Validate AWS Resources With CloudFormation Templates

1
votes

Is it possible to use AWS CloudFormation Templates to validate that already existing AWS resources are configured properly? What I would like to do is create a JSON file according to the AWS EC2 Instance resource specification and validate that the instance is configured properly using BOTO3. I haven't been able to find this type of functionality in the AWS API, and was wondering if there was something that I missed, or there is a 3rd party tool that will do this for me.

Thank you for your time.

1
amazon-web-servicesamazon-ec2botoamazon-cloudformationboto3
not sure this is what you're looking for but if you'd used terraform there's a refresh command that looks your infra to compare against your state file (cloud formation equivalent) and updates the state file if there's change in your infraFrederic Henri
This is sort of what I am looking for. I read the documentation here and it says that it changes the state file. With the tool I am thinking of, I would be able to define my own state file, and when the infrastructure configuration drifted, it wouldn't change the state file, but send some kind of alert or perform some other task. I hope that made sense.PaulM

1 Answers

2
votes

I don't believe this is possible - you'd run into some interesting issues in a lot of cases, as CloudFormation doesn't always name resources exactly the way you'd expect. Cloudformation is meant more for building resources and maintaining them, not verifying existing outside-of-cloudformation resources.

Cool idea for a tool though, not sure if anything like that already exists. It should be pretty easy to write something that snapshots various resources, then compares them over time using boto.

Good luck! If you write a tool (or find one) let me know - though almost all of our resources are managed in CloudFormation already (via stacker).