Resources that support import and drift detection operations - AWS CloudFormation

Resources that support import and drift detection operations

AWS CloudFormation supports resource import and drift detection operations for the following public (AWS) resource types.

In addition, CloudFormation supports import and drift detection operations for private resource types that are provisionable; that is, whose provisioning type is either FULLY_MUTABLE or IMMUTABLE. To import or perform drift detection on a resource of a private resource type, the default version of the resource type that you have registered in your account must be provisionable. For more information on resource provision type, see the ProvisioningType parameter of the DescribeType action in the AWS CloudFormation API Reference and of the DescribeType command in the AWS CLI Command Reference.

For more information on drift detection, see Detecting unmanaged configuration changes to stacks and resources.

Service Resource
Amazon API Gateway

AWS::ApiGateway::Authorizer

AWS::ApiGateway::Deployment

AWS::ApiGateway::Method

AWS::ApiGateway::Model

AWS::ApiGateway::Resource

AWS::ApiGateway::RestApi

AWS::ApiGateway::RequestValidator

AWS::ApiGateway::Stage
Amazon AppFlow

AWS::AppFlow::Flow

AWS::AppFlow::ConnectorProfile
AWS App Mesh

AWS::AppMesh::GatewayRoute

AWS::AppMesh::VirtualGateway
AWS App Runner

AWS::AppRunner::Service
Amazon Athena

AWS::Athena::DataCatalog

AWS::Athena::NamedQuery

AWS::Athena::WorkGroup

AWS Audit Manager

AWS::AuditManager::Assessment

AWS Billing and Cost Management

AWS::CE::AnomalyMonitor

AWS::CE::AnomalySubscription

AWS::CE::CostCategory

AWS::CUR::ReportDefinition

AWS Certificate Manager

AWS::ACMPCA::Certificate

AWS::ACMPCA::CertificateAuthority

AWS::ACMPCA::CertificateAuthorityActivation

AWS Chatbot

AWS::Chatbot::SlackChannelConfiguration

CloudFormation

AWS::CloudFormation::ModuleDefaultVersion

AWS::CloudFormation::ModuleVersion

AWS::CloudFormation::PublicTypeVersion

AWS::CloudFormation::Publisher

AWS::CloudFormation::ResourceDefaultVersion

AWS::CloudFormation::ResourceVersion

AWS::CloudFormation::Stack

AWS::CloudFormation::StackSet

AWS::CloudFormation::TypeActivation
Amazon CloudFront

AWS::CloudFront::CachePolicy

AWS::CloudFront::Function

AWS::CloudFront::KeyGroup

AWS::CloudFront::OriginRequestPolicy

AWS::CloudFront::PublicKey

AWS::CloudFront::RealtimeLogConfig

AWS CloudTrail

AWS::CloudTrail::Trail
Amazon CloudWatch

AWS::ApplicationInsights::Application

AWS::CloudWatch::Alarm

AWS::CloudWatch::CompositeAlarm

AWS::CloudWatch::MetricStream

AWS::Logs::LogGroup

AWS::Logs::MetricFilter

AWS::Logs::QueryDefinition

AWS::Logs::ResourcePolicy

AWS::Logs::SubscriptionFilter

AWS::Synthetics::Canary

AWS CodeArtifact

AWS::CodeArtifact::Domain

AWS::CodeArtifact::Repository

Amazon CodeGuru Profiler

AWS::CodeGuruProfiler::ProfilingGroup

Amazon CodeGuru Reviewer

AWS::CodeGuruReviewer::RepositoryAssociation

AWS CodeStar

AWS::CodeStarConnections::Connection

Amazon Connect

AWS::AppIntegrations::EventIntegration

