Resources that support import and drift detection operations

AWS CloudFormation supports resource import and drift detection operations for the following public (AWS) resource types.

In addition, CloudFormation supports import and drift detection operations for private resource types that are provisionable; that is, whose provisioning type is either FULLY_MUTABLE or IMMUTABLE. To import or perform drift detection on a resource of a private resource type, the default version of the resource type that you have registered in your account must be provisionable. For more information on resource provision type, see the ProvisioningType parameter of the DescribeType action in the AWS CloudFormation API Reference and of the DescribeType command in the AWS CLI Command Reference.

For more information on drift detection, see Detecting unmanaged configuration changes to stacks and resources.

Service	Resource
Amazon API Gateway	AWS::ApiGateway::Authorizer AWS::ApiGateway::Deployment AWS::ApiGateway::Method AWS::ApiGateway::Model AWS::ApiGateway::Resource AWS::ApiGateway::RestApi AWS::ApiGateway::RequestValidator AWS::ApiGateway::Stage
Amazon AppFlow	AWS::AppFlow::Flow AWS::AppFlow::ConnectorProfile
AWS App Mesh	AWS::AppMesh::GatewayRoute AWS::AppMesh::VirtualGateway
Amazon Athena	AWS::Athena::DataCatalog AWS::Athena::NamedQuery AWS::Athena::WorkGroup
AWS Billing and Cost Management	AWS::CE::CostCategory
AWS Certificate Manager	AWS::ACMPCA::Certificate AWS::ACMPCA::CertificateAuthority AWS::ACMPCA::CertificateAuthorityActivation
AWS Chatbot	AWS::Chatbot::SlackChannelConfiguration
CloudFormation	AWS::CloudFormation::Stack AWS::CloudFormation::StackSet
Amazon CloudFront	AWS::CloudFront::CachePolicy AWS::CloudFront::KeyGroup AWS::CloudFront::OriginRequestPolicy AWS::CloudFront::PublicKey AWS::CloudFront::RealtimeLogConfig
AWS CloudTrail	AWS::CloudTrail::Trail
Amazon CloudWatch	AWS::ApplicationInsights::Application AWS::CloudWatch::Alarm AWS::CloudWatch::CompositeAlarm AWS::Logs::LogGroup AWS::Logs::MetricFilter AWS::Logs::SubscriptionFilter AWS::Synthetics::Canary
AWS CodeArtifact	AWS::CodeArtifact::Domain AWS::CodeArtifact::Repository
Amazon CodeGuru Profiler	AWS::CodeGuruProfiler::ProfilingGroup
Amazon CodeGuru Reviewer	AWS::CodeGuruReviewer::RepositoryAssociation
AWS CodeStar	AWS::CodeStarConnections::Connection
AWS Config	AWS::Config::ConformancePack AWS::Config::OrganizationConformancePack
Amazon Detective	AWS::Detective::Graph AWS::Detective::MemberInvitation
Amazon DynamoDB	AWS::DynamoDB::Table
Amazon EC2	AWS::EC2::CarrierGateway AWS::EC2::EIP AWS::EC2::FlowLog AWS::EC2::Instance AWS::EC2::InternetGateway AWS::EC2::LocalGatewayRoute AWS::EC2::LocalGatewayRouteTableVPCAssociation AWS::EC2::NatGateway AWS::EC2::NetworkAcl AWS::EC2::NetworkInterface AWS::EC2::PrefixList AWS::EC2::RouteTable AWS::EC2::SecurityGroup AWS::EC2::Subnet AWS::EC2::Volume AWS::EC2::VPC
Amazon EC2 Auto Scaling	AWS::AutoScaling::AutoScalingGroup AWS::AutoScaling::LaunchConfiguration AWS::AutoScaling::LifecycleHook AWS::AutoScaling::ScalingPolicy AWS::AutoScaling::ScheduledAction
EC2 Image Builder	AWS::ImageBuilder::Component AWS::ImageBuilder::DistributionConfiguration AWS::ImageBuilder::Image AWS::ImageBuilder::ImagePipeline AWS::ImageBuilder::ImageRecipe AWS::ImageBuilder::InfrastructureConfiguration
Amazon ECS	AWS::ECS::CapacityProvider AWS::ECS::Cluster AWS::ECS::PrimaryTaskSet AWS::ECS::Service AWS::ECS::TaskDefinition AWS::ECS::TaskSet
Amazon EFS	AWS::EFS::AccessPoint AWS::EFS::FileSystem
Amazon EKS	AWS::EKS::FargateProfile
Elastic Load Balancing	AWS::ElasticLoadBalancing::LoadBalancer AWS::ElasticLoadBalancingV2::Listener AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::LoadBalancer
