Viewing drift

You can view the drift status for your accounts and OUs through the console or APIs, and identify when account and OU configurations are drifted, or out of sync. Drift status also is communicated with SNS messages. For more information about receiving these SNS messages, see Guidance on subscribing to SNS Topics.

To view OU and account drift status in the console, navigate to the Organization page, and then select the OUs or accounts that you wish to inspect.

To view drift status for OUs and accounts programmatically, call the ListEnabledBaselines API to view statuses for your enabled baselines. To view statuses for individual accounts programmatically with the ListEnabledBaselines API, use the includeChildren flag. You can filter by these statuses, and see only the accounts and OUs that require your attention.

Note

AWS Control Tower generates a lifecycle event when each drift remediation operation is completed.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Drift

Resolving drift