This article explains how to implement automatic drift detection in CDK Pipelines using Amazon EventBridge to validate CloudFormation stack integrity before deployment.

• CloudFormation drift occurs when resources are manually changed outside the pipeline
• Drift detection integrated as pre-deployment validation step in CDK Pipelines
• EventBridge captures drift detection state change events from CloudFormation
• Custom DriftDetectionStep class extends Step and implements ICodePipelineActionFactory
• Lambda function initiates drift detection and stores detection ID in DynamoDB
• Callback Lambda receives EventBridge events and reports status back to pipeline
• Pipeline continues if stack is IN SYNC, fails if stack is DRIFTED
• Solution scales with multiple stacks per pipeline stage

This approach provides automated drift detection within CI/CD pipelines, preventing configuration inconsistencies and security vulnerabilities in production environments.