Investigate AWS CloudFormation stack drift by identifying drifted stacks, mapping affected stack resources to live AWS assets, comparing template expectations with current resource state, and producing targeted remediation recommendations. This plan is intended for single-account drift findings surfaced by health or drift reports.
List drifted CloudFormation stacks
Identifies CloudFormation stacks with drift detected and captures stack status, hierarchy, Region, last updated time, and latest drift detection details.
Collect drifted stack resource results
Retrieves resource-level drift details for each drifted stack, including MODIFIED, DELETED, NOT_CHECKED, and IN_SYNC resources plus reported property differences.
Map drifted resources to live assets
Locates each drifted physical resource in AWS and captures the live configuration context needed to understand the drift.
Compare template and live resource state
Compares CloudFormation expected properties with current live resource configuration and explains the exact differences.
Classify drift cause and impact
Classifies likely drift causes and evaluates operational, security, compliance, availability, and future stack-update impact.
Recommend remediation per drifted resource
Recommends whether to update the stack template, revert the live resource, import or re-associate resources, recreate deleted resources, document exceptions, or take no action.