AWS CloudFormation

2023/07/24 - AWS CloudFormation - 1 new1 updated api methods

Changes  This release supports filtering by DRIFT_STATUS for existing API ListStackInstances and adds support for a new API ListStackInstanceResourceDrifts. Customers can now view resource drift information from their StackSet management accounts.

ListStackInstanceResourceDrifts (new) Link ¶

Returns drift information for resources in a stack instance.

See also: AWS API Documentation

Request Syntax

client.list_stack_instance_resource_drifts(
    StackSetName='string',
    NextToken='string',
    MaxResults=123,
    StackInstanceResourceDriftStatuses=[
        'IN_SYNC'|'MODIFIED'|'DELETED'|'NOT_CHECKED',
    ],
    StackInstanceAccount='string',
    StackInstanceRegion='string',
    OperationId='string',
    CallAs='SELF'|'DELEGATED_ADMIN'
)
type StackSetName:

string

param StackSetName:

[REQUIRED]

The name or unique ID of the stack set that you want to list drifted resources for.

type NextToken:

string

param NextToken:

If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

type MaxResults:

integer

param MaxResults:

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

type StackInstanceResourceDriftStatuses:

list

param StackInstanceResourceDriftStatuses:

The resource drift status of the stack instance.

  • DELETED: The resource differs from its expected template configuration in that the resource has been deleted.

  • MODIFIED: One or more resource properties differ from their expected template values.

  • IN_SYNC: The resource's actual configuration matches its expected template configuration.

  • NOT_CHECKED: CloudFormation doesn't currently return this value.

  • (string) --

type StackInstanceAccount:

string

param StackInstanceAccount:

[REQUIRED]

The name of the Amazon Web Services account that you want to list resource drifts for.

type StackInstanceRegion:

string

param StackInstanceRegion:

[REQUIRED]

The name of the Region where you want to list resource drifts.

type OperationId:

string

param OperationId:

[REQUIRED]

The unique ID of the drift operation.

type CallAs:

string

param CallAs:

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN. Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

rtype:

dict

returns:

Response Syntax

{
    'Summaries': [
        {
            'StackId': 'string',
            'LogicalResourceId': 'string',
            'PhysicalResourceId': 'string',
            'PhysicalResourceIdContext': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'ResourceType': 'string',
            'PropertyDifferences': [
                {
                    'PropertyPath': 'string',
                    'ExpectedValue': 'string',
                    'ActualValue': 'string',
                    'DifferenceType': 'ADD'|'REMOVE'|'NOT_EQUAL'
                },
            ],
            'StackResourceDriftStatus': 'IN_SYNC'|'MODIFIED'|'DELETED'|'NOT_CHECKED',
            'Timestamp': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Summaries (list) --

      A list of StackInstanceResourceDriftSummary structures that contain information about the specified stack instances.

      • (dict) --

        The structure containing summary information about resource drifts for a stack instance.

        • StackId (string) --

          The ID of the stack instance.

        • LogicalResourceId (string) --

          The logical name of the resource specified in the template.

        • PhysicalResourceId (string) --

          The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.

        • PhysicalResourceIdContext (list) --

          Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs aren't enough to uniquely identify that resource. Each context key-value pair specifies a unique resource that contains the targeted resource.

          • (dict) --

            Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs aren't enough to uniquely identify that resource. Each context key-value pair specifies a resource that contains the targeted resource.

            • Key (string) --

              The resource context key.

            • Value (string) --

              The resource context value.

        • ResourceType (string) --

          Type of resource. For more information, go to Amazon Web Services Resource Types Reference in the CloudFormation User Guide.

        • PropertyDifferences (list) --

          Status of the actual configuration of the resource compared to its expected configuration. These will be present only for resources whose StackInstanceResourceDriftStatus is MODIFIED.

          • (dict) --

            Information about a resource property whose actual value differs from its expected value, as defined in the stack template and any values specified as template parameters. These will be present only for resources whose StackResourceDriftStatus is MODIFIED. For more information, see Detecting Unregulated Configuration Changes to Stacks and Resources.

            • PropertyPath (string) --

              The fully-qualified path to the resource property.

            • ExpectedValue (string) --

              The expected property value of the resource property, as defined in the stack template and any values specified as template parameters.

            • ActualValue (string) --

              The actual property value of the resource property.

            • DifferenceType (string) --

              The type of property difference.

              • ADD: A value has been added to a resource property that's an array or list data type.

              • REMOVE: The property has been removed from the current resource configuration.

              • NOT_EQUAL: The current property value differs from its expected value (as defined in the stack template and any values specified as template parameters).

        • StackResourceDriftStatus (string) --

          The drift status of the resource in a stack instance.

          • DELETED: The resource differs from its expected template configuration in that the resource has been deleted.

          • MODIFIED: One or more resource properties differ from their expected template values.

