Anyone know of a good tool or method to double-che...
# randomc
Clayton
11/18/2021, 10:33 PMAnyone know of a good tool or method to double-check for orphaned AWS services/resources without having to manually check each one?
m
Mike McCall
11/18/2021, 10:41 PMI think stack drift can help here.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html
c
Clayton
11/18/2021, 10:44 PMThanks Mike, I’ll check it out
f
Frank
11/18/2021, 11:14 PM
Most commonly resources can be orphaned in one of two ways:
1. manually created (not through CloudFormation)
2. created through CloudFormation, but retained on remove
Frank
11/18/2021, 11:14 PM
You shouldn’t create resources manually, so #1 is easy to avoid.
Frank
11/18/2021, 11:15 PM
For #2, I always set RemovalPolicy to
DESTROYFrank
11/18/2021, 11:15 PM
And the only thing that could be orphaned are the production resources that were previously removed. The scope is smaller enough to manage.
m
Mike McCall
11/18/2021, 11:18 PMGood points. I think there might be more to the "orphan" story with rollbacks and failed rollbacks.
Mike McCall
11/18/2021, 11:18 PMfailed replacements
c
Clayton
11/19/2021, 12:56 AMThanks @Frank
c
Chad (cysense)
11/19/2021, 1:56 AMHaven't done it myself but I would look at using AWS config, and then query for resources without stack tags