Resources that support import and drift detection operations

AWS CloudFormation supports resource import and drift detection operations for the following public (AWS) resource types.

In addition, CloudFormation supports import and drift detection operations for private resource types that are provisionable; that is, whose provisioning type is either FULLY_MUTABLE or IMMUTABLE. To import or perform drift detection on a resource of a private resource type, the default version of the resource type that you have registered in your account must be provisionable. For more information on resource provision type, see the ProvisioningType parameter of the DescribeType action in the AWS CloudFormation API Reference and of the DescribeType command in the AWS CLI Command Reference.

For more information on drift detection, see Detecting unmanaged configuration changes to stacks and resources.

Service	Resource
Amazon API Gateway	AWS::ApiGateway::Authorizer AWS::ApiGateway::Deployment AWS::ApiGateway::Method AWS::ApiGateway::Model AWS::ApiGateway::Resource AWS::ApiGateway::RestApi AWS::ApiGateway::RequestValidator AWS::ApiGateway::Stage
Amazon AppFlow	AWS::AppFlow::Flow AWS::AppFlow::ConnectorProfile
AWS App Mesh	AWS::AppMesh::GatewayRoute AWS::AppMesh::VirtualGateway
Amazon Athena	AWS::Athena::DataCatalog AWS::Athena::NamedQuery AWS::Athena::WorkGroup
AWS Audit Manager	AWS::AuditManager::Assessment
AWS Billing and Cost Management	AWS::CE::CostCategory
AWS Certificate Manager	AWS::ACMPCA::Certificate AWS::ACMPCA::CertificateAuthority AWS::ACMPCA::CertificateAuthorityActivation
AWS Chatbot	AWS::Chatbot::SlackChannelConfiguration
CloudFormation	AWS::CloudFormation::ModuleDefaultVersion AWS::CloudFormation::ModuleVersion AWS::CloudFormation::Stack AWS::CloudFormation::StackSet
Amazon CloudFront	AWS::CloudFront::CachePolicy AWS::CloudFront::KeyGroup AWS::CloudFront::OriginRequestPolicy AWS::CloudFront::PublicKey AWS::CloudFront::RealtimeLogConfig
AWS CloudTrail	AWS::CloudTrail::Trail
Amazon CloudWatch	AWS::ApplicationInsights::Application AWS::CloudWatch::Alarm AWS::CloudWatch::CompositeAlarm AWS::Logs::LogGroup AWS::Logs::MetricFilter AWS::Logs::SubscriptionFilter AWS::Synthetics::Canary
AWS CodeArtifact	AWS::CodeArtifact::Domain AWS::CodeArtifact::Repository
Amazon CodeGuru Profiler	AWS::CodeGuruProfiler::ProfilingGroup
Amazon CodeGuru Reviewer	AWS::CodeGuruReviewer::RepositoryAssociation
AWS CodeStar	AWS::CodeStarConnections::Connection
AWS Config	AWS::Config::ConformancePack AWS::Config::OrganizationConformancePack AWS::Config::StoredQuery
AWS DataSync	AWS::DataSync::Agent AWS::DataSync::LocationEFS AWS::DataSync::LocationFSxWindows AWS::DataSync::LocationNFS AWS::DataSync::LocationObjectStorage AWS::DataSync::LocationS3 AWS::DataSync::LocationSMB AWS::DataSync::Task
Amazon Detective	AWS::Detective::Graph AWS::Detective::MemberInvitation
Amazon DevOps Guru	AWS::DevOpsGuru::NotificationChannel AWS::DevOpsGuru::ResourceCollection
Amazon DynamoDB	AWS::DynamoDB::Table
