CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

Last update: Dec 11, 2022

Overview

CloudFormation Drift Remediation

Installation

This package is available on pypi, you can for example use on of these commands (pipx is recommended)

pipx install cfn-drift-remediation
pip install cfn-drift-remediation

Usage

Run drift detection on a stack, and verify that you want to remediate it by changing the provisioned resource (using the stack as the source of truth).
run one of the commands below
Run drift detection again to verify that everything is in sync again.

# Default usage
cfn-drift-remediation stack_name
# Using a different profile
AWS_DEFAULT_PROFILE=profile-name cfn-drift-remediation stack_name
# Using a third party tool like aws-vault
aws-vault exec profile-name -- cfn-drift-remediation stack_name

How this works

This tool will read the existing drift of a stack, iterate through the drifted resources and construct a patch document to change the actual (detected) property values to the expected (stack) values.

Caveats

Changes are done with CloudControl API. This does mean that if the drifted resources do not support Cloud Control API, they will be skipped.
For some resources the order in a list does not matter, this might lead to a failure to apply changes, because Cloud Control API will assume the resource is not in the drifted state it expects.
We do not support creating resources that were completely deleted from the stack. The drift detection api does not return enough information to construct the replacement resource.

Development

We use poetry to manage this project

Clone this repository
Run poetry install
Activate the virtualenvironment with poetry shell (you can also use poetry run $command)

Releasing a new version to pypi

Edit pyproject.toml to update the version number
Edit cfn_drift_remediation/_init.py to update the version number
Commit the version number bump
Run tests poetry run pytest (you might have to install dependencies with poetry install --dev)
Run poetry publish --build
Push to GitHub
Create a new release in GitHub

Using poetry in Visual Studio Code

If you want to use poetry in Visual Studio Code, it works best if the virtual environment is created inside the project folder. Once the virtual environment is created, you can run the "Python: Select interpreter" command in Visual Studio Code, and point to the .venv folder.

poetry config virtualenvs.in-project true

If you already created the virtual environment, you have to recreate it

# from within the project folder
poetry env remove $(poetry env list)
poetry install

Releases(0.3.1)

0.3.1(Mar 7, 2022)

Source code(tar.gz)
Source code(zip)
cfn-drift-remediation-0.3.1.tar.gz(5.65 KB)
cfn_drift_remediation-0.3.1-py3-none-any.whl(7.32 KB)
0.3.0(Jan 26, 2022)
Simplify and support more things

Simplify code by parsing the drift instead of using the CloudFormation Resource Schemas

Support values that were added or removed (very useful for stack-level tags)

Skip resources that are not supported, instead of failing

Improve documentation

Source code(tar.gz)
Source code(zip)
0.2.0(Jan 26, 2022)

Source code(tar.gz)
Source code(zip)

A python to scratch API connector. Can fetch data from the API and send it back in cloud variables.

Scratch2py Scratch2py or S2py is a easy to use, versatile tool to communicate with the Scratch API Based of scratchclient by Raihan142857 Installation

20 Jun 18, 2022

Ditch Xiaomi's cloud and use a Telegram bot instead

Yi-Home_Telegram_Bot_Interface Ditch Xiaomi's cloud and use a Telegram bot instead Features Motion detection Works by monitoring a tmp file that is cr

10 Aug 18, 2022

We’re releasing an open-source tool you can use now, which we developed as a homemade Just-In-Time database access control tool for our sensitive database. This tool syncs with our directory service, slack, SIEM, and finally, our Apache Cassandra database.

Cassandra Access Control By Aner Izraeli - Intezer Security Manager ([email protected]) We’re releasing an open-source tool you can use now, which

6 Mar 31, 2022

A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears.

robotframework-stacktrace A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears. Ins

16 Nov 24, 2022

A Serverless Application Model stack that persists the $XRP price to the XRPL every minute as a TrustLine. There are no servers, it is effectively a "smart contract" in Python for the XRPL.

xrpl-price-persist-oracle-sam This is a XRPL Oracle that publishes external data into the XRPL. This Oracle was inspired by XRPL-Labs/XRPL-Persist-Pri

11 Dec 17, 2022

Simulation artifacts, core components and configuration files to integrate AWS DeepRacer device with ROS Navigation stack.

AWS DeepRacer Overview The AWS DeepRacer Evo vehicle is a 1/18th scale Wi-Fi enabled 4-wheel ackermann steering platform that features two RGB cameras

31 Nov 21, 2022

A multi-tenant multi-client scalable product categorising demo stack

CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

Related tags

Overview

CloudFormation Drift Remediation

Installation

Usage

How this works

Caveats

Development

Releasing a new version to pypi

Using poetry in Visual Studio Code

You might also like...

A python to scratch API connector. Can fetch data from the API and send it back in cloud variables.

Ditch Xiaomi's cloud and use a Telegram bot instead

We’re releasing an open-source tool you can use now, which we developed as a homemade Just-In-Time database access control tool for our sensitive database. This tool syncs with our directory service, slack, SIEM, and finally, our Apache Cassandra database.

A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears.

A Serverless Application Model stack that persists the $XRP price to the XRPL every minute as a TrustLine. There are no servers, it is effectively a "smart contract" in Python for the XRPL.

Simulation artifacts, core components and configuration files to integrate AWS DeepRacer device with ROS Navigation stack.

A multi-tenant multi-client scalable product categorising demo stack

A part of HyRiver software stack for accessing hydrology data through web services

Please Do Not Throw Sausage Pizza Away - Side Scrolling Up The OSI Stack

Releases(0.3.1)

0.3.1(Mar 7, 2022)

0.3.0(Jan 26, 2022)

Simplify and support more things

0.2.0(Jan 26, 2022)

Owner

Cloudar

discord voice bot to stream radio

A discord.py bot template with Cogs implemented.

A Python interface module to the SAS System. It works with Linux, Windows, and mainframe SAS. It supports the sas_kernel project (a Jupyter Notebook kernel for SAS) or can be used on its own.

Fix Twitter video embeds in Discord

This script will detect changes in your session using Discords built in Gateway.

Bot made with Microsoft Azure' cloud service

Python Markov Chain chatbot running on Telegram

A Tᴇʟᴇɢʀᴀᴍ Vɪᴅᴇᴏ Pʟᴀʏᴇʀ Bᴏᴛ Tᴏ Pʟᴀʏ YT Vɪᴅᴇᴏs & Lɪᴠᴇ Sᴛʀᴇᴀᴍ.

A Python package designed to help users of Cisco's FMC interface with its API.

Crypto Signal Provider - A web application that allows users to select a cryptocurrency

Fastest Tiktok Username checker on site.

Dumps to CSV all the resources in an organization's member accounts

Light weight Scripts and Apps for checking availability of Covid Vaccines in India. Notifies when vaccine becomes avialable in your area.

An iCal file to transport you to a new place every day until you die

A powerfull SMS Bomber for Bangladesh . NO limite .Unlimited SMS Spaming

Free & open source API service for obtaining information about +9600 universities worldwide.

Bin Checker with Aiogram, Telegram

Discord.py Bot Series With Python

Telegram Bot to save Posts or Files that can be Accessed via Special Links

Discord bot to display private leaderboards for Advent of Code.