|
| 1 | +include::attributes.txt[] |
| 2 | + |
| 3 | +// Attributes |
| 4 | +[.topic] |
| 5 | +[#ref-cli-cmd-drift] |
| 6 | += `cdk drift` |
| 7 | +:keywords: {aws} CDK, {aws} CDK CLI, CDK Toolkit CLI, cdk drift |
| 8 | + |
| 9 | +[abstract] |
| 10 | +-- |
| 11 | +Detect and report drift in deployed {aws} CloudFormation stacks that are defined in your CDK app. |
| 12 | +-- |
| 13 | + |
| 14 | +// Content start |
| 15 | + |
| 16 | +Detect configuration drift for resources that you define, manage, and deploy using the {aws} Cloud Development Kit ({aws} CDK). Drift occurs when a stack's actual configuration differs from its expected configuration, which happens when resources are modified outside of {aws} CloudFormation. |
| 17 | + |
| 18 | +This command identifies resources that have been modified (for example, through the {aws} Console or {aws} CLI) by comparing their current state against their expected configuration. These modifications can cause unexpected behavior in your infrastructure. |
| 19 | + |
| 20 | +During drift detection, the CDK CLI will output progress indicators and results, showing: |
| 21 | + |
| 22 | +- Resources that have drifted from their expected configuration. |
| 23 | +- The total number of resources with drift. |
| 24 | +- A summary indicating whether drift was detected in the stack. |
| 25 | +
|
| 26 | +[IMPORTANT] |
| 27 | +==== |
| 28 | +The `cdk drift` and `cdk diff` commands work differently: |
| 29 | +
|
| 30 | +* `cdk drift` calls CloudFormation's drift detection operation to compare the actual state of resources in {aws} ("reality") against their expected configuration in CloudFormation. Not all {aws} resources support drift detection. For a list of supported resources, see link:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html[Resource type support] in the _{aws} CloudFormation User Guide_. |
| 31 | +
|
| 32 | +* `cdk diff` compares the CloudFormation template synthesized from your local CDK code against the template of the deployed CloudFormation stack. |
| 33 | +
|
| 34 | +Use `cdk drift` when you need to verify if resources have been modified outside of CloudFormation (for example, through the {aws} Console or {aws} CLI). Use `cdk diff` when you want to preview how your local code changes would affect your infrastructure before deployment. |
| 35 | +==== |
| 36 | + |
| 37 | +[#ref-cli-cmd-drift-usage] |
| 38 | +== Usage |
| 39 | + |
| 40 | +[source,none,subs="verbatim,attributes"] |
| 41 | +---- |
| 42 | +$ cdk drift <arguments> <options> |
| 43 | +---- |
| 44 | + |
| 45 | +[#ref-cli-cmd-drift-args] |
| 46 | +== Arguments |
| 47 | + |
| 48 | +[#ref-cli-cmd-drift-args-stack-name] |
| 49 | +*Stack name*:: |
| 50 | +The name of the stack that you want to check for drift. The stack must be previously deployed to CloudFormation to perform drift detection. |
| 51 | ++ |
| 52 | +_Type_: String |
| 53 | ++ |
| 54 | +_Required_: No |
| 55 | ++ |
| 56 | +If no stack is specified, drift detection will be performed on all stacks defined in your CDK app. |
| 57 | + |
| 58 | +[#ref-cli-cmd-drift-options] |
| 59 | +== Options |
| 60 | + |
| 61 | +For a list of global options that work with all CDK CLI commands, see xref:ref-cli-cmd-options[Global options]. |
| 62 | + |
| 63 | +[#ref-cli-cmd-drift-options-fail] |
| 64 | +`--fail <BOOLEAN>`:: |
| 65 | +Return with exit code 1 if drift is detected. |
| 66 | ++ |
| 67 | +_Default value_: `false` |
| 68 | + |
| 69 | +[#ref-cli-cmd-drift-options-help] |
| 70 | +`--help, -h <BOOLEAN>`:: |
| 71 | +Show command reference information for the `cdk drift` command. |
| 72 | + |
| 73 | +[#ref-cli-cmd-drift-examples] |
| 74 | +== Examples |
| 75 | + |
| 76 | +[#ref-cli-cmd-drift-examples-stack] |
| 77 | +=== Check drift for a specific stack |
| 78 | + |
| 79 | +[source,none,subs="verbatim,attributes"] |
| 80 | +---- |
| 81 | +$ cdk drift MyStackName |
| 82 | +---- |
| 83 | + |
| 84 | +The command will output results similar to: |
| 85 | + |
| 86 | +[source,none,subs="verbatim,attributes"] |
| 87 | +---- |
| 88 | +Stack MyStackName |
| 89 | +Modified Resources |
| 90 | +[~] AWS::Lambda::Function MyFunction MyLambdaFunc1234ABCD |
| 91 | + └─ [~] /Description |
| 92 | + ├─ [-] My original hello world Lambda function |
| 93 | + └─ [+] My drifted hello world Lambda function |
| 94 | +
|
| 95 | +1 resource has drifted from their expected configuration |
| 96 | +
|
| 97 | +✨ Number of resources with drift: 1 |
| 98 | +---- |
| 99 | + |
| 100 | +[#ref-cli-cmd-drift-examples-deleted] |
| 101 | +=== Check drift when resources have been deleted |
| 102 | + |
| 103 | +The following example shows what the output looks like when resources have been both modified and deleted: |
| 104 | + |
| 105 | +[source,none,subs="verbatim,attributes"] |
| 106 | +---- |
| 107 | +Stack MyStackName |
| 108 | +Modified Resources |
| 109 | +[~] AWS::Lambda::Function MyFunction MyLambdaFunc1234ABCD |
| 110 | + └─ [~] /Description |
| 111 | + ├─ [-] My original hello world Lambda function |
| 112 | + └─ [+] My drifted hello world Lambda function |
| 113 | +Deleted Resources |
| 114 | +[-] AWS::CloudWatch::Alarm MyAlarm MyCWAlarmABCD1234 |
| 115 | +
|
| 116 | +2 resources have drifted from their expected configuration |
| 117 | +
|
| 118 | +✨ Number of resources with drift: 2 |
| 119 | +---- |
| 120 | + |
| 121 | +[#ref-cli-cmd-drift-examples-fail] |
| 122 | +=== Check drift with exit code |
| 123 | + |
| 124 | +To have the command return a non-zero exit code if drift is detected: |
| 125 | + |
| 126 | +[source,none,subs="verbatim,attributes"] |
| 127 | +---- |
| 128 | +$ cdk drift MyStackName --fail |
| 129 | +---- |
| 130 | + |
| 131 | +This is useful in CI/CD pipelines to automatically detect and respond to infrastructure drift. |
0 commit comments