Resources that support import and drift detection operations - AWS CloudFormation

Resources that support import and drift detection operations

AWS CloudFormation supports resource import and drift detection operations for the following public (AWS) resource types.

In addition, CloudFormation supports import and drift detection operations for private resource types that are provisionable; that is, whose provisioning type is either FULLY_MUTABLE or IMMUTABLE. To import or perform drift detection on a resource of a private resource type, the default version of the resource type that you have registered in your account must be provisionable. For more information on resource provision type, see the ProvisioningType parameter of the DescribeType action in the AWS CloudFormation API Reference and of the DescribeType command in the AWS CLI Command Reference.

For more information on drift detection, see Detecting unmanaged configuration changes to stacks and resources.

Service Resource
Amazon API Gateway

AWS::ApiGateway::Authorizer

AWS::ApiGateway::Deployment

AWS::ApiGateway::Method

AWS::ApiGateway::Model

AWS::ApiGateway::Resource

AWS::ApiGateway::RestApi

AWS::ApiGateway::RequestValidator

AWS::ApiGateway::Stage

Amazon AppFlow

AWS::AppFlow::Flow

AWS::AppFlow::ConnectorProfile

AWS App Mesh

AWS::AppMesh::GatewayRoute

AWS::AppMesh::VirtualGateway

Amazon Athena

AWS::Athena::DataCatalog

AWS::Athena::NamedQuery

AWS::Athena::WorkGroup

AWS Billing and Cost Management

AWS::CE::CostCategory

AWS Certificate Manager

AWS::ACMPCA::Certificate

AWS::ACMPCA::CertificateAuthority

AWS::ACMPCA::CertificateAuthorityActivation

AWS Chatbot

AWS::Chatbot::SlackChannelConfiguration

CloudFormation

AWS::CloudFormation::Stack

AWS::CloudFormation::StackSet

Amazon CloudFront

AWS::CloudFront::CachePolicy

AWS::CloudFront::KeyGroup

AWS::CloudFront::OriginRequestPolicy

AWS::CloudFront::PublicKey

AWS::CloudFront::RealtimeLogConfig

AWS CloudTrail

AWS::CloudTrail::Trail

Amazon CloudWatch

AWS::ApplicationInsights::Application

AWS::CloudWatch::Alarm

AWS::CloudWatch::CompositeAlarm

AWS::Logs::LogGroup

AWS::Logs::MetricFilter

AWS::Logs::SubscriptionFilter

AWS::Synthetics::Canary

AWS CodeArtifact

AWS::CodeArtifact::Domain

AWS::CodeArtifact::Repository

Amazon CodeGuru Profiler

AWS::CodeGuruProfiler::ProfilingGroup

Amazon CodeGuru Reviewer

AWS::CodeGuruReviewer::RepositoryAssociation

AWS CodeStar

AWS::CodeStarConnections::Connection

AWS Config

AWS::Config::ConformancePack

AWS::Config::OrganizationConformancePack

Amazon Detective

AWS::Detective::Graph

AWS::Detective::MemberInvitation

Amazon DynamoDB

AWS::DynamoDB::Table

Amazon EC2

AWS::EC2::CarrierGateway

AWS::EC2::EIP

AWS::EC2::FlowLog

AWS::EC2::Instance

AWS::EC2::InternetGateway

AWS::EC2::LocalGatewayRoute

AWS::EC2::LocalGatewayRouteTableVPCAssociation

AWS::EC2::NatGateway

AWS::EC2::NetworkAcl

AWS::EC2::NetworkInterface

AWS::EC2::PrefixList

AWS::EC2::RouteTable

AWS::EC2::SecurityGroup

AWS::EC2::Subnet

AWS::EC2::Volume

AWS::EC2::VPC

Amazon EC2 Auto Scaling

AWS::AutoScaling::AutoScalingGroup

AWS::AutoScaling::LaunchConfiguration

AWS::AutoScaling::LifecycleHook

AWS::AutoScaling::ScalingPolicy

AWS::AutoScaling::ScheduledAction

EC2 Image Builder

AWS::ImageBuilder::Component

AWS::ImageBuilder::DistributionConfiguration

AWS::ImageBuilder::Image

AWS::ImageBuilder::ImagePipeline

AWS::ImageBuilder::ImageRecipe

AWS::ImageBuilder::InfrastructureConfiguration

Amazon ECS

AWS::ECS::CapacityProvider

AWS::ECS::Cluster

AWS::ECS::PrimaryTaskSet

AWS::ECS::Service

AWS::ECS::TaskDefinition

AWS::ECS::TaskSet

Amazon EFS

AWS::EFS::AccessPoint

AWS::EFS::FileSystem

Amazon EKS

AWS::EKS::FargateProfile

Elastic Load Balancing

AWS::ElasticLoadBalancing::LoadBalancer

