𝗧𝗲𝗿𝗿𝗮𝗳𝗼𝗿𝗺 𝗗𝗿𝗶𝗳𝘁 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗥𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻

𝗧𝗲𝗿𝗿𝗮𝗳𝗼𝗿𝗺 𝗗𝗿𝗶𝗳𝘁 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗥𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻

Terraform drift creates silent risks in your production environment. It happens when your real infrastructure no longer matches your code.

This mismatch causes outages. It creates security gaps. It leads to compliance failures.

Why does drift happen?

• Engineers make emergency hotfixes in the cloud console.
• Teams perform manual changes during an incident.
• People create resources outside of your IaC workflow.
• Speed outpaces your governance rules.

Example: Your code defines an EC2 instance as a t2.micro. An engineer manually changes it to a t2.large in the AWS console. Your code and your reality are now different. This is drift.

How to find it: Run the terraform plan command. This shows you the gap between your code and the cloud. Note that some manual changes might stay hidden if they do not affect the specific resources Terraform tracks.

How to stop it:

• Use a remote backend. Store your state in AWS S3. This keeps your state file safe and versioned for your whole team.
• Use GitOps. Make Git your single source of truth. Every change must go through a pull request.
• Automate testing. Check your infrastructure changes before they go live.
• Monitor constantly. Use tools like AWS Config or Spacelift to alert you when changes occur outside of your code.

How to fix it: If you find drift, you must bring the infrastructure back to your code. You use the terraform apply command to overwrite manual changes and restore your intended state.

Consistency keeps your systems stable.

Source: https://dev.to/vprachi360/terraform-drift-detection-and-remediation-tactics-29bm

Optional learning community: https://t.me/GyaanSetuAi