Infra0 Docs

Documentation

Drift Detection Overview

Drift Detection

Drift Detection compares your actual cloud resources against your Terraform state to identify configuration drift — when real infrastructure has changed outside of Terraform.

What is Drift? Drift occurs when someone manually modifies a cloud resource (via the AWS/Azure/GCP console or CLI) without updating the Terraform code. This causes the actual resource to differ from the desired state in your configuration.

Accessing Drift Detection

  • From within a Workspace, navigate to the Drift Detection section
  • Or click 'Drift Check' in the Workspace Dock

Drift Detection Features

  1. 1
    Drift Status Banner
    • Displayed at the top of the drift detection page
    • Shows the current drift status: Clean, Drifted, or Unknown
    • Shows the timestamp of the last drift check
    • Color-coded: Green (no drift), Red (drift detected), Gray (not checked yet)
  2. 2
    Resource Drift Table
    • Lists all managed resources and their drift status
    • Columns:
    • Resource Type (e.g., aws_s3_bucket, azurerm_virtual_machine)
    • Resource Name
    • Drift Status (Drifted / Not Drifted)
    • Changes Detected (description of what changed)
    • Last Checked timestamp
    • Drifted resources are highlighted in red
  3. 3
    Drift History Table
    • Shows a log of all past drift detection runs
    • Columns: Timestamp, Status, Resources Checked, Drifted Resources
    • Click a history entry to see the detailed results of that scan
  4. 4
    Drift Schedule Card
    • Configure automated drift detection on a schedule
    • Cron-based scheduling (e.g., every 6 hours, daily at midnight)
    • Toggle automatic drift checking on or off
    • View the next scheduled run time
  5. 5
    Manual Drift Check
    • Click 'Run Drift Check Now' to trigger an immediate scan
    • Results are available within minutes
    • Manual check also appears in the drift history

Responding to Drift

  1. 1
    Review the drifted resources in the resource table
  2. 2
    Determine whether the manual change should be accepted or reverted
  3. 3
    If accepting the change: Update your Terraform code to reflect the new state, then run terraform apply
  4. 4
    If reverting the change: Run terraform apply to restore the resource to the Terraform-defined state

Best Practice

  • Run drift detection on a schedule (daily or after any change freeze period)
  • Treat any detected drift as a priority issue to investigate and resolve
Terraform DockTickets Overview