Amazon EC2	AWS::EC2::CarrierGateway AWS::EC2::EIP AWS::EC2::FlowLog AWS::EC2::Instance AWS::EC2::InternetGateway AWS::EC2::LocalGatewayRoute AWS::EC2::LocalGatewayRouteTableVPCAssociation AWS::EC2::NatGateway AWS::EC2::NetworkAcl AWS::EC2::NetworkInsightsAnalysis AWS::EC2::NetworkInsightsPath AWS::EC2::NetworkInterface AWS::EC2::PrefixList AWS::EC2::RouteTable AWS::EC2::SecurityGroup AWS::EC2::Subnet AWS::EC2::Volume AWS::EC2::VPC
Amazon EC2 Auto Scaling	AWS::AutoScaling::AutoScalingGroup AWS::AutoScaling::LaunchConfiguration AWS::AutoScaling::LifecycleHook AWS::AutoScaling::ScalingPolicy AWS::AutoScaling::ScheduledAction
EC2 Image Builder	AWS::ImageBuilder::Component AWS::ImageBuilder::DistributionConfiguration AWS::ImageBuilder::Image AWS::ImageBuilder::ImagePipeline AWS::ImageBuilder::ImageRecipe AWS::ImageBuilder::InfrastructureConfiguration
Amazon ECS	AWS::ECS::CapacityProvider AWS::ECS::Cluster AWS::ECS::PrimaryTaskSet AWS::ECS::Service AWS::ECS::TaskDefinition AWS::ECS::TaskSet
Amazon EFS	AWS::EFS::AccessPoint AWS::EFS::FileSystem
Amazon EKS	AWS::EKS::FargateProfile
Elastic Load Balancing	AWS::ElasticLoadBalancing::LoadBalancer AWS::ElasticLoadBalancingV2::Listener AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::LoadBalancer
Amazon EMR	AWS::EMRContainers::VirtualCluster
Amazon EventBridge	AWS::Events::Archive AWS::EventSchemas::RegistryPolicy AWS::Events::Rule
AWS Firewall Manager	AWS::FMS::NotificationChannel AWS::FMS::Policy
Amazon GameLift	AWS::GameLift::GameServerGroup
AWS Global Accelerator	AWS::GlobalAccelerator::Accelerator AWS::GlobalAccelerator::EndpointGroup AWS::GlobalAccelerator::Listener
AWS Glue	AWS::Glue::Registry AWS::Glue::Schema AWS::Glue::SchemaVersion AWS::Glue::SchemaVersionMetadata
AWS Glue DataBrew	AWS::DataBrew::Dataset AWS::DataBrew::Job AWS::DataBrew::Project AWS::DataBrew::Recipe AWS::DataBrew::Schedule
AWS Ground Station	AWS::GroundStation::Config AWS::GroundStation::DataflowEndpointGroup AWS::GroundStation::MissionProfile
AWS Identity and Access Management	AWS::AccessAnalyzer::Analyzer AWS::IAM::Group AWS::IAM::InstanceProfile AWS::IAM::ManagedPolicy AWS::IAM::Role AWS::IAM::User
AWS IoT	AWS::IoT::Authorizer AWS::IoT::Certificate AWS::IoT::DomainConfiguration AWS::IoT::ProvisioningTemplate AWS::IoT::Thing AWS::IoT::TopicRuleDestination
AWS IoT Greengrass	AWS::GreengrassV2::ComponentVersion
AWS IoT SiteWise	AWS::IoTSiteWise::AccessPolicy AWS::IoTSiteWise::Asset AWS::IoTSiteWise::AssetModel AWS::IoTSiteWise::Dashboard AWS::IoTSiteWise::Gateway AWS::IoTSiteWise::Portal AWS::IoTSiteWise::Project
AWS IoT Wireless	AWS::IoTWireless::Destination AWS::IoTWireless::DeviceProfile AWS::IoTWireless::ServiceProfile AWS::IoTWireless::WirelessDevice AWS::IoTWireless::WirelessGateway
Amazon Interactive Video Service	AWS::IVS::Channel AWS::IVS::PlaybackKeyPair AWS::IVS::StreamKey
Amazon Kendra	AWS::Kendra::DataSource AWS::Kendra::Faq AWS::Kendra::Index
Amazon Keyspaces (for Apache Cassandra)	AWS::Cassandra::Keyspace AWS::Cassandra::Table
Amazon Kinesis	AWS::KinesisFirehose::DeliveryStream
AWS Key Management Service	AWS::KMS::Key
AWS Lambda	AWS::Lambda::Alias AWS::Lambda::CodeSigningConfig AWS::Lambda::Function AWS::Lambda::Version
