1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
The following document shows that "AWS::IAM::Role" does not support drift detection.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html
Relevant content
- asked 2 years ago
- asked 2 years ago
- Accepted Answerasked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 8 months ago
If I will make change in component which exists in original Role template (i.e. ManagedPolicies - add new one) then some times Drift is shown. This fools me that it's actually works.
I don't see why CloudFormation is considered as good tool If I cannot control consistency between planned resources and current resources.
Agreed with Riku: not all features in all services support drift detection by CFN. You have to check the list that he points to to define which ones in your config are supported.