How to automatically patch EC2 instances created from CloudFormation Stacks using SSM patch manager

Question

We have EC2 instances created via CloudFormation. 
If we use SSM patch manager to automatically patch these instances, will that cause drifts to the CF stack?

Accepted Answer

Hello.

CloudFormation drift checks differences in AWS settings (instance type, EBS type, etc.), so drift does not occur with information inside the EC2 OS.  
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html  
> CloudFormation detects drift on those AWS resources that support drift detection. Resources that don't support drift detection are assigned a drift status of NOT_CHECKED. For a list of AWS resources that support drift detection, see [Resources that support import and drift detection operations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html).

How to automatically patch EC2 instances created from CloudFormation Stacks using SSM patch manager

相關內容