of the resource with its expected template configuration. Only resource properties explicitly defined in the stack template are checked for drift. A stack is considered to have drifted if one or more of its resources differ from their expected template configurations. For more information, see Detecting Unregulated Configuration Changes to Stacks and Resources .
Use DetectStackDrift
to detect drift on all supported resources for a given stack, or DetectStackResourceDrift to detect drift on individual resources.
For a list of stack resources that currently support drift detection, see Resources that Support Drift Detection .
DetectStackDrift
can take up to several minutes, depending on the number of resources contained within the stack. Use DescribeStackDriftDetectionStatus to monitor the progress of a detect stack drift operation. Once the drift detection operation has completed, use DescribeStackResourceDrifts to return drift information about the stack and its resources.
When detecting drift on a stack, AWS CloudFormation does not detect drift on any nested stacks belonging to that stack. Perform DetectStackDrift
directly on the nested stack itself.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
detect-stack-drift
--stack-name <value>
[--logical-resource-ids <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]
--stack-name
(string)
The name of the stack for which you want to detect drift.
--logical-resource-ids
(list)
The logical names of any resources you want to use as filters.
(string)
Syntax:
"string" "string" ...
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--cli-auto-prompt
(boolean)
Automatically prompt for CLI input parameters.
See ‘aws help’ for descriptions of global parameters.
To detect drifted resources
The following detect-stack-drift
example initiates drift detection for the specified stack.
aws cloudformation detect-stack-drift \
--stack-name my-stack
Output:
{
"StackDriftDetectionId": "1a229160-e4d9-xmpl-ab67-0a4f93df83d4"
}
You can then use this ID with the describe-stack-resource-drifts
command to describe drifted resources.
StackDriftDetectionId -> (string)
The ID of the drift detection results of this operation.
AWS CloudFormation generates new results, with a new drift detection ID, each time this operation is run. However, the number of drift results AWS CloudFormation retains for any given stack, and for how long, may vary.