.driftignore is a simple way to ignore resources, you put resources in a
.driftignore file like a
If you need only to exclude a set of resources you should use .driftignore, if you need something more advanced, check filter rules.
Create the .driftignore file where you launch driftctl (usually the root of your IaC repo).
Each line must be of kind
resource_type.resource_id, resource_id could be a wildcard to exclude all resources of a given type.
resource_type.resource_id.path.to.field_name, resource_id can be wildcard to ignore a drift on given field for a given type, path could also contain wildcards.
The .driftignore file also supports negation of rules. This way you could ignore everything except certain types.
For example, if you want to ignore everything but IAM drifts:
# Will ignore S3 bucket called my-bucket
# Will ignore every aws_instance resource
# Will ignore environment for all lambda functions
# Will ignore resources like aws_iam_role.AmazonSSMRoleForInstances and aws_iam_role.AWSServiceRoleForAmazonSSM
# Will ignore lastModified for my-lambda-name lambda function
Precedence over filter rules
The above mechanism to ignore resources can be used in combination with filter rules. Bear in mind that if the same resource is included by a filter rule and excluded inside the .driftignore file, driftctl will just ignore this resource.