          • IN_SYNC: The resource's actual configuration matches its expected template configuration.

          • NOT_CHECKED: CloudFormation doesn't currently return this value.

        • Timestamp (datetime) --

          Time at which the stack instance drift detection operation was initiated.

    • NextToken (string) --

      If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

ListStackInstances (updated) Link ¶
Changes (request)
{'Filters': {'Name': {'DRIFT_STATUS'}}}

Returns summary information about stack instances that are associated with the specified stack set. You can filter for stack instances that are associated with a specific Amazon Web Services account name or Region, or that have a specific status.

See also: AWS API Documentation

Request Syntax

client.list_stack_instances(
    StackSetName='string',
    NextToken='string',
    MaxResults=123,
    Filters=[
        {
            'Name': 'DETAILED_STATUS'|'LAST_OPERATION_ID'|'DRIFT_STATUS',
            'Values': 'string'
        },
    ],
    StackInstanceAccount='string',
    StackInstanceRegion='string',
    CallAs='SELF'|'DELEGATED_ADMIN'
)
type StackSetName:

string

param StackSetName:

[REQUIRED]

The name or unique ID of the stack set that you want to list stack instances for.

type NextToken:

string

param NextToken:

If the previous request didn't return all the remaining results, the response's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

type MaxResults:

integer

param MaxResults:

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

type Filters:

list

param Filters:

The filter to apply to stack instances

  • (dict) --

    The filter to apply to stack instances

    • Name (string) --

      The type of filter to apply.

    • Values (string) --

      The status to filter by.

type StackInstanceAccount:

string

param StackInstanceAccount:

The name of the Amazon Web Services account that you want to list stack instances for.

type StackInstanceRegion:

string

param StackInstanceRegion:

The name of the Region where you want to list stack instances.

type CallAs:

string

param CallAs:

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN. Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

rtype:

dict

returns:

Response Syntax

{
    'Summaries': [
        {
            'StackSetId': 'string',
            'Region': 'string',
            'Account': 'string',
            'StackId': 'string',
            'Status': 'CURRENT'|'OUTDATED'|'INOPERABLE',
            'StatusReason': 'string',
            'StackInstanceStatus': {
                'DetailedStatus': 'PENDING'|'RUNNING'|'SUCCEEDED'|'FAILED'|'CANCELLED'|'INOPERABLE'|'SKIPPED_SUSPENDED_ACCOUNT'
            },
            'OrganizationalUnitId': 'string',
            'DriftStatus': 'DRIFTED'|'IN_SYNC'|'UNKNOWN'|'NOT_CHECKED',
            'LastDriftCheckTimestamp': datetime(2015, 1, 1),
            'LastOperationId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Summaries (list) --

      A list of StackInstanceSummary structures that contain information about the specified stack instances.

      • (dict) --

        The structure that contains summary information about a stack instance.

        • StackSetId (string) --

          The name or unique ID of the stack set that the stack instance is associated with.

        • Region (string) --

          The name of the Amazon Web Services Region that the stack instance is associated with.

        • Account (string) --

          [Self-managed permissions] The name of the Amazon Web Services account that the stack instance is associated with.

        • StackId (string) --

          The ID of the stack instance.

        • Status (string) --

          The status of the stack instance, in terms of its synchronization with its associated stack set.

          • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.

          • OUTDATED: The stack isn't currently up to date with the stack set because:

            • The associated stack failed during a CreateStackSet or UpdateStackSet operation.

            • The stack was part of a CreateStackSet or UpdateStackSet operation that failed or was stopped before the stack was created or updated.

          • CURRENT: The stack is currently up to date with the stack set.

        • StatusReason (string) --

          The explanation for the specific status code assigned to this stack instance.

        • StackInstanceStatus (dict) --

          The detailed status of the stack instance.

          • DetailedStatus (string) --

            • CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.

            • FAILED: The operation in the specified account and Region failed. If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.

            • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.

            • PENDING: The operation in the specified account and Region has yet to start.

            • RUNNING: The operation in the specified account and Region is currently in progress.

            • SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region has been skipped because the account was suspended at the time of the operation.

            • SUCCEEDED: The operation in the specified account and Region completed successfully.

        • OrganizationalUnitId (string) --

          [Service-managed permissions] The organization root ID or organizational unit (OU) IDs that you specified for DeploymentTargets.

        • DriftStatus (string) --

          Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs.

          • DRIFTED: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

          • NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected stack set configuration.

          • IN_SYNC: The stack instance's actual configuration matches its expected stack set configuration.

          • UNKNOWN: This value is reserved for future use.

        • LastDriftCheckTimestamp (datetime) --

          Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be NULL for any stack instance on which drift detection hasn't yet been performed.

        • LastOperationId (string) --

          The last unique ID of a StackSet operation performed on a stack instance.

    • NextToken (string) --

      If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.