Overview

A config rule that checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration. A stack is considered to have drifted if one or more of its resources differ from their expected configuration. The rule and the stack are COMPLIANT when the stack drift status is IN_SYNC. The rule and the stack are NON_COMPLIANT when the stack drift status is DRIFTED.

Also available is the following configuration package which includes this config rule and the required IAM role (as well as optional notification settings).

Configuration Templates

Items
1
Size
0.8 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: cloudformation-stack-drift-detection-check
      Description: >-
        A config rule that checks whether an AWS CloudFormation stack's actual
        configuration differs, or has drifted, from it's expected configuration.
        A stack is considered to have drifted if one or more of its resources
        differ from their expected configurati...
      Scope:
        ComplianceResourceTypes:
          - 'AWS::CloudFormation::Stack'
      Source:
        Owner: AWS
        SourceIdentifier: CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK
      MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Rule Parameters

 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: