This example will present Termination protection and Drift detection functionalities. Using stack from Example_3. It all can be done from AWS CLI or AWS Console.
All commands should be invoked from Example_4 directory
- enable stack termination protection
- try to delete stack
aws cloudformation delete-stack --stack-name AWS-SAM-WORKSHOP-EXAMPLE-3it should result in:
An error occurred (ValidationError) when calling the DeleteStack operation: Stack [AWS-SAM-WORKSHOP-EXAMPLE-3] cannot be deleted while TerminationProtection is enabled- ofcourse it can be set via IAM role / privileges who can enable / disable stack termination - more on that here
- enable drift detection
aws cloudformation detect-stack-drift --stack-name AWS-SAM-WORKSHOP-EXAMPLE-3- wait for drift status
IN_SYNC(use id returned from previous command)
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id c1d59480-7318-11e9-b69b-024e38e0666a- introduce some DRIFT
- detect it and view details:
-
You can (and should) automate stack drift detection ... using yet another stack! from here
-
drift recover scenarios