CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

Last update: Dec 11, 2022

Overview

CloudFormation Drift Remediation

Installation

This package is available on pypi, you can for example use on of these commands (pipx is recommended)

pipx install cfn-drift-remediation
pip install cfn-drift-remediation

Usage

Run drift detection on a stack, and verify that you want to remediate it by changing the provisioned resource (using the stack as the source of truth).
run one of the commands below
Run drift detection again to verify that everything is in sync again.

# Default usage
cfn-drift-remediation stack_name
# Using a different profile
AWS_DEFAULT_PROFILE=profile-name cfn-drift-remediation stack_name
# Using a third party tool like aws-vault
aws-vault exec profile-name -- cfn-drift-remediation stack_name

How this works

This tool will read the existing drift of a stack, iterate through the drifted resources and construct a patch document to change the actual (detected) property values to the expected (stack) values.

Caveats

Changes are done with CloudControl API. This does mean that if the drifted resources do not support Cloud Control API, they will be skipped.
For some resources the order in a list does not matter, this might lead to a failure to apply changes, because Cloud Control API will assume the resource is not in the drifted state it expects.
We do not support creating resources that were completely deleted from the stack. The drift detection api does not return enough information to construct the replacement resource.

Development

We use poetry to manage this project

Clone this repository
Run poetry install
Activate the virtualenvironment with poetry shell (you can also use poetry run $command)

Releasing a new version to pypi

Edit pyproject.toml to update the version number
Edit cfn_drift_remediation/_init.py to update the version number
Commit the version number bump
Run tests poetry run pytest (you might have to install dependencies with poetry install --dev)
Run poetry publish --build
Push to GitHub
Create a new release in GitHub

Using poetry in Visual Studio Code

If you want to use poetry in Visual Studio Code, it works best if the virtual environment is created inside the project folder. Once the virtual environment is created, you can run the "Python: Select interpreter" command in Visual Studio Code, and point to the .venv folder.

poetry config virtualenvs.in-project true

If you already created the virtual environment, you have to recreate it

# from within the project folder
poetry env remove $(poetry env list)
poetry install

Releases(0.3.1)

0.3.1(Mar 7, 2022)

Source code(tar.gz)
Source code(zip)
cfn-drift-remediation-0.3.1.tar.gz(5.65 KB)
cfn_drift_remediation-0.3.1-py3-none-any.whl(7.32 KB)
0.3.0(Jan 26, 2022)
Simplify and support more things

Simplify code by parsing the drift instead of using the CloudFormation Resource Schemas

Support values that were added or removed (very useful for stack-level tags)

Skip resources that are not supported, instead of failing

Improve documentation

Source code(tar.gz)
Source code(zip)
0.2.0(Jan 26, 2022)

Source code(tar.gz)
Source code(zip)

A python to scratch API connector. Can fetch data from the API and send it back in cloud variables.

Scratch2py Scratch2py or S2py is a easy to use, versatile tool to communicate with the Scratch API Based of scratchclient by Raihan142857 Installation

20 Jun 18, 2022

Ditch Xiaomi's cloud and use a Telegram bot instead

Yi-Home_Telegram_Bot_Interface Ditch Xiaomi's cloud and use a Telegram bot instead Features Motion detection Works by monitoring a tmp file that is cr

10 Aug 18, 2022

We’re releasing an open-source tool you can use now, which we developed as a homemade Just-In-Time database access control tool for our sensitive database. This tool syncs with our directory service, slack, SIEM, and finally, our Apache Cassandra database.

Cassandra Access Control By Aner Izraeli - Intezer Security Manager ([email protected]) We’re releasing an open-source tool you can use now, which

6 Mar 31, 2022

A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears.

robotframework-stacktrace A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears. Ins

16 Nov 24, 2022

A Serverless Application Model stack that persists the $XRP price to the XRPL every minute as a TrustLine. There are no servers, it is effectively a "smart contract" in Python for the XRPL.

xrpl-price-persist-oracle-sam This is a XRPL Oracle that publishes external data into the XRPL. This Oracle was inspired by XRPL-Labs/XRPL-Persist-Pri

11 Dec 17, 2022

Simulation artifacts, core components and configuration files to integrate AWS DeepRacer device with ROS Navigation stack.

AWS DeepRacer Overview The AWS DeepRacer Evo vehicle is a 1/18th scale Wi-Fi enabled 4-wheel ackermann steering platform that features two RGB cameras

31 Nov 21, 2022

A multi-tenant multi-client scalable product categorising demo stack

CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

Related tags

Overview

CloudFormation Drift Remediation

Installation

Usage

How this works

Caveats

Development

Releasing a new version to pypi

Using poetry in Visual Studio Code

You might also like...

A python to scratch API connector. Can fetch data from the API and send it back in cloud variables.

Ditch Xiaomi's cloud and use a Telegram bot instead

We’re releasing an open-source tool you can use now, which we developed as a homemade Just-In-Time database access control tool for our sensitive database. This tool syncs with our directory service, slack, SIEM, and finally, our Apache Cassandra database.

A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears.

A Serverless Application Model stack that persists the $XRP price to the XRPL every minute as a TrustLine. There are no servers, it is effectively a "smart contract" in Python for the XRPL.

Simulation artifacts, core components and configuration files to integrate AWS DeepRacer device with ROS Navigation stack.

A multi-tenant multi-client scalable product categorising demo stack

A part of HyRiver software stack for accessing hydrology data through web services

Please Do Not Throw Sausage Pizza Away - Side Scrolling Up The OSI Stack

Releases(0.3.1)

0.3.1(Mar 7, 2022)

0.3.0(Jan 26, 2022)

Simplify and support more things

0.2.0(Jan 26, 2022)

Owner

Cloudar

SpautiNoFay - A simple and beautiful music player created with Python

a Music bot for discord

Herramienta para transferir eventos de Sucuri WAF hacia Azure Monitor Log Analytics.

BanAllBot - Telegram Code To Ban All Group Members very fast

A multi-tenant multi-client scalable product categorising demo stack

A discord self bot that replies to messages using cleverbot

Telegram Remote Administration Tool

Scheduled Block Checker for Cardano Stakepool Operators

WILSON Cloud Respwnder is a Web Interaction Logger Sending Out Notifications with the ability to serve custom content in order to appropriately respond to client-issued requests.

Open Source Discord Account Creator

Github-Checker - Simple Tool To Check If Github User Available Or Not

LEC_Ditto is a bot that tracks the follows and unfollows of Twitter accounts

Discord Rich Presence for Team Fortress 2

It's a discord.py simulator.

DIAL(Did I Alert Lambda?) is a centralised security misconfiguration detection framework which completely runs on AWS Managed services like AWS API Gateway, AWS Event Bridge & AWS Lambda

Program that automates the bump of the Disboard Bot. Done 100% in Python with PyAutoGUI library

Generate direct m3u playlist for all the channels subscribed in the Tata Sky portal

Python wrapper library for World Weather Online API

Use Node JS Keywords In Python!!!

A fork of discord.py for anime enjoyers