If resource configurations are changed outside Resource Orchestration Service (ROS), drift detection identifies the discrepancies in your stacks so that you can re-synchronize resources with their stack template definitions.
Sample scenarios
Detect drift on a stack
Use drift detection to compare a stack's configuration against its template or to verify individual resource configurations.
For more information, see Detect drift on a stack.
Detect drift on a resource
If you want to check whether the actual configurations are inconsistent with the template configurations of a specific resource in a stack, you can use the drift detection feature to detect drift on the resource.
For more information, see Detect drift on a resource.
Detect drift on a stack group
Use drift detection on a stack group to determine if resources within its stacks have configurations that differ from the template.
For more information, see Detect drift on a stack group.
Limits
-
Drift detection on a stack does not cover its nested stacks. You must detect drift on each nested stack separately.
-
In some cases, drift results may be inaccurate. Review the following cases to properly interpret drift detection results.
-
Certain array objects in a resource property may be reported as drift, but they are actually default values provided by the underlying service.
-
ROS may be unable to compare certain resource properties specified in your stack template with the actual stack resource properties. These properties are excluded from drift detection results and fall into the following categories:
-
Properties whose values cannot be mapped back to the original values in the stack template.
-
Properties whose values are not returned by the service responsible for the resource.
-
Properties whose values are designed to never be returned by the service. These values may contain confidential information such as passwords or sensitive data.
-
Properties that are not supported by ROS.
-
-
Considerations
Call the GetResourceType operation to check whether a resource and its properties support drift detection. The following example queries the ALIYUN::ESS::ScalingRule resource. In the response, the SupportDriftDetection parameter indicates whether the resource supports drift detection. A value of true means drift detection is supported, and each property includes its own SupportDriftDetection field.
{
...
"ResourceType": "ALIYUN::ESS::ScalingRule",
"Properties": {
"ScalingRuleName": {
...
"SupportDriftDetection": true
},
...
},
"SupportDriftDetection": true
}Functions and features
|
Drift detection object |
Description |
Permission required for drift detection |
|
Resource |
ROS compares the expected resource property values defined in the template with the actual values. A resource is considered drifted if any actual property value differs from the expected value. |
|
|
Stack |
A stack is considered drifted if any resource in the stack has drifted. Note
ROS generates drift details for each drifted resource in the stack. |
|
|
Stack group |
ROS determines the overall drift status of a stack group based on the drift status of its stack instances. A stack group is considered drifted if the associated stacks of its stack instances have drifted. |
|
Resources and stacks that support drift detection
|
Drift detection object |
Description |
|
Resource |
For more information, see Resource types that support drift detection and resource import. |
|
Stack |
Stacks in one of the following states support drift detection:
|