AWS::Connect::QuickConnect

AWS Config

AWS::Config::ConformancePack

AWS::Config::OrganizationConformancePack

AWS::Config::StoredQuery

AWS DataSync

AWS::DataSync::Agent

AWS::DataSync::LocationEFS

AWS::DataSync::LocationFSxWindows

AWS::DataSync::LocationNFS

AWS::DataSync::LocationObjectStorage

AWS::DataSync::LocationS3

AWS::DataSync::LocationSMB

AWS::DataSync::Task

Amazon Detective

AWS::Detective::Graph

AWS::Detective::MemberInvitation

Amazon DevOps Guru

AWS::DevOpsGuru::NotificationChannel

AWS::DevOpsGuru::ResourceCollection

Amazon DynamoDB

AWS::DynamoDB::GlobalTable

AWS::DynamoDB::Table
Amazon EC2

AWS::EC2::CarrierGateway

AWS::EC2::EIP

AWS::EC2::EnclaveCertificateIamRoleAssociation

AWS::EC2::FlowLog

AWS::EC2::Instance

AWS::EC2::InternetGateway

AWS::EC2::LocalGatewayRoute

AWS::EC2::LocalGatewayRouteTableVPCAssociation

AWS::EC2::NatGateway

AWS::EC2::NetworkAcl

AWS::EC2::NetworkInsightsAnalysis

AWS::EC2::NetworkInsightsPath

AWS::EC2::NetworkInterface

AWS::EC2::PrefixList

AWS::EC2::RouteTable

AWS::EC2::SecurityGroup

AWS::EC2::Subnet

AWS::EC2::TransitGatewayConnect

AWS::EC2::TransitGatewayMulticastDomain

AWS::EC2::TransitGatewayMulticastDomainAssociation

AWS::EC2::TransitGatewayMulticastGroupMember

AWS::EC2::TransitGatewayMulticastGroupSource

AWS::EC2::TransitGatewayPeeringAttachment

AWS::EC2::Volume

AWS::EC2::VPC
Amazon EC2 Auto Scaling

AWS::AutoScaling::AutoScalingGroup

AWS::AutoScaling::LaunchConfiguration

AWS::AutoScaling::LifecycleHook

AWS::AutoScaling::ScalingPolicy

AWS::AutoScaling::ScheduledAction

AWS::AutoScaling::WarmPool
EC2 Image Builder

AWS::ImageBuilder::Component

AWS::ImageBuilder::ContainerRecipe

AWS::ImageBuilder::DistributionConfiguration

AWS::ImageBuilder::Image

AWS::ImageBuilder::ImagePipeline

AWS::ImageBuilder::ImageRecipe

AWS::ImageBuilder::InfrastructureConfiguration

Amazon ECS

AWS::ECS::CapacityProvider

AWS::ECS::Cluster

AWS::ECS::ClusterCapacityProviderAssociations

AWS::ECS::PrimaryTaskSet

AWS::ECS::Service

AWS::ECS::TaskDefinition

AWS::ECS::TaskSet
Amazon EFS

AWS::EFS::AccessPoint

AWS::EFS::FileSystem
Amazon EKS

AWS::EKS::AddOn

AWS::EKS::FargateProfile
Elastic Load Balancing

AWS::ElasticLoadBalancing::LoadBalancer

AWS::ElasticLoadBalancingV2::Listener

AWS::ElasticLoadBalancingV2::ListenerRule

AWS::ElasticLoadBalancingV2::LoadBalancer
Amazon EMR

AWS::EMRContainers::Studio

AWS::EMRContainers::StudioSessionMapping

AWS::EMRContainers::VirtualCluster
Amazon EventBridge

AWS::Events::ApiDestination

AWS::Events::Archive

AWS::Events::Connection

AWS::EventSchemas::RegistryPolicy

AWS::Events::Rule

Amazon FinSpace

AWS::FinSpace::Environment

AWS Firewall Manager

AWS::FMS::NotificationChannel

AWS::FMS::Policy

Amazon Fraud Detector

AWS::FraudDetector::Detector

AWS::FraudDetector::EntityType

AWS::FraudDetector::EventType

AWS::FraudDetector::Label

AWS::FraudDetector::Outcome

AWS::FraudDetector::Variable

Amazon GameLift

AWS::GameLift::GameServerGroup

AWS Global Accelerator

AWS::GlobalAccelerator::Accelerator

AWS::GlobalAccelerator::EndpointGroup

