131. What do you do about CloudFormation Drift?
Description
In this episode, we discuss the concept of CloudFormation drift, what causes it, how to detect it, and strategies for resolving it. We explain that drift happens when the actual state of resources diverges from what is defined in the CloudFormation templates. Common causes include manual changes, third party tools, mixing IaC solutions, and automation. We then cover built-in drift detection in CloudFormation and integrating it with alarms. Finally, we suggest approaches for reconciling drift like change sets, deletion protection, and bringing up parallel stacks.
💰 SPONSORS 💰
This episode of AWS Bites is brought to you by fourTheorem. Need to modernize your infrastructure or build scalable cloud solutions? fourTheorem brings the experience to build high-quality, maintainable, and scalable cloud applications that evolve with your business needs. Visit https://fourtheorem.com to see how we can help take your cloud journey to the next level.
In this episode, we mentioned the following resources:
Ep 31 - CloudFormation or Terraform: https://awsbites.com/31-cloudformation-or-terraform/
Ep. 121 - 5 Ways to extend CloudFormation: https://awsbites.com/121-5-ways-to-extend-cloudformation/
Automatic Drift detection (AWS tutorial): https://aws.amazon.com/blogs/mt/implementing-an-alarm-to-automatically-detect-drift-in-aws-cloudformation-stacks
Ep. 11 - How do you move away from the management console: https://awsbites.com/11-how-do-you-move-away-from-the-management-console/
Do you have any AWS questions you would like us to address?
Leave a comment here or connect with us on X, formerly Twitter:
- https://twitter.com/eoins
- https://twitter.com/loige
In this episode, we discuss the pros and cons of using serverless architecture in enterprise companies. We cover topics like cost, complexity, security, ability to evolve architecture, and more. Overall, we find that serverless can provide benefits like reduced operational costs, improved...
Published 11/15/24
In this episode, we discuss why IAM users and long-lived credentials are dangerous and should be avoided. We share war stories of compromised credentials and overprivileged access. We then explore solutions like centralizing IAM users, using tools like AWS Vault for temporary credentials,...
Published 11/01/24