AWS CloudFormation allows you to detect if configuration changes were made to your stack resources outside of CloudFormation via the AWS Management Console, CLI, and SDKs. Drift is the difference between the expected configuration values of stack resources defined in CloudFormation templates and the actual configuration values of these resources in the corresponding CloudFormation stacks. This allows you to better manage your CloudFormation stacks and ensure consistency in your resource configurations. For more information on Drift detection, visit the AWS Blog.
In this lab, you will create a CloudFormation stack and purposefully make changes to its resources via other AWS Consoles, so that different types of changes can be visualized using the Drift Detection feature.
Note - This lab requires you to be in the N.Virginia (us-east-1) region.
File name | Purpose | Download |
---|---|---|
my_cfn_stack.yml |
Creates the CloudFormation stack | Download the template |
drift-lab-with-sqs
) and click Next.drift-lab-with-sqs
on the CloudFormation Stacks view, click Stack actions and Detect drift.At this point the stack is in the expected Drift state, which is IN_SYNC. You will now simulate a situation that causes the template’s definition of resources to diverge from their actual live state, by making changes outside of the CloudFormation Console.
You have now made a change in the value of an existing property, added a new property, and deleted an existing property of the InputQueue resource.
drift-lab-with-sqs
on the CloudFormation Stacks view, click Stack actions and then click Detect drift.TODO I stopped here
One option to recover a stack from a DRIFTED state is modifying its resources to revert their properties to the values specified in the stack’s template. This will bring the resources inline with the values expected by the template and will allow CloudFormation to make changes based on the actual values during future operations for this stack.
Go to the Simple Queue Service Console.
Find the DriftLab-InputQueue, select it, and on Queue Actions, click Configure Queue.
Make the following changes to the queue:
Go to the CloudFormation Console.
Select drift-lab-with-sqs on the CloudFormation Stacks view, click Actions and Detect drift, then click Yes to confirm the drift detection operation.
When complete, time the dialog result will show the status as IN_SYNC.
Note: applying a stack update operation over resources that are out of sync with their template definition is a RISKY operation. Consider carefully what the differences between the template and the live state of resources represent on each specific scenario and for each specific property. Simulate your exact scenario in a non-production environment. Keep in mind the interaction between resources and the consequences of a stack update rollback (applying the values of the last version of the template). If possible, this operation should be avoided.
Go to the Simple Queue Service Console.
Find the DriftLab-InputQueue, select it, and on Queue Actions, click Configure Queue.
Make the following changes to the queue:
Go to the CloudFormation Console.
Select drift-lab-with-sqs on the CloudFormation Stacks view, click Actions and Detect drift, then click Yes to confirm the drift detection operation.
When complete, the dialog result will show the status as DRIFTED.
Edit the template file templates\my_cfn_stack.yml
Go to the CloudFormation Console.
Select drift-lab-with-sqs on the CloudFormation Stacks view, click Actions and Update Stack.
Select Upload a template to Amazon S3 and upload your locally edited template my_cfn_stack.yml
Click Next on the Select Template screen, then click Next on the next two pages, and finally click Update on the review page.
After the stack is in UPDATE_COMPLETE state, select drift-lab-with-sqs on the CloudFormation Stacks view, click Actions and Detect drift, then click Yes to confirm the drift detection operation.
When complete, the dialog result will show the status as IN_SYNC.
End of Lab Exercises
Thank you for using this lab.