You can use the drift detection feature provided by Resource Orchestration Service (ROS) to determine whether the actual configurations of a stack differ or have drifted from the expected configurations in the template.

Prerequisites

A stack group is created. For more information, see Create a stack.

Limits

  • You can use the drift detection feature only on stacks that are in the following states.
    State Description
    CREATE_COMPLETE The stack is created.
    UPDATE_FAILED The stack fails to be updated.
    UPDATE_COMPLETE The stack is updated.
    ROLLBACK_COMPLETE The stack is rolled back.
    ROLLBACK_FAILED The stack fails to be rolled back.
    CHECK_COMPLETE The stack is verified.
    CHECK_FAILED The stack fails to be verified.
  • You can use the drift detection feature on only some resources. For more information, see Resource types that support drift detection and resource import.

Detect drift in the ROS console

  1. Log on to the ROS console.
  2. In the left-side navigation pane, click Stacks.
  3. In the upper-left corner of the page, select the region in which the stack that you want to use is deployed from the drop-down list.
  4. In the Actions column of the stack, choose 1 > Drift Detection.
    You can also click the stack ID in the Stack Name column. On the Stack Information tab, click Drift Detection.
  5. On the Drifts tab, view the Drift Status, Last Drift Detection Time, and Resource Drift Status of the stack.

Detect drift by using Alibaba Cloud CLI

You can use Alibaba Cloud CLI to call the Drift detection operations API operation to detect stack drift.

  • If you call the DetectStackDrift API operation to detect stack drift, you must specify the stack ID. You must also specify the name of the resource on which you want to detect drift.

    Run the following command in Alibaba Cloud CLI:

    aliyun ros DetectStackDrift --StackId bc1a154f-d073-4e77-9ae5-323d3b23****

    Expected output:

    {
        "DriftDetectionId": "ad9cf0c7-938e-40b3-9466-ec9f25a1****",
        "RequestId": "B288A0BE-D927-4888-B0F7-B35EF84B6E6F"
    }
  • If you want to query the status of a drift detection operation, you can call the GetStackDriftDetectionStatus API operation. This operation requires the ID of the drift detection operation that you want to query. You can call the DetectStackDrift API operation to obtain the ID of the drift detection operation.

    In the following code, the drift detection ID that is returned by the DetectStackDrift API operation in the preceding example is passed as a parameter to the GetStackDriftDetectionStatus API operation. The GetStackDriftDetectionStatus API operation returns the operation details, indicating that the drift detection operation is complete.

    Run the following command in Alibaba Cloud CLI:

    aliyun ros GetStackDriftDetectionStatus --DriftDetectionId ad9cf0c7-938e-40b3-9466-ec9f25a1****

    Expected output:

    {
        "RequestId": "52398D3A-E868-4F95-8B5E-6A2DFB778B16",
        "DriftDetectionTime": "2020-03-17T07:21:17",
        "DriftDetectionStatusReason": "Detect stack drift successfully",
        "DriftedStackResourceCount": 2,
        "DriftDetectionStatus": "DETECTION_COMPLETE",
        "StackDriftStatus": "DRIFTED",
        "DriftDetectionId": "ad9cf0c7-938e-40b3-9466-ec9f25a1****",
        "StackId": "bc1a154f-d073-4e77-9ae5-323d3b23****"
    }
  • If you want to query the resource drift details of a stack, you can call the ListStackResourceDrifts API operation.

    Run the following command in Alibaba Cloud CLI:

    aliyun ros ListStackResourceDrifts --StackId bc1a154f-d073-4e77-9ae5-323d3b23****

    Expected output:

    {
      "ResourceDrifts": [
        {
          "ResourceDriftStatus": "MODIFIED",
          "LogicalResourceId": "Vpc1",
          "PropertyDifferences": [
            {
              "ActualValue": "test11",
              "PropertyPath": "/Description",
              "ExpectedValue": "test1",
              "DifferenceType": "NOT_EQUAL"
            }
          ],
          "PhysicalResourceId": "vpc-m5euqfvmzygb7xqmx****",
          "ExpectedProperties": "{\"CidrBlock\": \"192.168.0.0/16\", \"Description\": \"test1\", \"VpcName\": \"test1\"}",
          "DriftDetectionTime": "2020-03-17T07:21:17",
          "ResourceType": "ALIYUN::ECS::VPC",
          "ActualProperties": "{\"CidrBlock\": \"192.168.0.0/16\", \"Description\": \"test11\", \"VpcName\": \"test1\"}",
          "StackId": "bc1a154f-d073-4e77-9ae5-323d3b23****"
        },
        {
          "ResourceDriftStatus": "DELETED",
          "LogicalResourceId": "Vpc2",
          "PhysicalResourceId": "vpc-m5exf3skxrxtvtkbc****",
          "DriftDetectionTime": "2020-03-17T07:21:17",
          "ResourceType": "ALIYUN::ECS::VPC",
          "StackId": "bc1a154f-d073-4e77-9ae5-323d3b23****"
        }
      ],
      "RequestId": "8E1DE57B-6124-482B-8283-EF5562653308"
    }