Terraform drift-detection 🌬️

In Terraform, a drift is when the real-world state of your infrastructure differs from the state defined in your configuration. Terraform helps detect and manage drift when pushing new configuration changes. Terraform will alert of any drifts as part of the provisioning process. For more info, read Detecting and Managing Drift with Terraform.

But what happens when an already running infrastructure configuration is changed outside of your Terraform provisioning lifecycle? A manual modification conducted directly in runtime can go undetected for hours, days or even weeks if no refresh/apply/plan are executed.

Our new drift-detection module for Terraform Cloud can assist in evaluating real-time configuration changes and identify drifts in near to real time. By continuously analyzing plans in Terraform Cloud, as well as running configuration states in AWS, Azure and GCP, Bridgecrew is able to alert on configuration drifts that contradict previously defined Terraform states.

Drifts detected are streamed into the Bridgecrew platform, where you can evaluate the change and decide how to reconcile it against the actual desired state.


someone opened up a security group the internet? that wasn't part of the terraform-plan