You can perform drift detection on a stack to determine whether the stack has drifted from its expected configurations. The operation returns details about the drift status of resources within a stack that supports drift detection.
Prerequisites
Detect drift in the ROS console
- On the Stacks page, click the ID of the target stack in the Stack Name column. On the Stack Information tab, click Drift Detection in the Basic Information section.
Note- After the drift detection is complete, you can view the drift status and last drift detection time in the Basic Information section.
- A stack is considered to have drifted if one or more of its resources have drifted.
Detect drift by using Alibaba Cloud CLI
You can use the following aliyun ros commands in Alibaba Cloud Command Line Interface (Alibaba Cloud CLI) to detect drift on a stack.
| Command | Description |
|---|---|
DetectStackDrift |
Initiates a drift detection operation on a stack. |
GetStackDriftDetectionStatus |
Queries the status of the drift detection operation on a stack. |
ListStackResourceDrifts |
Queries detailed information about resource drift in a stack. |
- You can use the
DetectStackDriftcommand to detect drift on a stack. The stack ID must be specified. Resource names must also be specified to filter resources on which you want to detect drift.$ aliyun ros DetectStackDrift --StackId 4334b961-3bfd-419e-9a00-23a95e****** { "DriftDetectionId": "13b48934-6818-4765-8ae1-744241******", "RequestId": "B288A0BE-D927-4888-B0F7-B35EF84B6E6F" } - The stack drift detection operation may take a long period of time. You can use the
GetStackDriftDetectionStatuscommand to monitor the status of the drift detection operation. This command obtains the stack drift detection ID returned by theDetectStackDriftcommand.In the following example, the drift detection ID of the stack returned by the
DetectStackDriftcommand in the preceding example is passed as a parameter to theGetStackDriftDetectionStatuscommand. This parameter returns operation details, indicating that the drift detection operation is complete.$ aliyun ros GetStackDriftDetectionStatus --DriftDetectionId 13b48934-6818-4765-8ae1-744241****** { "RequestId": "52398D3A-E868-4F95-8B5E-6A2DFB778B16", "DriftDetectionTime": "2020-03-17T07:21:17", "DriftDetectionStatusReason": "Detect stack drift successfully", "DriftedStackResourceCount": 2, "DriftDetectionStatus": "DETECTION_COMPLETE", "StackDriftStatus": "DRIFTED", "DriftDetectionId": "13b48934-6818-4765-8ae1-744241******", "StackId": "4334b961-3bfd-419e-9a00-23a95e******" } - After the stack drift detection operation is complete, you can use the
ListStackResourceDriftscommand to view the results, including actual and expected property values for resources that have drifted.$ aliyun ros ListStackResourceDrifts --StackId 4334b961-3bfd-419e-9a00-23a95e****** { "ResourceDrifts": [ { "ResourceDriftStatus": "MODIFIED", "LogicalResourceId": "Vpc1", "PropertyDifferences": [ { "ActualValue": "test11", "PropertyPath": "/Description", "ExpectedValue": "test1", "DifferenceType": "NOT_EQUAL" } ], "PhysicalResourceId": "vpc-m5euqfvmzygb7xq******", "ExpectedProperties": "{\"CidrBlock\": \"192.168.0.0/16\", \"Description\": \"test1\", \"VpcName\": \"test1\"}", "DriftDetectionTime": "2020-03-17T07:21:17", "ResourceType": "ALIYUN::ECS::VPC", "ActualProperties": "{\"CidrBlock\": \"192.168.0.0/16\", \"Description\": \"test11\", \"VpcName\": \"test1\"}", "StackId": "4334b961-3bfd-419e-9a00-23a95e******" }, { "ResourceDriftStatus": "DELETED", "LogicalResourceId": "Vpc2", "PhysicalResourceId": "vpc-m5exf3skxrxtvtk******", "DriftDetectionTime": "2020-03-17T07:21:17", "ResourceType": "ALIYUN::ECS::VPC", "StackId": "4334b961-3bfd-419e-9a00-23a95e******" } ], "RequestId": "8E1DE57B-6124-482B-8283-EF5562653308" }