{"id":4400,"date":"2021-04-25T17:40:51","date_gmt":"2021-04-25T15:40:51","guid":{"rendered":"http:\/\/miro.borodziuk.eu\/?p=4400"},"modified":"2021-06-28T16:49:59","modified_gmt":"2021-06-28T14:49:59","slug":"cloudformation-7-drift-detection","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2021\/04\/25\/cloudformation-7-drift-detection\/","title":{"rendered":"CloudFormation – 7 – Drift Detection"},"content":{"rendered":"

<\/p>\n

Drift Detection<\/span><\/p>\n

Drift is the detection of the fact that a cloud formation template, what has been created, has actually drifted from its configuration because maybe there was some manual intervention.
\n<\/span><\/p>\n

Consider such a yaml template:<\/p>\n

Parameters:\r\n  VPCId:\r\n    Description: VPC to create the security group into\r\n    Type: AWS::EC2::VPC::Id\r\n  \r\nResources:\r\n  SSHSecurityGroup:\r\n    Type: \"AWS::EC2::SecurityGroup\"\r\n    Properties:\r\n      GroupDescription: Test Drift SSH Security Group\r\n      SecurityGroupIngress:\r\n        - CidrIp: \"10.0.0.0\/25\"\r\n          FromPort: 22\r\n          ToPort: 22\r\n          IpProtocol: tcp\r\n      VpcId: !Ref VPCId\r\n\r\n  HTTPSecurityGroup:\r\n    Type: \"AWS::EC2::SecurityGroup\"\r\n    Properties:\r\n      GroupDescription: Test Drift HTTP Security Group\r\n      SecurityGroupIngress:\r\n        - CidrIp: \"0.0.0.0\/0\"\r\n          FromPort: 80\r\n          ToPort: 80\r\n          IpProtocol: tcp\r\n      VpcId: !Ref VPCId\r\n<\/pre>\n
Let’s create a stack:<\/p>\n
 \"\"<\/code><\/p>\n
Next-><\/code><\/p>\n
\"\"<\/p>\n
Next -> Create stack<\/code><\/p>\n
CloudFormation has created two security groups:<\/p>\n
\"\"<\/p>\n
So if I go to security groups I have this :<\/span><\/p>\n
\"\"<\/p>\n
Now let’s initiate drift detection<\/p>\n
\"\"<\/p>\n
Stack actions -> View drift results<\/code><\/p>\n
\"\"<\/p>\n
Now, let’s modify one of the our security groups:<\/p>\n
\"\"<\/p>\n
When we refresh drifts page we see that the drift has been detected:<\/p>\n
\"\"<\/p>\n
We can click to the View drift details<\/code> to see the details<\/p>\n
\"\"<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/4400"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=4400"}],"version-history":[{"count":10,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/4400\/revisions"}],"predecessor-version":[{"id":4422,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/4400\/revisions\/4422"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=4400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=4400"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=4400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}