AWS::ElasticLoadBalancingV2::Listener

AWS::ElasticLoadBalancingV2::ListenerRule

AWS::ElasticLoadBalancingV2::LoadBalancer

Amazon EventBridge

AWS::Events::Archive

AWS::EventSchemas::RegistryPolicy

AWS::Events::Rule

AWS Firewall Manager

AWS::FMS::NotificationChannel

AWS::FMS::Policy

Amazon GameLift

AWS::GameLift::GameServerGroup

AWS Global Accelerator

AWS::GlobalAccelerator::Accelerator

AWS::GlobalAccelerator::EndpointGroup

AWS::GlobalAccelerator::Listener

AWS Glue

AWS::Glue::Registry

AWS::Glue::Schema

AWS::Glue::SchemaVersion

AWS::Glue::SchemaVersionMetadata

AWS Glue DataBrew

AWS::DataBrew::Dataset

AWS::DataBrew::Job

AWS::DataBrew::Project

AWS::DataBrew::Recipe

AWS::DataBrew::Schedule

AWS Ground Station

AWS::GroundStation::Config

AWS::GroundStation::DataflowEndpointGroup

AWS::GroundStation::MissionProfile

AWS Identity and Access Management

AWS::AccessAnalyzer::Analyzer

AWS::IAM::Group

AWS::IAM::InstanceProfile

AWS::IAM::ManagedPolicy

AWS::IAM::Role

AWS::IAM::User

AWS IoT

AWS::IoT::Authorizer

AWS::IoT::Certificate

AWS::IoT::DomainConfiguration

AWS::IoT::ProvisioningTemplate

AWS::IoT::Thing

AWS::IoT::TopicRuleDestination

AWS IoT SiteWise

AWS::IoTSiteWise::Asset

AWS::IoTSiteWise::AssetModel

AWS::IoTSiteWise::Gateway

Amazon Interactive Video Service

AWS::IVS::Channel

AWS::IVS::PlaybackKeyPair

AWS::IVS::StreamKey

Amazon Kendra

AWS::Kendra::DataSource

AWS::Kendra::Faq

AWS::Kendra::Index

Amazon Keyspaces (for Apache Cassandra)

AWS::Cassandra::Keyspace

AWS::Cassandra::Table

Amazon Kinesis

AWS::KinesisFirehose::DeliveryStream

AWS Key Management Service

AWS::KMS::Key

AWS Lambda

AWS::Lambda::Alias

AWS::Lambda::CodeSigningConfig

AWS::Lambda::Function

AWS::Lambda::Version

Amazon Macie

AWS::Macie::CustomDataIdentifier

AWS::Macie::FindingsFilter

AWS::Macie::Session

AWS Elemental MediaPackage

AWS::MediaPackage::Asset

AWS::MediaPackage::Channel

AWS::MediaPackage::OriginEndpoint

AWS::MediaPackage::PackagingConfiguration

AWS::MediaPackage::PackagingGroup

AWS Network Firewall

AWS::NetworkFirewall::Firewall

AWS::NetworkFirewall::FirewallPolicy

AWS::NetworkFirewall::LoggingConfiguration

AWS::NetworkFirewall::RuleGroup

Transit Gateway Network Manager

AWS::NetworkManager::CustomerGatewayAssociation

AWS::NetworkManager::Device

AWS::NetworkManager::GlobalNetwork

AWS::NetworkManager::Link

AWS::NetworkManager::LinkAssociation

AWS::NetworkManager::Site

AWS::NetworkManager::TransitGatewayRegistration

Amazon QLDB

AWS::QLDB::Stream

AWS Resource Groups

AWS::ResourceGroups::Group

Amazon Relational Database Service

AWS::RDS::DBCluster

AWS::RDS::DBInstance

AWS::RDS::DBProxy

AWS::RDS::DBProxyTargetGroup

AWS::RDS::GlobalCluster

Amazon Route 53

AWS::Route53::HostedZone

AWS::Route53Resolver::ResolverQueryLoggingConfig

AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation

Amazon Simple Storage Service

AWS::S3::AccessPoint

AWS::S3::Bucket

AWS::S3::StorageLens

Amazon SageMaker

AWS::SageMaker::MonitoringSchedule

AWS Secrets Manager

AWS::SecretsManager::ResourcePolicy

AWS::SecretsManager::RotationSchedule

AWS Service Catalog

AWS::ServiceCatalog::CloudFormationProvisionedProduct

AWS Signer

AWS::Signer::ProfilePermission

AWS::Signer::SigningProfile

Amazon Simple Email Service

AWS::SES::ConfigurationSet

Amazon Simple Queue Service

AWS::SQS::Queue

Amazon Simple Notification Service

AWS::SNS::Topic

AWS Single Sign-On

AWS::SSO::Assignment

AWS::SSO::PermissionSet

AWS Step Functions

AWS::StepFunctions::StateMachine

AWS Systems Manager

AWS::SSM::Association

AWS WAF

AWS::WAFv2::IPSet

AWS::WAFv2::RegexPatternSet

AWS::WAFv2::RuleGroup

AWS::WAFv2::WebACL

AWS::WAFv2::WebACLAssociation

Amazon WorkSpaces

AWS::Workspaces::ConnectionAlias