0
0
AWScloud~10 mins

Stack drift detection in AWS - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Stack drift detection
Start Drift Detection
Compare Stack Template
Compare Stack Resources
Check for Differences?
NoNo Drift Detected
Yes
Report Drift Details
End Drift Detection
The process starts by comparing the current stack template and resources with the deployed stack to find any differences, then reports if drift is detected.
Execution Sample
AWS
aws cloudformation detect-stack-drift --stack-name MyStack
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id driftId
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id driftId
aws cloudformation describe-stack-resource-drifts --stack-name MyStack
This sequence detects drift on a stack, checks detection status, and lists resource drifts.
Process Table
StepActionEvaluationResult
1Start drift detection on stack 'MyStack'Send detect-stack-drift API callDrift detection started, driftId received
2Check drift detection statusPoll describe-stack-drift-detection-status with driftIdStatus: IN_PROGRESS
3Check drift detection status againPoll describe-stack-drift-detection-status with driftIdStatus: COMPLETED
4Retrieve resource drift detailsCall describe-stack-resource-drifts for 'MyStack'List of resources with drift status
5Analyze drift resultsCompare resource drift statusesReport drift found on some resources
6End drift detectionNo further actionDrift detection complete
💡 Drift detection completes when status is COMPLETED and resource drifts are reported.
Status Tracker
VariableStartAfter Step 1After Step 3After Step 4Final
driftIdnullabc123abc123abc123abc123
detectionStatusnullIN_PROGRESSCOMPLETEDCOMPLETEDCOMPLETED
resourceDriftsemptyemptyempty[Resource1: IN_SYNC, Resource2: MODIFIED][Resource1: IN_SYNC, Resource2: MODIFIED]
Key Moments - 3 Insights
Why does drift detection take time and show IN_PROGRESS status?
Because AWS CloudFormation compares all stack resources and templates, which can take time; see execution_table rows 2 and 3 showing status polling.
What does it mean if a resource shows MODIFIED in drift results?
It means the actual resource configuration differs from the stack template; see execution_table row 5 where drift is reported.
Can drift detection fix the drift automatically?
No, drift detection only reports differences; you must update or fix the stack manually.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the drift detection status at step 3?
AFAILED
BIN_PROGRESS
CCOMPLETED
DNOT_STARTED
💡 Hint
Check the 'Evaluation' column at step 3 in execution_table.
At which step are the resource drift details retrieved?
AStep 2
BStep 4
CStep 3
DStep 5
💡 Hint
Look for the action 'Retrieve resource drift details' in execution_table.
If no differences are found, what would the result be at step 5?
AReport no drift detected
BDetection status IN_PROGRESS
CReport drift found on some resources
DError retrieving drift details
💡 Hint
Refer to execution_table row 5 and the exit_note about drift reporting.
Concept Snapshot
Stack Drift Detection:
- Start detection with 'detect-stack-drift' command
- Poll status until COMPLETED
- Retrieve resource drift details
- Drift means actual differs from template
- Detection reports drift; manual fix needed
Full Transcript
Stack drift detection in AWS CloudFormation starts by sending a detect-stack-drift command for a stack. The system then compares the deployed stack's resources and template with the current template. This process takes time, so the status is polled until it shows COMPLETED. After completion, resource drift details are retrieved, showing which resources are in sync or modified. If differences exist, drift is reported. Drift detection only reports differences; it does not fix them automatically.