search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.1k stars 53 forks source link

(AWS::SSM::Document) Drift detection not supported contrary to documentation #1957

Open FarrOut opened 4 months ago

FarrOut commented 4 months ago

Name of the resource

AWS::SSM::Document

Resource Name

No response

Issue Description

AWS::SSM::Document resource types are not included in drift detection despite being listed as supported in official documentation.

Expected Behavior

AWS::SSM::Document to be included in drift detection.

Observed Behavior

It is not.

Test Cases

Reproduction

  1. Initial deployment

template.yaml

Resources:
  Document:
    Type: AWS::SSM::Document
    Properties:
      Name: "Test"
      DocumentType: "Command"
      Content:
        schemaVersion: "2.2"
        description: "Test"
        mainSteps:
          - action: aws:runShellScript
            name: runCommands
            precondition:
              StringEquals:
                - platformType
                - Linux
            inputs:
              runCommand:
                - 'Echo "Testing drift"'
aws cloudformation deploy --template-file template.yaml --stack-name DriftTest
  1. Detect drift
aws cloudformation detect-stack-drift --stack-name DriftTest
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id 24acf780-db86-11ee-9f3b-020c1711b96b
{
    "StackId": "arn:aws:cloudformation:eu-central-1:000000000000:stack/DriftTest/2a4875c0-db81-11ee-a4cd-0a15f25d6671",
    "StackDriftDetectionId": "24acf780-db86-11ee-9f3b-020c1711b96b",
    "StackDriftStatus": "IN_SYNC",
    "DetectionStatus": "DETECTION_COMPLETE",
    "DriftedStackResourceCount": 0,
    "Timestamp": "2024-03-06T06:52:48.248000+00:00"
}
  1. Make out-of-band change

content.yaml

schemaVersion: "2.2"
description: "TestTwo"
mainSteps:
  - action: aws:runShellScript
    name: runCommands
    precondition:
      StringEquals:
        - platformType
        - Linux
    inputs:
      runCommand:
        - 'Echo "This should cause drift"'
aws ssm update-document --name "Test"  --content "file://content.yaml" --document-version 2
  1. Detect drift again
aws cloudformation detect-stack-drift --stack-name DriftTest
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id 0418dbf0-db87-11ee-8a48-02216b952413
{
    "StackId": "arn:aws:cloudformation:eu-central-1:000000000000:stack/DriftTest/2a4875c0-db81-11ee-a4cd-0a15f25d6671",
    "StackDriftDetectionId": "0418dbf0-db87-11ee-8a48-02216b952413",
    "StackDriftStatus": "IN_SYNC",
    "DetectionStatus": "DETECTION_COMPLETE",
    "DriftedStackResourceCount": 0,
    "Timestamp": "2024-03-06T06:59:03.087000+00:00"
}

Other Details

No response