Open FarrOut opened 7 months ago
AWS::EC2::VPCEndpoint
No response
AWS::EC2::VPCEndpoint resource types are not included in drift detection despite being listed as supported in official documentation.
AWS::EC2::VPCEndpoint to be included in drift detection.
It is not.
CDK code
vpc.add_interface_endpoint('InterfaceEndpoint', service=ec2.InterfaceVpcEndpointAwsService('ssm'), open=False, )
aws ec2 describe-vpc-endpoints
{ "VpcEndpoints": [ { "VpcEndpointId": "vpce-0100b1c676c09bdbe", "VpcEndpointType": "Interface", "VpcId": "vpc-xxxxxxxxxxxxxxx", "ServiceName": "com.amazonaws.eu-central-1.ssm", "State": "available", "PolicyDocument": "{\n \"Statement\": [\n {\n \"Action\": \"*\", \n \"Effect\": \"Allow\", \n \"Principal\": \"*\", \n \"Resource\": \"*\"\n }\n ]\n}", "RouteTableIds": [], "SubnetIds": [ "subnet-aaaaaaaaaaaaaaaaa", "subnet-bbbbbbbbbbbbbbb", "subnet-ccccccccccccccccccc" ], "Groups": [ { "GroupId": "sg-xxxxxxxxx", "GroupName": "MyVpcInterfaceEndpointSecurityGroup7105AD38-ur1RjwgKTkLq" } ], "IpAddressType": "ipv4", "DnsOptions": { "DnsRecordIpType": "ipv4" }, "PrivateDnsEnabled": true, "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-0714aabc5f68f7634", "eni-020f86237d4ed16da", "eni-0a3f125dc2450d04c" ], "DnsName": "vpce-0100b1c676c09bdbe-xxxxxxx-eu-central-1b.ssm.eu-central-1.vpce.amazonaws.com", "HostedZoneId": "XXXXXXXXXXXXX" }, { "DnsName": "ssm.eu-central-1.amazonaws.com", "HostedZoneId": "XXXXXXXXXXXXX" } ], "CreationTimestamp": "2024-03-06T09:26:16.094000+00:00", "Tags": [], "OwnerId": "000000000000" } ] }
aws cloudformation detect-stack-drift --stack-name VpcEndpointStack
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id a427ffd0-db9c-11ee-934e-0abde06aa525
{ "StackId": "arn:aws:cloudformation:eu-central-1:000000000000:stack/VpcEndpointStack/df262df0-db97-11ee-b4b5-02100ff45b07", "StackDriftDetectionId": "a427ffd0-db9c-11ee-934e-0abde06aa525", "StackDriftStatus": "IN_SYNC", "DetectionStatus": "DETECTION_COMPLETE", "DriftedStackResourceCount": 0, "Timestamp": "2024-03-06T09:33:51.053000+00:00" }
aws ec2 modify-vpc-endpoint --vpc-endpoint-id vpce-0100b1c676c09bdbe --remove-subnet-ids subnet-ccccccccccccccccccc --reset-policy
{ "Return": true }
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id 0073aa40-db9e-11ee-bc1c-0212336a28af
{ "StackId": "arn:aws:cloudformation:eu-central-1:000000000000:stack/VpcEndpointStack/df262df0-db97-11ee-b4b5-02100ff45b07", "StackDriftDetectionId": "0073aa40-db9e-11ee-bc1c-0212336a28af", "StackDriftStatus": "IN_SYNC", "DetectionStatus": "DETECTION_COMPLETE", "DriftedStackResourceCount": 0, "Timestamp": "2024-03-06T09:43:35.396000+00:00" }
aws ec2 delete-vpc-endpoints --vpc-endpoint-ids vpce-0100b1c676c09bdbe
{ "Unsuccessful": [] }
{ "VpcEndpoints": [] }
aws cloudformation describe-stack-drift-detection-status --stack-drift-detection-id f168ff90-db9e-11ee-bcb5-0a1a054149df
{ "StackId": "arn:aws:cloudformation:eu-central-1:000000000000:stack/VpcEndpointStack/df262df0-db97-11ee-b4b5-02100ff45b07", "StackDriftDetectionId": "f168ff90-db9e-11ee-bcb5-0a1a054149df", "StackDriftStatus": "IN_SYNC", "DetectionStatus": "DETECTION_COMPLETE", "DriftedStackResourceCount": 0, "Timestamp": "2024-03-06T09:50:19.657000+00:00" }
Would like to see this fixed
ivory092
commented
2 months ago ivory092
commented
2 months ago
Name of the resource
AWS::EC2::VPCEndpoint
Resource Name
No response
Issue Description
AWS::EC2::VPCEndpoint resource types are not included in drift detection despite being listed as supported in official documentation.
Expected Behavior
AWS::EC2::VPCEndpoint to be included in drift detection.
Observed Behavior
It is not.
Test Cases
Reproduction
CDK code
Other Details
No response