When you make resource configuration changes that are beyond the control of Resource Orchestration Service (ROS), you can use the drift detection feature to identify the resource configuration changes in your stacks. You can also take corrective measures to re-synchronize resources with their template definitions.
Features
| Drift detection object | Description | Permission required for drift detection |
|---|---|---|
| Resource | ROS compares the expected resource property values defined in the template with the actual ones. A resource is considered to have drifted if one of its actual property values differs from the expected property value. |
|
| Stack | A stack is considered to have drifted if one of its resources has drifted.
Note ROS generates details of each resource in the stack that has drifted.
|
|
| Stack group | Stack group drift status describes the drift status of a stack group based on the drift status of its associated stack instances. A stack group is considered to have drifted if one of its associated stacks has drifted. |
|
Resources and stacks that support drift detection
| Drift detection object | Description |
|---|---|
| Resource | For information about resource types that support drift detection, see Resource types that support drift detection and resource import. |
| Stack | Stacks in one of the following states support drift detection:
|
Limits
- ROS can detect drift on a stack but cannot detect drift on one or more nested stacks within the stack. You can initiate a separate drift detection operation directly on a nested stack.
- In some cases, ROS may not be able to return accurate drift detection results. We
recommend that you familiarize yourself with these cases to avoid incorrectly interpreting
drift detection results.
- In some cases, objects contained in property arrays are reported as drift. In fact, these are default values provided to the properties from the underlying service responsible for the resource.
- In this case, you can specify some resource properties in your template. Some properties
cannot be compared by ROS with the actual properties of the stack resources and are
not included in drift detection results. The following section describes the types
of such properties:
- Properties that ROS cannot map back to their actual resource properties in the template.
- Property values that are not returned by the service that is responsible for the resource.
- Property values that are designed to never be returned by the service responsible for the resource. These property values may contain confidential information such as passwords or other sensitive data that must not be exposed.
- Resource properties that are not supported by ROS.
You can query whether the resource properties support drift detection. For more information, see GetResourceType. For example, you can query the return values of the
ALIYUN::ESS::ScalingRuleresource. In the return values, the lastSupportDriftDetectionfield indicates whether the resource supports drift detection. If the value of this field istrue, this resource supports drift detection, and each property of this resource contains aSupportDriftDetectionfield that indicates whether the property supports drift detection.{ ... "ResourceType": "ALIYUN::ESS::ScalingRule", "Properties": { "ScalingRuleName": { ... "SupportDriftDetection": true }, ... }, "SupportDriftDetection": true }
Usage
- Detect drift on resources, stacks, and stack groups.
- Correct drift on stacks and stack groups.
- Correct drift on a stack.
Note You can correct drift on a stack by correcting drift on the stack resources. However, you cannot correct drift on an individual resource.
- Correct drift on a stack group. You can correct drift on a stack group by correcting drift on all stacks that belong to the stack group.
- Correct drift on a stack.
- Query drift detection status codes.
For more information, see Drift detection status codes.