2023/07/24 - AWS CloudFormation - 1 new1 updated api methods
Changes This release supports filtering by DRIFT_STATUS for existing API ListStackInstances and adds support for a new API ListStackInstanceResourceDrifts. Customers can now view resource drift information from their StackSet management accounts.
Returns drift information for resources in a stack instance.
See also: AWS API Documentation
Request Syntax
client.list_stack_instance_resource_drifts( StackSetName='string', NextToken='string', MaxResults=123, StackInstanceResourceDriftStatuses=[ 'IN_SYNC'|'MODIFIED'|'DELETED'|'NOT_CHECKED', ], StackInstanceAccount='string', StackInstanceRegion='string', OperationId='string', CallAs='SELF'|'DELEGATED_ADMIN' )
string
[REQUIRED]
The name or unique ID of the stack set that you want to list drifted resources for.
string
If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
integer
The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.
list
The resource drift status of the stack instance.
DELETED: The resource differs from its expected template configuration in that the resource has been deleted.
MODIFIED: One or more resource properties differ from their expected template values.
IN_SYNC: The resource's actual configuration matches its expected template configuration.
NOT_CHECKED: CloudFormation doesn't currently return this value.
(string) --
string
[REQUIRED]
The name of the Amazon Web Services account that you want to list resource drifts for.
string
[REQUIRED]
The name of the Region where you want to list resource drifts.
string
[REQUIRED]
The unique ID of the drift operation.
string
[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.
By default, SELF is specified. Use SELF for stack sets with self-managed permissions.
If you are signed in to the management account, specify SELF.
If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN. Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.
dict
Response Syntax
{ 'Summaries': [ { 'StackId': 'string', 'LogicalResourceId': 'string', 'PhysicalResourceId': 'string', 'PhysicalResourceIdContext': [ { 'Key': 'string', 'Value': 'string' }, ], 'ResourceType': 'string', 'PropertyDifferences': [ { 'PropertyPath': 'string', 'ExpectedValue': 'string', 'ActualValue': 'string', 'DifferenceType': 'ADD'|'REMOVE'|'NOT_EQUAL' }, ], 'StackResourceDriftStatus': 'IN_SYNC'|'MODIFIED'|'DELETED'|'NOT_CHECKED', 'Timestamp': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Summaries (list) --
A list of StackInstanceResourceDriftSummary structures that contain information about the specified stack instances.
(dict) --
The structure containing summary information about resource drifts for a stack instance.
StackId (string) --
The ID of the stack instance.
LogicalResourceId (string) --
The logical name of the resource specified in the template.
PhysicalResourceId (string) --
The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.
PhysicalResourceIdContext (list) --
Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs aren't enough to uniquely identify that resource. Each context key-value pair specifies a unique resource that contains the targeted resource.
(dict) --
Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs aren't enough to uniquely identify that resource. Each context key-value pair specifies a resource that contains the targeted resource.
Key (string) --
The resource context key.
Value (string) --
The resource context value.
ResourceType (string) --
Type of resource. For more information, go to Amazon Web Services Resource Types Reference in the CloudFormation User Guide.
PropertyDifferences (list) --
Status of the actual configuration of the resource compared to its expected configuration. These will be present only for resources whose StackInstanceResourceDriftStatus is MODIFIED.
(dict) --
Information about a resource property whose actual value differs from its expected value, as defined in the stack template and any values specified as template parameters. These will be present only for resources whose StackResourceDriftStatus is MODIFIED. For more information, see Detecting Unregulated Configuration Changes to Stacks and Resources.
PropertyPath (string) --
The fully-qualified path to the resource property.
ExpectedValue (string) --
The expected property value of the resource property, as defined in the stack template and any values specified as template parameters.
ActualValue (string) --
The actual property value of the resource property.
DifferenceType (string) --
The type of property difference.
ADD: A value has been added to a resource property that's an array or list data type.
REMOVE: The property has been removed from the current resource configuration.
NOT_EQUAL: The current property value differs from its expected value (as defined in the stack template and any values specified as template parameters).
StackResourceDriftStatus (string) --
The drift status of the resource in a stack instance.
DELETED: The resource differs from its expected template configuration in that the resource has been deleted.
MODIFIED: One or more resource properties differ from their expected template values.
