AWS Fundamentals Logo
AWS Fundamentals
L2 Construct

CloudFormationStackDriftDetectionCheck

Checks whether your CloudFormation stacks' actual configuration differs, or has drifted, from its expected configuration.

Import

import { CloudFormationStackDriftDetectionCheck } from 'aws-cdk-lib/aws-config';

Or use the module namespace:

import * as config from 'aws-cdk-lib/aws-config';
// config.CloudFormationStackDriftDetectionCheck

Properties

Configuration passed to the constructor as CloudFormationStackDriftDetectionCheckProps.

ownStackOnlyOptional
boolean

Whether to check only the stack where this rule is deployed.

Default: false

roleOptional
IRoleRef

The IAM role to use for this rule. It must have permissions to detect drift for AWS CloudFormation stacks. Ensure to attach `config.amazonaws.com` trusted permissions and `ReadOnlyAccess` policy permissions. For specific policy permissions, refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.

Default: - A role will be created

6 properties inherited from RuleProps
configRuleNameOptionalinherited from RuleProps
string

A name for the AWS Config rule.

Default: - CloudFormation generated name

descriptionOptionalinherited from RuleProps
string

A description about this AWS Config rule.

Default: - No description

evaluationModesOptionalinherited from RuleProps
EvaluationMode

The modes the AWS Config rule can be evaluated in. The valid values are distinct objects.

Default: - Detective evaluation mode only

inputParametersOptionalinherited from RuleProps
{ [key: string]: any }

Input parameter values that are passed to the AWS Config rule.

Default: - No input parameters

maximumExecutionFrequencyOptionalinherited from RuleProps
MaximumExecutionFrequency

The maximum frequency at which the AWS Config rule runs evaluations.

Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS

ruleScopeOptionalinherited from RuleProps
RuleScope

Defines which resources trigger an evaluation for an AWS Config rule.

Default: - evaluations for the rule are triggered when any resource in the recording group changes.

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL2 (Higher-level)
Moduleaws-config
Properties8

Related Constructs

Explore This Service

External Links