Drift Detection
Drift is the detection of the fact that a cloud formation template, what has been created, has actually drifted from its configuration because maybe there was some manual intervention.
Consider such a yaml template:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
Parameters: VPCId: Description: VPC to create the security group into Type: AWS::EC2::VPC::Id Resources: SSHSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: Test Drift SSH Security Group SecurityGroupIngress: - CidrIp: "10.0.0.0/25" FromPort: 22 ToPort: 22 IpProtocol: tcp VpcId: !Ref VPCId HTTPSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: Test Drift HTTP Security Group SecurityGroupIngress: - CidrIp: "0.0.0.0/0" FromPort: 80 ToPort: 80 IpProtocol: tcp VpcId: !Ref VPCId |
Let’s create a stack:
Next->
Next -> Create stack
CloudFormation has created two security groups:
So if I go to security groups I have this :
Now let’s initiate drift detection
Stack actions -> View drift results
Now, let’s modify one of the our security groups:
When we refresh drifts page we see that the drift has been detected:
We can click to the View drift details to see the details
