AWS Config
Developer Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration. A stack is considered to have drifted if one or more of its resources differ from their expected configuration. The rule and the stack are COMPLIANT when the stack drift status is IN_SYNC. The rule and the stack are NON_COMPLIANT when the stack drift status is DRIFTED.


If the stacks you created are not visible, choose Re-evaluate and check again.


Trigger type: Configuration changes and periodic



The AWS CloudFormation role ARN with IAM policy permissions to detect drift for AWS CloudFormation stacks.


If the role does not have all of the permissions, the rule fails. The error appears as an annotation at the top of the page. Ensure to attach trusted permissions and ReadOnlyAccess policy permissions. For specific policy permissions, refer to the Detecting Unmanaged Configuration Changes to Stacks and Resources in the AWS CloudFormation User Guide.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

View Launch