AWS::GlobalAccelerator::Listener
AWS Glue

AWS::Glue::Registry

AWS::Glue::Schema

AWS::Glue::SchemaVersion

AWS::Glue::SchemaVersionMetadata
AWS Glue DataBrew

AWS::DataBrew::Dataset

AWS::DataBrew::Job

AWS::DataBrew::Project

AWS::DataBrew::Recipe

AWS::DataBrew::Schedule

AWS FIS

AWS::FIS::ExperimentTemplate
AWS IoT Greengrass

AWS::GreengrassV2::ComponentVersion
AWS Ground Station

AWS::GroundStation::Config

AWS::GroundStation::DataflowEndpointGroup

AWS::GroundStation::MissionProfile
AWS Identity and Access Management

AWS::AccessAnalyzer::Analyzer

AWS::IAM::Group

AWS::IAM::InstanceProfile

AWS::IAM::OIDCProvider

AWS::IAM::ManagedPolicy

AWS::IAM::Role

AWS::IAM::SAMLProvider

AWS::IAM::User

AWS::IAM::VirtualMFADevice
AWS IoT Core

AWS::IoT::AccountAuditConfiguration

AWS::IoT::Authorizer

AWS::IoT::Certificate

AWS::IoT::CustomMetric

AWS::IoT::Dimension

AWS::IoT::DomainConfiguration

AWS::IoT::MitigationAction

AWS::IoT::ProvisioningTemplate

AWS::IoT::ScheduledAudit

AWS::IoT::SecurityProfile

AWS::IoT::Thing

AWS::IoT::TopicRuleDestination

AWS::IoTCoreDeviceAdvisor::SuiteDefinition

AWS::IoTFleetHub::Application

AWS::IoTWireless::Destination

AWS::IoTWireless::DeviceProfile

AWS::IoTWireless::PartnerAccount

AWS::IoTWireless::ServiceProfile

AWS::IoTWireless::TaskDefinition

AWS::IoTWireless::WirelessDevice

AWS::IoTWireless::WirelessGateway
AWS IoT SiteWise

AWS::IoTSiteWise::AccessPolicy

AWS::IoTSiteWise::Asset

AWS::IoTSiteWise::AssetModel

AWS::IoTSiteWise::Dashboard

AWS::IoTSiteWise::Gateway

AWS::IoTSiteWise::Portal

AWS::IoTSiteWise::Project
Amazon Interactive Video Service

AWS::IVS::Channel

AWS::IVS::PlaybackKeyPair

AWS::IVS::RecordingConfiguration

AWS::IVS::StreamKey
Amazon Kendra

AWS::Kendra::DataSource

AWS::Kendra::Faq

AWS::Kendra::Index
Amazon Keyspaces (for Apache Cassandra)

AWS::Cassandra::Keyspace

AWS::Cassandra::Table

Amazon Kinesis

AWS::KinesisFirehose::DeliveryStream
AWS Key Management Service

AWS::KMS::Key

AWS::KMS::ReplicaKey
AWS Lambda

AWS::Lambda::Alias

AWS::Lambda::CodeSigningConfig

AWS::Lambda::Function

AWS::Lambda::Version
Amazon Location Service

AWS::Location::GeofenceCollection

AWS::Location::Map

AWS::Location::PlaceIndex

AWS::Location::RouteCalculator

AWS::Location::Tracker

AWS::Location::TrackerConsumer
Amazon Lookout for Equipment

AWS::LookoutEquipment::InferenceScheduler
Amazon Lookout for Metrics

AWS::LookoutMetrics::Alert

AWS::LookoutMetrics::AnomalyDetector
Amazon Lookout for Vision

AWS::LookoutVision::Project
Amazon Macie

AWS::Macie::CustomDataIdentifier

AWS::Macie::FindingsFilter

AWS::Macie::Session
AWS Elemental MediaConnect

AWS::MediaConnect::Flow

AWS::MediaConnect::FlowEntitlement

AWS::MediaConnect::FlowOutput

AWS::MediaConnect::FlowSource

AWS::MediaConnect::FlowVpcInterface
AWS Elemental MediaPackage

AWS::MediaPackage::Asset

AWS::MediaPackage::Channel

AWS::MediaPackage::OriginEndpoint

AWS::MediaPackage::PackagingConfiguration

AWS::MediaPackage::PackagingGroup

Amazon Managed Workflows for Apache Airflow (Amazon MWAA)

