You can use the drift detection feature provided by Resource Orchestration Service (ROS) to determine whether the actual configurations of a stack differ or have drifted from the expected configurations in the template.
Prerequisites
Limits
- You can use the drift detection feature only on stacks that are in the following states.
State Description CREATE_COMPLETE The stack is created. UPDATE_FAILED The stack fails to be updated. UPDATE_COMPLETE The stack is updated. ROLLBACK_COMPLETE The stack is rolled back. ROLLBACK_FAILED The stack fails to be rolled back. CHECK_COMPLETE The stack is verified. CHECK_FAILED The stack fails to be verified. - You can use the drift detection feature on only some resources. For more information, see Resource types that support drift detection and resource import.
Detect drift in the ROS console
- In the Actions column of the stack, choose
> Drift Detection. You can also click the stack ID in the Stack Name column. On the Stack Information tab, click Drift Detection.
Detect drift by using Alibaba Cloud CLI
You can use Alibaba Cloud CLI to call the Drift detection operations API operation to detect stack drift.
- If you call the DetectStackDrift API operation to detect stack drift, you must specify the stack ID. You must also
specify the name of the resource on which you want to detect drift.
Run the following command in Alibaba Cloud CLI:
aliyun ros DetectStackDrift --RegionId cn-beijing --StackId bc1a154f-d073-4e77-9ae5-323d3b23****Expected output:
{ "DriftDetectionId": "ad9cf0c7-938e-40b3-9466-ec9f25a1****", "RequestId": "B288A0BE-D927-4888-B0F7-B35EF84B6E6F" } - If you want to query the status of a drift detection operation, you can call the GetStackDriftDetectionStatus API operation. This operation requires the ID of the drift detection operation that
you want to query. You can call the
DetectStackDriftAPI operation to obtain the ID of the drift detection operation.In the following code, the drift detection ID that is returned by the
DetectStackDriftAPI operation in the preceding example is passed as a parameter to theGetStackDriftDetectionStatusAPI operation. The GetStackDriftDetectionStatus API operation returns the operation details, indicating that the drift detection operation is complete.Run the following command in Alibaba Cloud CLI:
aliyun ros GetStackDriftDetectionStatus --RegionId cn-beijing --DriftDetectionId ad9cf0c7-938e-40b3-9466-ec9f25a1****Expected output:
{ "RequestId": "52398D3A-E868-4F95-8B5E-6A2DFB778B16", "DriftDetectionTime": "2020-03-17T07:21:17", "DriftDetectionStatusReason": "Detect stack drift successfully", "DriftedStackResourceCount": 2, "DriftDetectionStatus": "DETECTION_COMPLETE", "StackDriftStatus": "DRIFTED", "DriftDetectionId": "ad9cf0c7-938e-40b3-9466-ec9f25a1****", "StackId": "bc1a154f-d073-4e77-9ae5-323d3b23****" } - If you want to query the resource drift details of a stack, you can call the ListStackResourceDrifts API operation.
Run the following command in Alibaba Cloud CLI:
aliyun ros ListStackResourceDrifts --RegionId cn-beijing --StackId bc1a154f-d073-4e77-9ae5-323d3b23****Expected output:
{ "ResourceDrifts": [ { "ResourceDriftStatus": "MODIFIED", "LogicalResourceId": "Vpc1", "PropertyDifferences": [ { "ActualValue": "test11", "PropertyPath": "/Description", "ExpectedValue": "test1", "DifferenceType": "NOT_EQUAL" } ], "PhysicalResourceId": "vpc-m5euqfvmzygb7xqmx****", "ExpectedProperties": "{\"CidrBlock\": \"192.168.0.0/16\", \"Description\": \"test1\", \"VpcName\": \"test1\"}", "DriftDetectionTime": "2020-03-17T07:21:17", "ResourceType": "ALIYUN::ECS::VPC", "ActualProperties": "{\"CidrBlock\": \"192.168.0.0/16\", \"Description\": \"test11\", \"VpcName\": \"test1\"}", "StackId": "bc1a154f-d073-4e77-9ae5-323d3b23****" }, { "ResourceDriftStatus": "DELETED", "LogicalResourceId": "Vpc2", "PhysicalResourceId": "vpc-m5exf3skxrxtvtkbc****", "DriftDetectionTime": "2020-03-17T07:21:17", "ResourceType": "ALIYUN::ECS::VPC", "StackId": "bc1a154f-d073-4e77-9ae5-323d3b23****" } ], "RequestId": "8E1DE57B-6124-482B-8283-EF5562653308" }