IN_SYNC: The resource's actual configuration matches its expected template configuration.
NOT_CHECKED: CloudFormation doesn't currently return this value.
Timestamp (datetime) --
Time at which the stack instance drift detection operation was initiated.
NextToken (string) --
If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
{'Filters': {'Name': {'DRIFT_STATUS'}}}
Returns summary information about stack instances that are associated with the specified stack set. You can filter for stack instances that are associated with a specific Amazon Web Services account name or Region, or that have a specific status.
See also: AWS API Documentation
Request Syntax
client.list_stack_instances( StackSetName='string', NextToken='string', MaxResults=123, Filters=[ { 'Name': 'DETAILED_STATUS'|'LAST_OPERATION_ID'|'DRIFT_STATUS', 'Values': 'string' }, ], StackInstanceAccount='string', StackInstanceRegion='string', CallAs='SELF'|'DELEGATED_ADMIN' )
string
[REQUIRED]
The name or unique ID of the stack set that you want to list stack instances for.
string
If the previous request didn't return all the remaining results, the response's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
integer
The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.
list
The filter to apply to stack instances
(dict) --
The filter to apply to stack instances
Name (string) --
The type of filter to apply.
Values (string) --
The status to filter by.
string
The name of the Amazon Web Services account that you want to list stack instances for.
string
The name of the Region where you want to list stack instances.
string
[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.
By default, SELF is specified. Use SELF for stack sets with self-managed permissions.
If you are signed in to the management account, specify SELF.
If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN. Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.
dict
Response Syntax
{ 'Summaries': [ { 'StackSetId': 'string', 'Region': 'string', 'Account': 'string', 'StackId': 'string', 'Status': 'CURRENT'|'OUTDATED'|'INOPERABLE', 'StatusReason': 'string', 'StackInstanceStatus': { 'DetailedStatus': 'PENDING'|'RUNNING'|'SUCCEEDED'|'FAILED'|'CANCELLED'|'INOPERABLE'|'SKIPPED_SUSPENDED_ACCOUNT' }, 'OrganizationalUnitId': 'string', 'DriftStatus': 'DRIFTED'|'IN_SYNC'|'UNKNOWN'|'NOT_CHECKED', 'LastDriftCheckTimestamp': datetime(2015, 1, 1), 'LastOperationId': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Summaries (list) --
A list of StackInstanceSummary structures that contain information about the specified stack instances.
(dict) --
The structure that contains summary information about a stack instance.
StackSetId (string) --
The name or unique ID of the stack set that the stack instance is associated with.
Region (string) --
The name of the Amazon Web Services Region that the stack instance is associated with.
Account (string) --
[Self-managed permissions] The name of the Amazon Web Services account that the stack instance is associated with.
StackId (string) --
The ID of the stack instance.
Status (string) --
The status of the stack instance, in terms of its synchronization with its associated stack set.
INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.
OUTDATED: The stack isn't currently up to date with the stack set because:
The associated stack failed during a CreateStackSet or UpdateStackSet operation.
The stack was part of a CreateStackSet or UpdateStackSet operation that failed or was stopped before the stack was created or updated.
CURRENT: The stack is currently up to date with the stack set.
StatusReason (string) --
The explanation for the specific status code assigned to this stack instance.
StackInstanceStatus (dict) --
The detailed status of the stack instance.
DetailedStatus (string) --
CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.
FAILED: The operation in the specified account and Region failed. If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.
INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.
PENDING: The operation in the specified account and Region has yet to start.
RUNNING: The operation in the specified account and Region is currently in progress.
SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region has been skipped because the account was suspended at the time of the operation.
SUCCEEDED: The operation in the specified account and Region completed successfully.
OrganizationalUnitId (string) --
[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that you specified for DeploymentTargets.
DriftStatus (string) --
Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs.
DRIFTED: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.
NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected stack set configuration.
IN_SYNC: The stack instance's actual configuration matches its expected stack set configuration.
UNKNOWN: This value is reserved for future use.
LastDriftCheckTimestamp (datetime) --
Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be NULL for any stack instance on which drift detection hasn't yet been performed.
LastOperationId (string) --
The last unique ID of a StackSet operation performed on a stack instance.
NextToken (string) --
If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.