AWS CloudFormation is a service that helps you model and set up your Amazon web services resources, It takes care of provisioning and configuring the resources. It helps you to easily control and track changes in your infrastructure. It quickly replicates your infrastructure over and over in multiple regions. Cloud Formation is a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion. When we manage related resources as a single unit when we use CloudFormation then this single unit is called a stack.
AWS CloudFormation allows you to detect if configuration changes were made to your stack resources outside of CloudFormation via the AWS Management Console, CLI, and SDKs. Drift is the difference between the expected configuration values of stack resources defined in CloudFormation templates and the actual configuration values of these resources in the corresponding CloudFormation stacks. This allows you to better manage your CloudFormation stacks and ensure consistency in your resource configurations.
After checking the drift detection in the stack, we can identify stack resources that have been reconfigured outside Amazon CloudFormation service management.
Not all the resources in the AWS supports drift detection. the default version of the resource type that you have registered in your account must be provisional.
Using AWS CLI:
To check a drift detection operation's status
aws cloudformation detect-stack-drift --region us-east-1 --stack-name <name of stack> --query 'StackDriftDetectionId
Implementation Steps :
Using AWS CLI:
To initiate a drift detection operation on a stack
aws cloudformation detect-stack-drift --stack-name my-stack-with-resource-drift
It is not a reversible process, when you initiate a check for drift detection, cloud formation compares the current stack configuration to the one specified in the template and creates or updates the stack, and reports on any differences. So you need to make sure from your organization performs this task.