AWS CloudFormation launches drift-aware change sets that can compare an IaC template with the actual state of infrastructure and bring drifted resources in line with their template definitions. Configuration drift occurs when infrastructure managed by IaC is modified via the AWS Management Console, SDK, or CLI. With drift-aware change sets, you can revert drift and keep infrastructure in sync with templates. Additionally, you can preview the impact of deployments on drifted resources and prevent unexpected changes.
Customers can modify infrastructure outside of IaC when troubleshooting operational incidents. This creates the risk of unexpected changes in future IaC deployments, impacts the security posture of infrastructure, and hampers reproducibility for testing and disaster recovery. Standard change sets can compare a template with your last-deployed template, but do not consider drift. Drift-aware change sets provide a three-way diff between a new template, last-deployed template, and actual infrastructure state. If your diff predicts unintended overwrites of drift, you can update your template values and recreate the change set. During change set execution, CloudFormation will match resource properties with template values and recreate resources deleted outside of IaC. If a provisioning error occurs, CloudFormation will restore infrastructure to its actual state before deployment.
To get started, create a change set for an existing stack from the CloudFormation Console and choose “Drift-aware” as the change set type. Alternatively, pass the –deployment-mode REVERT_DRIFT parameter to the CreateChangeSet API from the AWS CLI or SDK. To learn more, visit the CloudFormation User Guide.
Drift-aware change sets are available in AWS Regions where CloudFormation is available. Refer to the AWS Region table to learn more.
Categories: general:products/aws-cloudformation,marketing:marchitecture/developer-tools,marketing:marchitecture/management-and-governance,general:products/aws-govcloud-us
Source: Amazon Web Services
Latest Posts
- (Updated) Action required: Update Teams Rooms app to maintain PowerPoint Live functionality [MC1332812]
- (Updated) Transitioning Teams Android Device Management from Teams admin Center to the Teams Rooms Pro Management portal [MC1227622]
- (Updated) Interact with your favorite apps on Teams using Slash ( / ) Commands [MC1319214]
- (Updated) Rewrite with Microsoft 365 Copilot Chat coming soon to Edge for Business users [MC1146821]
