How to restore the AWS drifted stack resources to the expected state

1
votes

I have a cloudformation stack and edited the resource property and now the stack is showing in drifted state. I have run the cli command to find the drifted resource and got the results. Now I need to do update the stack with expected values of the resource properties. but in my cloudformation stack i have specified only resource parameters. can anyone tell me how can I update a stack with resources and its properties. the command which i run

aws cloudformation describe-stack-resource-drifts --stack-name stack-test --query 'StackResourceDrifts[*].{LogicalResourceId: LogicalResourceId, PropertyDifferences: PropertyDifferences}

I got the output as below:

 [
     
      {
          "LogicalResourceId": "tsets3",
          "PropertyDifferences": [
                           
              {
                  "PropertyPath": "/PublicAccessBlockConfiguration/RestrictPublicBuckets",
                  "ExpectedValue": "true",
                  "ActualValue": "false",
                  "DifferenceType": "NOT_EQUAL"
              }
          ]
      }
  ]

when i tried with the command

aws cloudformation update-stack --stack-name stack-test --use-previous-template --resource-types="AWS::S3::*" --capabilities="CAPABILITY_NAMED_IAM"

I am getting an error as below:

An error occurred (ValidationError) when calling the UpdateStack operation: ResourceTypes and Capabilities cannot be specified at the same time.

can anyone help me on this?

Thanks in advance.

1
amazon-web-servicesamazon-cloudformation

1 Answers

0
votes

You must remediate drift outside of CloudFormation using the console, CLI, or SDKs

This article should help remediate drift for that particular property: https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/