Resources that support import and drift detection operations

AWS CloudFormation supports resource import and drift detection operations for the following public (AWS) resource types.

In addition, CloudFormation supports import and drift detection operations for private resource types that are provisionable; that is, whose provisioning type is either FULLY_MUTABLE or IMMUTABLE. To import or perform drift detection on a resource of a private resource type, the default version of the resource type that you have registered in your account must be provisionable. For more information on resource provision type, see the ProvisioningType parameter of the DescribeType action in the AWS CloudFormation API Reference and of the DescribeType command in the AWS CLI Command Reference.

For more information on drift detection, see Detecting unmanaged configuration changes to stacks and resources.

Service	Resource
API Gateway	AWS::ApiGateway::Authorizer AWS::ApiGateway::Deployment AWS::ApiGateway::Method AWS::ApiGateway::Model AWS::ApiGateway::Resource AWS::ApiGateway::RestApi AWS::ApiGateway::RequestValidator AWS::ApiGateway::Stage
AppConfig	AWS::AppConfig::Application AWS::AppConfig::ConfigurationProfile AWS::AppConfig::Deployment AWS::AppConfig::DeploymentStrategy AWS::AppConfig::Environment
AppFlow	AWS::AppFlow::Flow AWS::AppFlow::ConnectorProfile
App Mesh	AWS::AppMesh::GatewayRoute AWS::AppMesh::VirtualGateway
Athena	AWS::Athena::DataCatalog AWS::Athena::NamedQuery AWS::Athena::WorkGroup
Auto Scaling	AWS::AutoScaling::AutoScalingGroup AWS::AutoScaling::LaunchConfiguration AWS::AutoScaling::LifecycleHook AWS::AutoScaling::ScalingPolicy AWS::AutoScaling::ScheduledAction
AWS Billing and Cost Management	AWS::CE::CostCategory
AWS Certificate Manager	AWS::ACMPCA::Certificate AWS::ACMPCA::CertificateAuthority AWS::ACMPCA::CertificateAuthorityActivation
AWS Chatbot	AWS::Chatbot::SlackChannelConfiguration
CloudFormation	AWS::CloudFormation::Stack AWS::CloudFormation::StackSet
CloudFront	AWS::CloudFront::CachePolicy AWS::CloudFront::OriginRequestPolicy AWS::CloudFront::RealtimeLogConfig
CloudTrail	AWS::CloudTrail::Trail
CloudWatch	AWS::ApplicationInsights::Application AWS::CloudWatch::Alarm AWS::CloudWatch::CompositeAlarm AWS::Events::Rule AWS::Logs::LogGroup AWS::Logs::MetricFilter AWS::Logs::SubscriptionFilter AWS::Synthetics::Canary
CodeGuru Profiler	AWS::CodeGuruProfiler::ProfilingGroup
CodeGuru Reviewer	AWS::CodeGuruReviewer::RepositoryAssociation
AWS CodeStar	AWS::CodeStarConnections::Connection
AWS Config	AWS::Config::ConformancePack AWS::Config::OrganizationConformancePack
Detective	AWS::Detective::Graph AWS::Detective::MemberInvitation
DynamoDB	AWS::DynamoDB::Table
Amazon EC2	AWS::EC2::CarrierGateway AWS::EC2::EIP AWS::EC2::FlowLog AWS::EC2::Instance AWS::EC2::InternetGateway AWS::EC2::LocalGatewayRoute AWS::EC2::LocalGatewayRouteTableVPCAssociation AWS::EC2::NatGateway AWS::EC2::NetworkAcl AWS::EC2::NetworkInterface AWS::EC2::PrefixList AWS::EC2::RouteTable AWS::EC2::SecurityGroup AWS::EC2::Subnet AWS::EC2::Volume AWS::EC2::VPC
EC2 Image Builder	AWS::ImageBuilder::Component AWS::ImageBuilder::DistributionConfiguration AWS::ImageBuilder::Image AWS::ImageBuilder::ImagePipeline AWS::ImageBuilder::ImageRecipe AWS::ImageBuilder::InfrastructureConfiguration
Amazon ECS	AWS::ECS::CapacityProvider AWS::ECS::Cluster AWS::ECS::PrimaryTaskSet AWS::ECS::Service AWS::ECS::TaskDefinition AWS::ECS::TaskSet
Amazon EFS	AWS::EFS::AccessPoint AWS::EFS::FileSystem
Amazon EKS	AWS::EKS::FargateProfile
Elastic Load Balancing	AWS::ElasticLoadBalancing::LoadBalancer AWS::ElasticLoadBalancingV2::Listener AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::LoadBalancer
EventBridge	AWS::EventSchemas::RegistryPolicy
Firewall Manager	AWS::FMS::NotificationChannel AWS::FMS::Policy
GameLift	AWS::GameLift::GameServerGroup
Global Accelerator	AWS::GlobalAccelerator::Accelerator AWS::GlobalAccelerator::EndpointGroup AWS::GlobalAccelerator::Listener
AWS Ground Station	AWS::GroundStation::Config AWS::GroundStation::DataflowEndpointGroup AWS::GroundStation::MissionProfile
IAM	AWS::IAM::Group AWS::IAM::InstanceProfile AWS::IAM::ManagedPolicy AWS::IAM::Role AWS::IAM::User
IAM Access Analyzer	AWS::AccessAnalyzer::Analyzer
AWS IoT	AWS::IoT::Authorizer AWS::IoT::Certificate AWS::IoT::Thing AWS::IoT::ProvisioningTemplate
Amazon Kendra	AWS::Kendra::DataSource AWS::Kendra::Faq AWS::Kendra::Index
Kinesis	AWS::KinesisFirehose::DeliveryStream
Lambda	AWS::Lambda::Alias AWS::Lambda::Function AWS::Lambda::Version
AWS KMS	AWS::KMS::Key
Amazon Macie	AWS::Macie::CustomDataIdentifier AWS::Macie::FindingsFilter AWS::Macie::Session
Managed Apache Cassandra Service	AWS::Cassandra::Keyspace AWS::Cassandra::Table
Network Manager	AWS::NetworkManager::CustomerGatewayAssociation AWS::NetworkManager::Device AWS::NetworkManager::GlobalNetwork AWS::NetworkManager::Link AWS::NetworkManager::LinkAssociation AWS::NetworkManager::Site AWS::NetworkManager::TransitGatewayRegistration
QLDB	AWS::QLDB::Stream
Resource Groups	AWS::ResourceGroups::Group
Amazon RDS	AWS::RDS::DBCluster AWS::RDS::DBInstance AWS::RDS::DBProxy AWS::RDS::DBProxyTargetGroup
Route 53	AWS::Route53::HostedZone AWS::Route53Resolver::ResolverQueryLoggingConfig AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
Amazon S3	AWS::S3::AccessPoint AWS::S3::Bucket
SageMaker	AWS::SageMaker::MonitoringSchedule
Secrets Manager	AWS::SecretsManager::RotationSchedule
AWS Service Catalog	AWS::ServiceCatalog::CloudFormationProvisionedProduct
Amazon SES	AWS::SES::ConfigurationSet
Amazon SNS	AWS::SNS::Topic
Amazon SQS	AWS::SQS::Queue
SSM	AWS::SSM::Association
AWS SSO	AWS::SSO::Assignment AWS::SSO::PermissionSet
AWS WAF	AWS::WAFv2::IPSet AWS::WAFv2::RegexPatternSet AWS::WAFv2::RuleGroup AWS::WAFv2::WebACL AWS::WAFv2::WebACLAssociation
Amazon WorkSpaces	AWS::Workspaces::ConnectionAlias