When you change resource configurations outside Resource Orchestration Service (ROS), you can use the drift detection feature to identify the changes in your stacks. Then, you can take corrective measures to re-synchronize resources with their definitions in the stack template. This ensures that the actual configurations of resources are consistent with the template configurations.
Sample scenarios
Detect drift on a stack
If you want to check whether the actual configurations and the defined template configurations of a stack or stack resources are the same, you can use the drift detection feature to detect drift on the stack.
For more information, see Detect drift on a stack.
Detect drift on a resource
If you want to check whether the actual configurations are inconsistent with the template configurations of a specific resource in a stack, you can use the drift detection feature to detect drift on the resource.
For more information, see Detect drift on a resource.
Detect drift on a stack group
For more information, see Detect drift on a stack group.
Limits
When ROS detects drift on a stack, ROS cannot detect drift on a nested stack of the stack. You can directly detect drift on the nested stack.
In some cases, ROS may fail to return accurate drift results. You can familiarize yourself with the cases to properly interpret drift detection results.
Specific objects in arrays of a resource property are reported as drift. In fact, the objects are default values provided for the property from the underlying service that is responsible for the resource.
ROS may fail to compare specific resource properties that you specify in your stack templates with the properties of the generated stack resources. As a result, the properties are not included in the drift detection results. The properties are classified into the following categories:
Properties whose values ROS cannot map back to the initial resource property values in the stack template.
Properties whose values are not returned by the service responsible for the resource.
Properties whose values are designed to never be returned by the service responsible for the resource. The property values may contain confidential information that must not be exposed, such as passwords or sensitive data.
Properties that are not supported by ROS.
Considerations
You can call the GetResourceType operation to query whether the properties of a resource support drift detection. In this example, the properties of the ALIYUN::ESS::ScalingRule resource are queried. In the return values, the SupportDriftDetection parameter of the resource indicates whether the resource supports drift detection. A value of true indicates that the resource supports drift detection. In this case, each property of the resource is returned together with the SupportDriftDetection property to show whether the property supports drift detection.
{
...
"ResourceType": "ALIYUN::ESS::ScalingRule",
"Properties": {
"ScalingRuleName": {
...
"SupportDriftDetection": true
},
...
},
"SupportDriftDetection": true
}Functions and features
Drift detection object | Description | Permission required for drift detection |
Resource | ROS compares the expected resource property values that you define in the template with the actual property values. A resource is considered to have drifted if an actual property value of the resource differs from the expected property value. |
|
Stack | A stack is considered to have drifted if a resource in the stack has drifted. Note ROS generates details of each resource in the stack that has drifted. |
|
Stack group | ROS determines the overall drift status of a stack group based on the drift status of the stack instances that belong to the stack group. A stack group is considered to have drifted if the associated stacks of its stack instances have drifted. |
|
Resources and stacks that support drift detection
Drift detection object | Description |
Resource | For more information, see Resource types that support drift detection and resource import. |
Stack | Stacks in one of the following states support drift detection:
|