Amazon EventBridge	AWS::Events::Archive AWS::EventSchemas::RegistryPolicy AWS::Events::Rule
AWS Firewall Manager	AWS::FMS::NotificationChannel AWS::FMS::Policy
Amazon GameLift	AWS::GameLift::GameServerGroup
AWS Global Accelerator	AWS::GlobalAccelerator::Accelerator AWS::GlobalAccelerator::EndpointGroup AWS::GlobalAccelerator::Listener
AWS Glue	AWS::Glue::Registry AWS::Glue::Schema AWS::Glue::SchemaVersion AWS::Glue::SchemaVersionMetadata
AWS Glue DataBrew	AWS::DataBrew::Dataset AWS::DataBrew::Job AWS::DataBrew::Project AWS::DataBrew::Recipe AWS::DataBrew::Schedule
AWS Ground Station	AWS::GroundStation::Config AWS::GroundStation::DataflowEndpointGroup AWS::GroundStation::MissionProfile
AWS Identity and Access Management	AWS::AccessAnalyzer::Analyzer AWS::IAM::Group AWS::IAM::InstanceProfile AWS::IAM::ManagedPolicy AWS::IAM::Role AWS::IAM::User
AWS IoT	AWS::IoT::Authorizer AWS::IoT::Certificate AWS::IoT::DomainConfiguration AWS::IoT::ProvisioningTemplate AWS::IoT::Thing AWS::IoT::TopicRuleDestination
AWS IoT SiteWise	AWS::IoTSiteWise::Asset AWS::IoTSiteWise::AssetModel AWS::IoTSiteWise::Gateway
Amazon Interactive Video Service	AWS::IVS::Channel AWS::IVS::PlaybackKeyPair AWS::IVS::StreamKey
Amazon Kendra	AWS::Kendra::DataSource AWS::Kendra::Faq AWS::Kendra::Index
Amazon Keyspaces (for Apache Cassandra)	AWS::Cassandra::Keyspace AWS::Cassandra::Table
Amazon Kinesis	AWS::KinesisFirehose::DeliveryStream
AWS Key Management Service	AWS::KMS::Key
AWS Lambda	AWS::Lambda::Alias AWS::Lambda::CodeSigningConfig AWS::Lambda::Function AWS::Lambda::Version
Amazon Macie	AWS::Macie::CustomDataIdentifier AWS::Macie::FindingsFilter AWS::Macie::Session
AWS Elemental MediaPackage	AWS::MediaPackage::Asset AWS::MediaPackage::Channel AWS::MediaPackage::OriginEndpoint AWS::MediaPackage::PackagingConfiguration AWS::MediaPackage::PackagingGroup
AWS Network Firewall	AWS::NetworkFirewall::Firewall AWS::NetworkFirewall::FirewallPolicy AWS::NetworkFirewall::LoggingConfiguration AWS::NetworkFirewall::RuleGroup
Transit Gateway Network Manager	AWS::NetworkManager::CustomerGatewayAssociation AWS::NetworkManager::Device AWS::NetworkManager::GlobalNetwork AWS::NetworkManager::Link AWS::NetworkManager::LinkAssociation AWS::NetworkManager::Site AWS::NetworkManager::TransitGatewayRegistration
Amazon QLDB	AWS::QLDB::Stream
AWS Resource Groups	AWS::ResourceGroups::Group
Amazon Relational Database Service	AWS::RDS::DBCluster AWS::RDS::DBInstance AWS::RDS::DBProxy AWS::RDS::DBProxyTargetGroup AWS::RDS::GlobalCluster
Amazon Route 53	AWS::Route53::HostedZone AWS::Route53Resolver::ResolverQueryLoggingConfig AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
Amazon Simple Storage Service	AWS::S3::AccessPoint AWS::S3::Bucket AWS::S3::StorageLens
Amazon SageMaker	AWS::SageMaker::MonitoringSchedule
AWS Secrets Manager	AWS::SecretsManager::ResourcePolicy AWS::SecretsManager::RotationSchedule
AWS Service Catalog	AWS::ServiceCatalog::CloudFormationProvisionedProduct
AWS Signer	AWS::Signer::ProfilePermission AWS::Signer::SigningProfile
Amazon Simple Email Service	AWS::SES::ConfigurationSet
Amazon Simple Queue Service	AWS::SQS::Queue
Amazon Simple Notification Service	AWS::SNS::Topic
AWS Single Sign-On	AWS::SSO::Assignment AWS::SSO::PermissionSet
AWS Step Functions	AWS::StepFunctions::StateMachine
AWS Systems Manager	AWS::SSM::Association
AWS WAF	AWS::WAFv2::IPSet AWS::WAFv2::RegexPatternSet AWS::WAFv2::RuleGroup AWS::WAFv2::WebACL AWS::WAFv2::WebACLAssociation
Amazon WorkSpaces	AWS::Workspaces::ConnectionAlias

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Moving resources between stacks

Exporting stack output values