Reputation: 108
How to detect Console/Stack drift working with AWS CDK
As it says it on the tin, I am looking for a suggestions or advise for managing those pesky Console changes that may occur when working in IaC with CDK. Anything that introduces drift which CloudFormation is so nice at detecting. There must be a way CDK (or something else) can get to what CfN drift detection finds, right ?
To direct the ideas a bit more, in the long run I will be aiming to have the deployment of CDK stacks through GitHub on merge. But starting off locally for now.
Expected cdk diff to give me something, but quickly realised that was only for local diffs.
Saw a suggestion to try cdk deploy --no-execute but that returns everything as healthy.
Upvotes: 4
Views: 1965
Answers (1)
Reputation: 4043
You can use CloudFormationStackDriftDetectionCheck to check whether your CloudFormation stacks' actual configuration differs, or has drifted, from its expected configuration.
Example:-
// Topic to which compliance notification events will be published
const complianceTopic = new sns.Topic(this, 'ComplianceTopic');
const rule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');
rule.onComplianceChange('TopicEvent', {
target: new targets.SnsTopic(complianceTopic),
});
Ref:- class CloudFormationStackDriftDetectionCheck (construct)
Upvotes: 1
Related Questions
- How to import existing resources into a cdk-pipelines app?
- The difference between a Stack and Construct in AWS CDK
- Is it possible to detect and recover from a deregistered ECS Task Definition?
- Check if AWS resource has been deployed by CloudFormation
- CDK Codepipeline CloudFormationCreateUpdateStackAction getting "S3: Access Denied" only with Nested Stacks
- How to create AWS Cognito stack using AWS CDK
- AWS CDK alternative to using Params in StepFunctions
- How refactorable are AWS CDK applications?