Cloudformation Drift is not detecting changes to S3 Lifecycle policies. If I modify the lifecycle policies Drift Detection replies that the stack is "IN_SYNK"
[cloudshell-user@ip-10-0-5-107 ~]$ aws cloudformation deploy --template-file create_s3.yaml \
--stack-name test-drift
--parameter-overrides Name="erase-just-a-test"
Waiting for changeset to be created..
Waiting for stack create/update to complete
Successfully created/updated stack - test-drift
[cloudshell-user@ip-10-0-5-107 ~]$
[cloudshell-user@ip-10-0-5-107 ~]$ aws s3api get-bucket-lifecycle-configuration --bucket "erase-just-a-test"
An error occurred (NoSuchLifecycleConfiguration) when calling the GetBucketLifecycleConfiguration operation: The lifecycle configuration does not exist
[cloudshell-user@ip-10-0-5-107 ~]$ aws s3api put-bucket-lifecycle-configuration --bucket erase-just-a-test --lifecycle-configuration file://lifecycle.json
[cloudshell-user@ip-10-0-5-107 ~]$ aws s3api get-bucket-lifecycle-configuration --bucket "erase-just-a-test"
{
"Rules": [
{
"Expiration": {
"Days": 248
},
"ID": "ExpireAfter8Months",
"Filter": {
"Prefix": ""
},
"Status": "Enabled"
}
]
}
[cloudshell-user@ip-10-0-5-107 ~]$
[cloudshell-user@ip-10-0-5-107 ~]$ aws cloudformation detect-stack-drift --stack-name test-drift
{
"StackDriftDetectionId": "e97c08f0-5971-11ed-9f65-02bf9621f869"
}
[cloudshell-user@ip-10-0-5-107 ~]$ aws cloudformation describe-stack-resource-drifts --stack-name test-drift
{
"StackResourceDrifts": [
{
"StackId": "arn:aws:cloudformation:us-west-2:645905195459:stack/test-drift/b40eaab0-5971-11ed-b543-066d6464f449",
"LogicalResourceId": "S3Bucket",
"PhysicalResourceId": "erase-just-a-test",
"ResourceType": "AWS::S3::Bucket",
"ExpectedProperties": "{"BucketName":"erase-just-a-test"}",
"ActualProperties": "{"BucketName":"erase-just-a-test"}",
"PropertyDifferences": [],
"StackResourceDriftStatus": "IN_SYNC",
"Timestamp": "2022-10-31T23:15:31.094000+00:00"
}
]
}
[cloudshell-user@ip-10-0-5-107 ~]$
AWS OFFICIALUpdated 9 months ago
