AWScloud~5 mins

Stack drift detection in AWS - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes, the resources in your cloud setup change without updating your main setup files. Stack drift detection helps find these unexpected changes so you can fix them and keep everything working well.

When you want to check if someone changed your cloud resources directly instead of using your setup files.

When you notice your app behaves differently but you are not sure if the cloud setup changed.

Before updating your cloud setup to avoid conflicts caused by hidden changes.

After a team member made manual changes in the cloud console and you want to confirm what changed.

When you want to keep your cloud setup clean and consistent with your setup files.

Commands

This command starts checking the stack named 'example-stack' for any changes made outside the setup files.

Terminal

aws cloudformation detect-stack-drift --stack-name example-stack

Expected OutputExpected

{"StackDriftDetectionId": "1234abcd-12ab-34cd-56ef-1234567890ab"}

→

--stack-name - Specifies the name of the stack to check for drift.

This command checks the status of the drift detection process using the ID returned from the previous command.

Terminal

aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id 1234abcd-12ab-34cd-56ef-1234567890ab

Expected OutputExpected

{"StackDriftDetectionStatus": "DETECTION_COMPLETE", "DriftStatus": "DRIFTED"}

→

--stack-drift-detection-id - Uses the ID from the drift detection start command to get the current status.

This command lists all resources in the stack that have drifted, showing what changed compared to the setup files.

Terminal

aws cloudformation describe-stack-resource-drifts --stack-name example-stack

Expected OutputExpected

{"StackResourceDrifts": [{"LogicalResourceId": "MyInstance", "PhysicalResourceId": "i-0abcd1234efgh5678", "ResourceType": "AWS::EC2::Instance", "PropertyDifferences": [{"PropertyPath": "/Properties/InstanceType", "ExpectedValue": "t2.micro", "ActualValue": "t2.small"}]}]}

→

--stack-name - Specifies which stack's resources to check for drift details.

Key Concept

If you remember nothing else from this pattern, remember: drift detection finds hidden changes in your cloud setup so you can keep your setup files and real resources in sync.

Common Mistakes

Running drift detection without waiting for the detection process to complete before checking status.

The status command may show incomplete or no results if the detection is still running.

Wait a few seconds after starting drift detection, then check the status until it shows complete.

Not specifying the correct stack name when running commands.

Commands will fail or check the wrong stack, giving misleading results.

Always double-check the stack name matches exactly the stack you want to check.

Summary

Start drift detection on a stack to find changes made outside your setup files.

Check the detection status to know when the process is complete and if drift exists.

List the specific resources that have drifted and see what properties changed.