AWS::MWAA::Environment

AWS Network Firewall

AWS::NetworkFirewall::Firewall

AWS::NetworkFirewall::FirewallPolicy

AWS::NetworkFirewall::LoggingConfiguration

AWS::NetworkFirewall::RuleGroup

Transit Gateway Network Manager

AWS::NetworkManager::CustomerGatewayAssociation

AWS::NetworkManager::Device

AWS::NetworkManager::GlobalNetwork

AWS::NetworkManager::Link

AWS::NetworkManager::LinkAssociation

AWS::NetworkManager::Site

AWS::NetworkManager::TransitGatewayRegistration

Amazon Nimble Studio

AWS::NimbleStudio::LaunchProfile

AWS::NimbleStudio::StreamingImage

AWS::NimbleStudio::Studio

AWS::NimbleStudio::StudioComponent
Amazon QLDB

AWS::QLDB::Stream
Amazon QuickSight

AWS::QuickSight::Analysis

AWS::QuickSight::Dashboard

AWS::QuickSight::Template

AWS::QuickSight::Theme
AWS Resource Groups

AWS::ResourceGroups::Group
Amazon Relational Database Service

AWS::RDS::DBCluster

AWS::RDS::DBInstance

AWS::RDS::DBProxy

AWS::RDS::DBProxyEndpoint

AWS::RDS::DBProxyTargetGroup

AWS::RDS::GlobalCluster
Amazon Route 53

AWS::Route53::DNSSEC

AWS::Route53::HostedZone

AWS::Route53::KeySigningKey

AWS::Route53RecoveryControl::Cluster

AWS::Route53RecoveryControl::ControlPanel

AWS::Route53RecoveryControl::RoutingControl

AWS::Route53RecoveryControl::SafetyRule

AWS::Route53RecoveryReadiness::Cell

AWS::Route53RecoveryReadiness::ReadinessCheck

AWS::Route53RecoveryReadiness::RecoveryGroup

AWS::Route53RecoveryReadiness::ResourceSet

AWS::Route53Resolver::FirewallDomainList

AWS::Route53Resolver::FirewallRuleGroup

AWS::Route53Resolver::FirewallRuleGroupAssociation

AWS::Route53Resolver::ResolverDNSSECConfig

AWS::Route53Resolver::ResolverQueryLoggingConfig

AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
Amazon Simple Storage Service

AWS::S3::AccessPoint

AWS::S3::Bucket

AWS::S3::StorageLens

AWS::S3ObjectLambda::AccessPoint

AWS::S3ObjectLambda::AccessPointPolicy

AWS::S3Outposts::AccessPoint

AWS::S3Outposts::Bucket

AWS::S3Outposts::BucketPolicy

AWS::S3Outposts::Endpoint

Amazon SageMaker

AWS::SageMaker::App

AWS::SageMaker::AppImageConfig

AWS::SageMaker::DataQualityJobDefinition

AWS::SageMaker::Device

AWS::SageMaker::DeviceFleet

AWS::SageMaker::Domain

AWS::SageMaker::Image

AWS::SageMaker::ImageVersion

AWS::SageMaker::ModelBiasJobDefinition

AWS::SageMaker::ModelExplainabilityJobDefinition

AWS::SageMaker::ModelQualityJobDefinition

AWS::SageMaker::ModelPackageGroup

AWS::SageMaker::MonitoringSchedule

AWS::SageMaker::Pipeline

AWS::SageMaker::Project

AWS::SageMaker::UserProfile
AWS Secrets Manager

AWS::SecretsManager::ResourcePolicy

AWS::SecretsManager::RotationSchedule
AWS Service Catalog

AWS::ServiceCatalog::CloudFormationProvisionedProduct

AWS::ServiceCatalog::ServiceAction

AWS::ServiceCatalog::ServiceActionAssociation

AWS::ServiceCatalogAppRegistry::Application

AWS::ServiceCatalogAppRegistry::AttributeGroup

AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation

AWS::ServiceCatalogAppRegistry::ResourceAssociation
AWS Signer

AWS::Signer::ProfilePermission

AWS::Signer::SigningProfile
Amazon Simple Email Service

AWS::SES::ConfigurationSet

AWS::SES::ContactList
Amazon Simple Queue Service

AWS::SQS::Queue
Amazon Simple Notification Service

AWS::SNS::Topic
AWS Single Sign-On

AWS::SSO::Assignment

AWS::SSO::InstanceAccessControlAttributeConfiguration
AWS Step Functions

AWS::StepFunctions::StateMachine
AWS Systems Manager

AWS::SSM::Association

AWS::SSMContacts::Contact

AWS::SSMContacts::ContactChannel

AWS::SSMIncidents::ReplicationSet

AWS::SSMIncidents::ResponsePlan
AWS Transfer Family

AWS::Transfer::Access
AWS WAF

AWS::WAFv2::IPSet

AWS::WAFv2::RegexPatternSet

AWS::WAFv2::RuleGroup

AWS::WAFv2::WebACL

AWS::WAFv2::WebACLAssociation

Amazon WorkSpaces

AWS::Workspaces::ConnectionAlias
AWS X-Ray

AWS::XRay::Group

AWS::XRay::SamplingRule