Terraform Drift Detection

08. 01. 2022 1 min read advanced

Cloud Advanced

Terraform Drift Detection¶

TerraformDriftReconciliationGitOps 5 min read

Drift detection, terraform plan -refresh-only, prevention and remediation.

What is Drift¶

Difference between desired vs actual state. Causes: manual changes, auto-scaling, other tooling.

Detection¶

terraform plan -refresh-only -detailed-exitcode
# Exit 0 = no drift, Exit 2 = drift detected

# Scheduled CI check
on:
  schedule:
    - cron: '0 8 * * 1-5'

Prevention¶

SCPs/Azure Policy — block manual changes
Read-only console — write only through CI/CD
lifecycle ignore_changes for auto-managed attributes

Summary¶

Drift is inevitable. Scheduled plans + policies + review = solution.

Need Help with Implementation?¶

Our team has experience designing and implementing modern architectures. We’re happy to help.

Free Consultation

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

OpenStack — building a private cloud from scratch

How we deployed OpenStack as a private cloud platform for a mid-sized company. Nova, Neutron, Cinder, and lessons...

Container orchestration: Kubernetes vs Mesos vs Swarm

A comparison of the three main container orchestration platforms — Kubernetes, Apache Mesos/Marathon, and Docker...

Kubernetes 1.0: Production Container Orchestration Is Here

Google released Kubernetes 1.0 and handed the project over to CNCF. What this means for enterprise container...