Amazon Macie	AWS::Macie::CustomDataIdentifier AWS::Macie::FindingsFilter AWS::Macie::Session
AWS Elemental MediaConnect	AWS::MediaConnect::Flow AWS::MediaConnect::FlowEntitlement AWS::MediaConnect::FlowOutput AWS::MediaConnect::FlowSource AWS::MediaConnect::FlowVpcInterface
AWS Elemental MediaPackage	AWS::MediaPackage::Asset AWS::MediaPackage::Channel AWS::MediaPackage::OriginEndpoint AWS::MediaPackage::PackagingConfiguration AWS::MediaPackage::PackagingGroup
Amazon Managed Workflows for Apache Airflow (Amazon MWAA)	AWS::MWAA::Environment
AWS Network Firewall	AWS::NetworkFirewall::Firewall AWS::NetworkFirewall::FirewallPolicy AWS::NetworkFirewall::LoggingConfiguration AWS::NetworkFirewall::RuleGroup
Transit Gateway Network Manager	AWS::NetworkManager::CustomerGatewayAssociation AWS::NetworkManager::Device AWS::NetworkManager::GlobalNetwork AWS::NetworkManager::Link AWS::NetworkManager::LinkAssociation AWS::NetworkManager::Site AWS::NetworkManager::TransitGatewayRegistration
Amazon QLDB	AWS::QLDB::Stream
Amazon QuickSight	AWS::QuickSight::Analysis AWS::QuickSight::Dashboard AWS::QuickSight::Template AWS::QuickSight::Theme
AWS Resource Groups	AWS::ResourceGroups::Group
Amazon Relational Database Service	AWS::RDS::DBCluster AWS::RDS::DBInstance AWS::RDS::DBProxy AWS::RDS::DBProxyTargetGroup AWS::RDS::GlobalCluster
Amazon Route 53	AWS::Route53::DNSSEC AWS::Route53::HostedZone AWS::Route53::KeySigningKey AWS::Route53Resolver::ResolverDNSSECConfig AWS::Route53Resolver::ResolverQueryLoggingConfig AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
Amazon Simple Storage Service	AWS::S3::AccessPoint AWS::S3::Bucket AWS::S3::StorageLens
Amazon SageMaker	AWS::SageMaker::DataQualityJobDefinition AWS::SageMaker::Device AWS::SageMaker::DeviceFleet AWS::SageMaker::ModelBiasJobDefinition AWS::SageMaker::ModelExplainabilityJobDefinition AWS::SageMaker::ModelQualityJobDefinition AWS::SageMaker::ModelPackageGroup AWS::SageMaker::MonitoringSchedule AWS::SageMaker::Pipeline
AWS Secrets Manager	AWS::SecretsManager::ResourcePolicy AWS::SecretsManager::RotationSchedule
AWS Service Catalog	AWS::ServiceCatalog::CloudFormationProvisionedProduct AWS::ServiceCatalogAppRegistry::Application AWS::ServiceCatalogAppRegistry::AttributeGroup AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation AWS::ServiceCatalogAppRegistry::ResourceAssociation
AWS Signer	AWS::Signer::ProfilePermission AWS::Signer::SigningProfile
Amazon Simple Email Service	AWS::SES::ConfigurationSet
Amazon Simple Queue Service	AWS::SQS::Queue
Amazon Simple Notification Service	AWS::SNS::Topic
AWS Single Sign-On	AWS::SSO::Assignment AWS::SSO::InstanceAccessControlAttributeConfiguration AWS::SSO::PermissionSet
AWS Step Functions	AWS::StepFunctions::StateMachine
AWS Systems Manager	AWS::SSM::Association
AWS WAF	AWS::WAFv2::IPSet AWS::WAFv2::RegexPatternSet AWS::WAFv2::RuleGroup AWS::WAFv2::WebACL AWS::WAFv2::WebACLAssociation
Amazon WorkSpaces	AWS::Workspaces::ConnectionAlias

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Moving resources between stacks

Exporting stack output values