When you make resource configuration changes that are beyond the control of Resource Orchestration Service (ROS), you can use the drift detection feature to identify the resource configuration changes in your stacks. You can also take corrective measures to re-synchronize resources with their template definitions.


Drift detection object Description Permission required for drift detection
Resource ROS compares the expected resource property values defined in the template with the actual ones. A resource is considered to have drifted if one of its actual property values differs from the expected property value.
  • Read permissions on the resource.
  • ros:DetectStackResourceDrift permission.
Stack A stack is considered to have drifted if one of its resources has drifted.
Note ROS generates details of each resource in the stack that has drifted.
  • Read permissions on each resource in the stack. For example, if the stack contains an ALIYUN::VPC::EIP resource, you must have the vpc:DescribeEipAddresses permission to detect drift on the stack.
  • ros:DetectStackDrift permission.
Stack group Stack group drift status describes the drift status of a stack group based on the drift status of its associated stack instances. A stack group is considered to have drifted if one of its associated stacks has drifted.
  • Read permissions on each resource in the stacks that belong to the stack group.
  • ros:DetectStackGroupDrift permission.

Resources and stacks that support drift detection

Drift detection object Description
Resource For information about resource types that support drift detection, see Resource types that support drift detection and resource import.
Stack Stacks in one of the following states support drift detection:


  • ROS can detect drift on a stack but cannot detect drift on one or more nested stacks within the stack. You can initiate a separate drift detection operation directly on a nested stack.
  • In some cases, ROS may not be able to return accurate drift detection results. We recommend that you familiarize yourself with these cases to avoid incorrectly interpreting drift detection results.
    • In some cases, objects contained in property arrays are reported as drift. In fact, these are default values provided to the properties from the underlying service responsible for the resource.
    • In this case, you can specify some resource properties in your template. Some properties cannot be compared by ROS with the actual properties of the stack resources and are not included in drift detection results. The following section describes the types of such properties:
      • Properties that ROS cannot map back to their actual resource properties in the template.
      • Property values that are not returned by the service that is responsible for the resource.
      • Property values that are designed to never be returned by the service responsible for the resource. These property values may contain confidential information such as passwords or other sensitive data that must not be exposed.
      • Resource properties that are not supported by ROS.

      You can query whether the resource properties support drift detection. For more information, see GetResourceType. For example, you can query the return values of the ALIYUN::ESS::ScalingRule resource. In the return values, the last SupportDriftDetection field indicates whether the resource supports drift detection. If the value of this field is true, this resource supports drift detection, and each property of this resource contains a SupportDriftDetection field that indicates whether the property supports drift detection.

          "ResourceType": "ALIYUN::ESS::ScalingRule",
          "Properties": {
              "ScalingRuleName": {
                  "SupportDriftDetection": true
          "SupportDriftDetection": true


  1. Detect drift on resources, stacks, and stack groups.
  2. Correct drift on stacks and stack groups.
    • Correct drift on a stack.
      Note You can correct drift on a stack by correcting drift on the stack resources. However, you cannot correct drift on an individual resource.
    • Correct drift on a stack group. You can correct drift on a stack group by correcting drift on all stacks that belong to the stack group.
  3. Query drift detection status codes.

    For more information, see Drift detection status codes.