Drift Detection
Drift Detection
AWS CloudFormation allows you to detect configuration changes in your Stack resources caused by the AWS Management Console, CLI, and SDKs. Drift is the difference between the Stack’s expected resource configuration determined by CloudFormation templates and its actual resource configuration on CloudFormation. This feature helps you better manage Stacks and ensures consistency in resource configurations. For more detailed information on Drift, refer to the AWS Blog.
In this exercise, we will create a CloudFormation Stack and then configure its resources using the AWS Management Console.
- Access the interface AWS Management Console
- Find CloudFormation
- Select CloudFormation
- In the CloudFormation interface
- Select Stack
- Select Create stack
- Select With new resources (standard)
- In the Create stack interface
- Create a file my_cfn_stack.yml
- Then copy and paste this code and save it:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
InputQueue:
Type: "AWS::SQS::Queue"
Properties:
QueueName: "DriftLab-InputQueue"
VisibilityTimeout: 30
RedrivePolicy:
deadLetterTargetArn:
Fn::GetAtt:
- "DeadLetterQueue"
- "Arn"
maxReceiveCount: 5
DeadLetterQueue:
Type: "AWS::SQS::Queue"
Properties:
QueueName: "DriftLab-ErrorQueue"
- Select Template is ready
- Select Upload a template file
- Select Choose file
- Select my_cfn_stack.yml
- Select Next
- In the Specify stack details interface
- Stack name, enter
drift-lab-with-sqs - Select Next
- Select Next
- Select Submit
- In the CloudFormation interface
- Select Stack details
- Select the stack just created
- Select Event to see the initialization events
- Status changed to CREATE_COMPLETE is initialization successful
- In the CloudFormation interface
- Select Stack details
- Select the stack just created
- Select Resources
- View newly created resources
- In the CloudFormation interface
- Select the stack just created
- Select Stack actions
- Select Detect drift
- In the CloudFormation interface
- Select the stack just created
- Select Stack info
- See Drift status switch to IN_SYNC
- Access the interface AWS Management Console
- Find Simple Queue Service
- Select Simple Queue Service
- In the Amazon SQS interface
- Select DriftLab-InputQueue
- Select Edit
- In the Configuration interface
- Visibility timeout, enter
50 - Delivery delay, enter
120
- Select Save
- Successfully edited AWS SQS interface
- In the CloudFormation interface
- Select Stack details
- Select drift-lab-with-sqs
- Select Stack info
- Select Stack actions
- Select Detect drift
- In the CloudFormation interface
- Select Stack details
- Select Stack info
- See Drift status switch to DRIFTED
- In the CloudFormation interface
- Select Stack details
- Select Stack info
- Select Stack actions
- Select View drift results
- In the Drifts interface
- View Drift status
- See Resource drift status,
InputQueuechange Drift status to MODIFIED
