Drift Detection using AWS CloudFormation

Overview

CloudFormation enables us to create and provision its infrastructure deployments predictably and repeatedly. CloudFormation helps us leverage AWS products such as Elastic Load Balancing, Amazon Elastic Block Store, Amazon EC2, Amazon SNS, and Auto Scaling to build highly scalable, cost-effective, and highly reliable applications in the cloud without worrying about creating and configuring the underlying AWS infrastructure. AWS CloudFormation enables us to utilize a template file to create and delete a collection of resources together as a single unit (a stack).

This service helps us set up and model our AWS resources so that we can spend less time managing those resources and more time focusing on applications that run in AWS. We create a template that describes all the AWS resources that we want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation takes care of configuring and provisioning those resources for us. We do not need to individually create and configure AWS resources and figure out what is dependent on what; CloudFormation handles that.

The benefits of using CloudFormation

CloudFormation offers a variety of benefits, including:

Improved automation: The simplicity of the template allows you to declare what you want your resources to look like. This eliminates the need to rely on other scripting tools to create the resources.
Quick infrastructure replication: You can quickly replicate your infrastructure without affecting other resources that your template previously created. The template is used to create as many stacks as needed.
Infrastructure consistency: The declarative way of defining templates allows for consistency you can be assured that stacks created with the template will be identical.
Easy-to-read template: If you are in the web application or microservice space, you have used YAML or JSON at some point. They are both widely used, so making it easy to find resources on it or to understand.

Customized Cloud Solutions to Drive your Business Success

Cloud Migration
Devops
AIML & IoT

Know More

Working of CloudFormation

There are three concepts we need to be aware of when using CloudFormation, these concepts are fundamental to how it works and those are,

Template

It is a declarative way of defining resources as a JSON or YAML file. This template can then be used to deploy the resources either using the CLI or console.

Stack

When deploying a template, it creates both resources (EC2 and EIP) as a stack. These resources are created as a unit; therefore, any deletion or update of resources will be applied to the stack.

Change Set

When a stack needs to be updated, can simply run an update on the stack and let CloudFormation take care of replacing the necessary resources. It takes that further and gives the ability to see the impact of the modifications you are applying before they are applied.

Step-by-Step Guide to Process Drift Detection using CloudFormation

Step 1: Log in to AWS Console and create a key-pair as shown below

cf1

Step 2: Create a JSON/yml template file to create a stack. Give the EC2 name, KeyName which was created earlier, new security group name, and get ImageId, SubnetId, and VpcId from AWS services.

sample_template.yml
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a Ubuntu machine",
"Resources": {
    "demoInstance":{
        "Type": "AWS::EC2::Instance",
        "Properties": {
          "ImageId": "your_ami_id", 
          "InstanceType": "t2.micro",
          "KeyName": "sample-key",
          "SubnetId": "your_subnetid",
        "SecurityGroupIds":[
          {
            "Ref": "samplesecuritygroup"
          }
        ]
    }
  },
  "sureshsecuritygroup":{
    "Type" : "AWS::EC2::SecurityGroup",
    "Properties" : {
    "VpcId" : "your_vpcid",
      "GroupDescription" : "Enable HTTP via port 80",
      "SecurityGroupIngress": [
        {
          "IpProtocol":"tcp",
          "FromPort":"80",
          "ToPort":"80",
          "CidrIp":"0.0.0.0/0"
        },
        {
          "IpProtocol":"tcp",
          "FromPort":"22",
          "ToPort":"22",
          "CidrIp":"0.0.0.0/0"
        }
      ]
    }
  }
}
}

sample_template.yml

{

"AWSTemplateFormatVersion": "2010-09-09",

"Description": "Create a Ubuntu machine",

"Resources": {

"demoInstance":{

"Type": "AWS::EC2::Instance",

"Properties": {

"ImageId": "your_ami_id",

"InstanceType": "t2.micro",

"KeyName": "sample-key",

"SubnetId": "your_subnetid",

"SecurityGroupIds":[

{

"Ref": "samplesecuritygroup"

}

]

}

"sureshsecuritygroup":{

"Type" : "AWS::EC2::SecurityGroup",

"Properties" : {

"VpcId" : "your_vpcid",

"GroupDescription" : "Enable HTTP via port 80",

"SecurityGroupIngress": [

{

"IpProtocol":"tcp",

"FromPort":"80",

"ToPort":"80",

"CidrIp":"0.0.0.0/0"

{

"IpProtocol":"tcp",

"FromPort":"22",

"ToPort":"22",

"CidrIp":"0.0.0.0/0"

}

]

}

Step 3: Go to CloudFormation, select the region in which you have chosen the VpcId region, click on Create Stack, and under that click on new resources(standard)

cf3

Step 4: Choose Template is ready, upload a template file, choose file, upload the .yml file, and Click on Next.

cf4

Step 5: Give the name for the Stack and Click on Next.

cf5

Step 6: Scroll down and Click on Next.

cf6

Step 7: Scroll down and Click on Create Stack

cf7

cf7b

cf7c

EC2 instance

cf7d

Security Group

cf7e

Step 8: Click on Stack actions and choose to Detect Drift option.

cf8b

Step 9: Click on Stack actions and Choose View Drift results

cf9

cf9b

Step 10: Go to the security group and select inbound rules and select port 80. Click on Edit inbound rules.

cf10

cf10b

Step 11: Go to CloudFormation and check drift detection as you can see it is drifted.

cf11

Conclusion

AWS CloudFormation offers an easy way to model the necessary AWS resources, allocate them and manage them throughout their lifecycle by working with them as code. CloudFormation so that you can create multiple infrastructures, troubleshoot your components, and recover your application’s resources whenever there is a failover.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

Cloud Training
Customized Training
Experiential Learning

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

FAQs

1. How does CloudFormation handle drift?

ANS: – CloudFormation displays an information bar stating that drift detection has been initiated for the selected stack. Wait until CloudFormation finishes the drift detection operation. When the drift detection operation completes, CloudFormation updates the Drift status and Last drift check time for the stack.

2. How does CloudFormation detect changes?

ANS: – A resource is considered to have drifted if one or more of its properties have been deleted, or had their value changed. It generates detailed information on each resource in the stack that has drifted. It detects drift on those AWS resources that support drift detection.

3. Why is drift detection important?

ANS: – Data drift is the main reason model accuracy decreases over time. Thus, monitoring the changes continuously in our model’s behaviour is of utmost importance.

WRITTEN BY Suresh Kumar Reddy

Yerraballi Suresh Kumar Reddy is working as a Research Associate - Data and AI/ML at CloudThat. He is a self-motivated and hard-working Cloud Data Science aspirant who is adept at using analytical tools for analyzing and extracting meaningful insights from data.