Other Activities
Detect Drift
Performing a drift detection operation on a CloudFormation stack determines whether the stack has drifted from its expected template configuration, and returns detailed information about the drift status of each resource in the stack that supports drift detection. You can try this out on the ASG stack by clicking the stack in the console, selecting Stack actions and clicking Detect drift.
- Learn more about detecting drift on a CloudFormation stack
- Automate drift detection using AWS Config cloudformation-stack-drift-detection-check
Automated Security Assessment
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
- Learn more about Amazon Inspector
Try It
- Warning: it is likely to take more than an hour to run the asessment
- Create an assessment on the lab by clicking here
- Click on Run Once
- Click on Assessment templates in the navigation menu
- Select the Assessment-Template-Default-All-Rules template
- After the assessment is complete, you will see a number of findings
Automated Configuration Management
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
- Learn more about AWS Config
Try It
- Enable Config in the lab here
- Add required-tags rule
- Set tag1Key to Name
- You will see that not all resources have got a name tag
