AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
AWS CloudFormation Drift Detection
More Info:
Your AWS CloudFormation stacks should not be drifted from their expected template configuration. A CloudFormation stack is considered to have drifted from its configuration if one or more of its resources have been drifted.
Risk Level
Medium
Address
Operational Maturity, Reliability
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate AWS CloudFormation Drift Detection, follow these steps:
- Log in to the AWS Management Console.
- Navigate to the CloudFormation service.
- Click on the stack that has drift detection enabled.
- Click on the “Drift” tab.
- Review the drift detection results to identify the resources that have drifted.
- Click on the “Resources” tab to see the current state of the resources.
- Select the resources that have drifted and click on the “Detect Drift” button.
- Wait for the drift detection process to complete.
- Review the drift detection results to confirm that the resources have been remediated.
- If necessary, make changes to the stack to remediate the drift.
- Update the stack to apply the changes.
- Repeat the drift detection process to confirm that the resources are no longer drifting.
AWS CloudFormation Drift Detection is a feature that helps you identify resources that have drifted away from their expected configurations. Once you have identified the resources that have drifted, you can use the AWS CLI to remediate the drift.
Here are the steps to remediate AWS CloudFormation Drift Detection using AWS CLI:
- Identify the stack that has drifted by running the following command:
aws cloudformation detect-stack-drift --stack-name <stack-name>
- Once you have identified the resources that have drifted, you can generate a drift report by running the following command:
aws cloudformation describe-stack-resource-drifts --stack-name <stack-name>
-
Review the drift report to identify the resources that have drifted and the expected and actual configurations.
-
To remediate the drift, update the stack with the expected configuration by running the following command:
aws cloudformation update-stack --stack-name <stack-name> --template-body file://<path-to-template> --parameters file://<path-to-parameters>
Replace <path-to-template> and <path-to-parameters> with the file paths to the updated CloudFormation template and parameters file.
- Wait for the stack update to complete by running the following command:
aws cloudformation wait stack-update-complete --stack-name <stack-name>
- Verify that the stack has been remediated by running the following command:
aws cloudformation describe-stack-resources --stack-name <stack-name>
This will show you the current configuration of the resources in the stack. If the resources have been remediated, the expected and actual configurations should match.
To remediate AWS CloudFormation drift detection using Python, follow these steps:
- Import the required libraries: boto3, json
import boto3
import json
- Create a boto3 client for AWS CloudFormation:
client = boto3.client('cloudformation')
- Get the list of stacks:
stacks = client.list_stacks(StackStatusFilter=['CREATE_COMPLETE', 'UPDATE_COMPLETE'])['StackSummaries']
- Loop through the stacks and check for drift:
for stack in stacks:
stack_drift = client.detect_stack_drift(StackName=stack['StackName'])
if stack_drift['StackDriftStatus'] == 'DRIFTED':
print('Stack {} has drifted'.format(stack['StackName']))
- If a stack has drifted, remediate it by updating the stack:
response = client.update_stack(StackName=stack['StackName'], UsePreviousTemplate=True)
print('Stack {} has been remediated'.format(stack['StackName']))
Note: Make sure to test the script thoroughly before running it in a production environment.