InfraAudit does not interact with the CloudFormation service directly. It does not create, update, or delete stacks. Drift detection compares template-declared attributes against live resource configuration — this is separate from CloudFormation’s own stack drift detection feature.
Upload a CloudFormation template
- UI
- CLI
- API
Upload the template
Upload your
.yaml or .json template file. Optionally add a name for the definition.How resource matching works
InfraAudit matchesResources in your template to live AWS resources in your connected account. Matching uses the CloudFormation logical resource ID and, where resolvable, the physical resource ID.
| CloudFormation resource type | Matched on |
|---|---|
AWS::EC2::Instance | Instance ID |
AWS::S3::Bucket | Bucket name |
AWS::RDS::DBInstance | DB identifier |
AWS::Lambda::Function | Function name |
AWS::EC2::SecurityGroup | Security group ID |
View drift results
After uploading, click the definition in the IaC list to see:- Parse status (success, or parse error with the line number)
- Resources declared in the template
- Resources matched to live inventory
- Drift findings: declared attribute value versus the live value for each attribute that differs
Parameters and intrinsic functions
InfraAudit resolves CloudFormation intrinsic functions (!Ref, !Sub, !Join) where the values are static or can be inferred from the template. The following are not resolved and are excluded from drift comparison:
- Cross-stack references using
!ImportValue - Runtime parameters that require a deployed stack to evaluate
- Dynamic resource attributes (e.g.
Fn::GetAttfor values only known post-deployment)
Continuous monitoring with CI/CD
Upload updated templates as part of your deployment pipeline to keep drift detection current after every stack update:--wait flag blocks until the drift comparison completes and exits with a non-zero code if any drift is found.