CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

Last update: Dec 11, 2022

Overview

CloudFormation Drift Remediation

Installation

This package is available on pypi, you can for example use on of these commands (pipx is recommended)

pipx install cfn-drift-remediation
pip install cfn-drift-remediation

Usage

Run drift detection on a stack, and verify that you want to remediate it by changing the provisioned resource (using the stack as the source of truth).
run one of the commands below
Run drift detection again to verify that everything is in sync again.

# Default usage
cfn-drift-remediation stack_name
# Using a different profile
AWS_DEFAULT_PROFILE=profile-name cfn-drift-remediation stack_name
# Using a third party tool like aws-vault
aws-vault exec profile-name -- cfn-drift-remediation stack_name

How this works

This tool will read the existing drift of a stack, iterate through the drifted resources and construct a patch document to change the actual (detected) property values to the expected (stack) values.

Caveats

Changes are done with CloudControl API. This does mean that if the drifted resources do not support Cloud Control API, they will be skipped.
For some resources the order in a list does not matter, this might lead to a failure to apply changes, because Cloud Control API will assume the resource is not in the drifted state it expects.
We do not support creating resources that were completely deleted from the stack. The drift detection api does not return enough information to construct the replacement resource.

Development

We use poetry to manage this project

Clone this repository
Run poetry install
Activate the virtualenvironment with poetry shell (you can also use poetry run $command)

Releasing a new version to pypi

Edit pyproject.toml to update the version number
Edit cfn_drift_remediation/_init.py to update the version number
Commit the version number bump
Run tests poetry run pytest (you might have to install dependencies with poetry install --dev)
Run poetry publish --build
Push to GitHub
Create a new release in GitHub

Using poetry in Visual Studio Code

If you want to use poetry in Visual Studio Code, it works best if the virtual environment is created inside the project folder. Once the virtual environment is created, you can run the "Python: Select interpreter" command in Visual Studio Code, and point to the .venv folder.

poetry config virtualenvs.in-project true

If you already created the virtual environment, you have to recreate it

# from within the project folder
poetry env remove $(poetry env list)
poetry install

Releases(0.3.1)

0.3.1(Mar 7, 2022)

Source code(tar.gz)
Source code(zip)
cfn-drift-remediation-0.3.1.tar.gz(5.65 KB)
cfn_drift_remediation-0.3.1-py3-none-any.whl(7.32 KB)
0.3.0(Jan 26, 2022)
Simplify and support more things

Simplify code by parsing the drift instead of using the CloudFormation Resource Schemas

Support values that were added or removed (very useful for stack-level tags)

Skip resources that are not supported, instead of failing

Improve documentation

Source code(tar.gz)
Source code(zip)
0.2.0(Jan 26, 2022)

Source code(tar.gz)
Source code(zip)

A python to scratch API connector. Can fetch data from the API and send it back in cloud variables.

Scratch2py Scratch2py or S2py is a easy to use, versatile tool to communicate with the Scratch API Based of scratchclient by Raihan142857 Installation

20 Jun 18, 2022

Ditch Xiaomi's cloud and use a Telegram bot instead

Yi-Home_Telegram_Bot_Interface Ditch Xiaomi's cloud and use a Telegram bot instead Features Motion detection Works by monitoring a tmp file that is cr

10 Aug 18, 2022

We’re releasing an open-source tool you can use now, which we developed as a homemade Just-In-Time database access control tool for our sensitive database. This tool syncs with our directory service, slack, SIEM, and finally, our Apache Cassandra database.

Cassandra Access Control By Aner Izraeli - Intezer Security Manager ([email protected]) We’re releasing an open-source tool you can use now, which

6 Mar 31, 2022

A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears.

robotframework-stacktrace A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears. Ins

16 Nov 24, 2022

A Serverless Application Model stack that persists the $XRP price to the XRPL every minute as a TrustLine. There are no servers, it is effectively a "smart contract" in Python for the XRPL.

xrpl-price-persist-oracle-sam This is a XRPL Oracle that publishes external data into the XRPL. This Oracle was inspired by XRPL-Labs/XRPL-Persist-Pri

11 Dec 17, 2022

Simulation artifacts, core components and configuration files to integrate AWS DeepRacer device with ROS Navigation stack.

AWS DeepRacer Overview The AWS DeepRacer Evo vehicle is a 1/18th scale Wi-Fi enabled 4-wheel ackermann steering platform that features two RGB cameras

31 Nov 21, 2022

A multi-tenant multi-client scalable product categorising demo stack

CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

Related tags

Overview

CloudFormation Drift Remediation

Installation

Usage

How this works

Caveats

Development

Releasing a new version to pypi

Using poetry in Visual Studio Code

You might also like...

A python to scratch API connector. Can fetch data from the API and send it back in cloud variables.

Ditch Xiaomi's cloud and use a Telegram bot instead

We’re releasing an open-source tool you can use now, which we developed as a homemade Just-In-Time database access control tool for our sensitive database. This tool syncs with our directory service, slack, SIEM, and finally, our Apache Cassandra database.

A listener for RF = 4.0 that prints a Stack Trace to console to faster find the code section where the failure appears.

A Serverless Application Model stack that persists the $XRP price to the XRPL every minute as a TrustLine. There are no servers, it is effectively a "smart contract" in Python for the XRPL.

Simulation artifacts, core components and configuration files to integrate AWS DeepRacer device with ROS Navigation stack.

A multi-tenant multi-client scalable product categorising demo stack

A part of HyRiver software stack for accessing hydrology data through web services

Please Do Not Throw Sausage Pizza Away - Side Scrolling Up The OSI Stack

Releases(0.3.1)

0.3.1(Mar 7, 2022)

0.3.0(Jan 26, 2022)

Simplify and support more things

0.2.0(Jan 26, 2022)

Owner

Cloudar

Simple web-based hcaptcha bypass

A powerful Lavalink library for Discord.py.

Embed the Duktape JS interpreter in Python

KaydyPurge - Python Purge Script for Discord made by Kaydy Cain#0001

Python 3 SDK/Wrapper for Huobi Crypto Exchange Api

Receive GitHub webhook events and send to Telegram chats with AIOHTTP through Telegram Bot API

Create light scenes , voice control, ifttt, fuzzywuzzy speech correction and much more with Tuya light bulbs.

A simple program to display current playing from Spotify app on your desktop

Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

A python crypto trading bot on Binance using RSI in 25 Lines 🚀

A multipurpose Telegram Bot written in Python for mirroring files on the Internet to Google Drive

FUD Keylogger That Reports To Discord

Integrating Amazon API Gateway private endpoints with on-premises networks

❤️A next gen powerful telegram group manager bot for manage your groups and have fun with other cool modules

Is the CoWin website updated for registration?

A self hosted slack bot to conduct standups & generate reports.

Simple Bot With Python 3.8+ For Converstaion Your Media

A Discord Self-Bot in Python

Programa capaz de gerar QR Code a partir do link inserido.

A discord nuking tool made by python, this also has nuke accounts, inbuilt Selfbot, Massreport, Token Grabber, Nitro Sniper and ALOT more!