Drift Detection

Automatically detect and fix Terraform state drift with AI assistance

Overview

Terraform drift occurs when your actual cloud infrastructure differs from what's defined in your Terraform state. This can happen when resources are modified manually through cloud consoles, by other tools, or through automated processes outside of Terraform.

Infra.new's drift detection continuously monitors your Terraform state backends and automatically identifies when drift occurs. Our AI-powered system not only detects these changes but also provides intelligent suggestions to resolve them.

  • Continuous monitoring of your Terraform state backends
  • Automatic detection of configuration drift across all resources
  • AI-powered analysis and intelligent fix suggestions
  • One-click fixes for common drift scenarios

How It Works

Infra.new's drift detection works by continuously monitoring your connected Terraform state backends and comparing them with your actual cloud infrastructure.

1

Connect State Backends

Connect your existing Terraform state backends (S3, GCS) to enable continuous monitoring.

2

Continuous Monitoring

Infra.new regularly checks your state files and compares them against actual cloud resources.

3

Drift Detection

When differences are found, drift alerts are automatically created with detailed information about what changed.

4

AI Analysis & Fixes

Our AI analyzes the drift and provides intelligent suggestions for resolving the differences.

Setup Instructions

To enable drift detection, you need to connect your Terraform state backends to Infra.new. This requires cloud credentials with read access to your state storage.

Configure Cloud Credentials

Set up AWS or GCP credentials to access your state backends

Connect State Backends

Once you have configured your cloud credentials, connect your Terraform state backends:

  1. Navigate to State Backends in your dashboard
  2. Click Connect State Backend
  3. Select your cloud provider and configure the backend details:
S3 Backend

Monitor Terraform state stored in S3

  • • Bucket name and region
  • • State file key/prefix
  • • Optional: DynamoDB lock table
GCS Backend

Monitor Terraform state stored in GCS

  • • Bucket name and location
  • • State file prefix
  • • Project ID

Using Drift Detection

Dashboard Overview

Your main dashboard shows a summary of drift alerts across all connected backends. The drift detection card displays:

  • Total number of active drift alerts
  • Breakdown of active vs resolved alerts
  • Recent drift activity (last 30 days)

Click on the drift detection card to view detailed drift information.

Drift Alerts Table

The drift alerts page shows all detected drift organized by backend. Each backend section includes:

  • Backend Header: Shows backend name, total drift count, and
    Fix All
    button
  • Resource Rows: Individual resources with drift, showing resource name, type, status, and last detected time
  • Drift Details: Click any resource row to expand and see specific configuration differences

Understanding Drift Details

When you expand a drifted resource, you'll see:

  • Configuration Diff: Side-by-side comparison of expected vs actual configuration
  • Change Summary: Description of what changed and when
  • Impact Assessment: AI analysis of the change's significance

AI-Powered Drift Fixes

How AI Fixes Work

Infra.new's AI analyzes each drift scenario and determines the best approach to resolve it. The AI considers:

  • The type of resource and configuration that drifted
  • The nature of the change (addition, modification, deletion)
  • Best practices for Terraform state management
  • Potential impact on dependent resources

Fix All Functionality

For each backend with drift, you can use the

Fix All
button to resolve multiple drift issues simultaneously:

  1. Click Fix All for the backend with drift
  2. Review the AI-generated fix plan
  3. Approve or modify the suggested changes
  4. Apply the fixes to resolve the drift

Smart Fix Recommendations

The AI may recommend updating your Terraform configuration to match the actual state, reverting the cloud resources to match your configuration, or ignoring certain changes that are expected (like auto-scaling adjustments).

Best Practices

When to Fix vs Ignore Drift

Usually Fix These

  • • Security group rule changes
  • • Resource configuration modifications
  • • Unexpected resource deletions
  • • Tag or label changes

Consider Ignoring These

  • • Auto-scaling capacity changes
  • • System-managed attributes
  • • Temporary state changes
  • • Provider-specific defaults

Monitoring Tips

  • Set up regular reviews of drift alerts to catch issues early
  • Use the dashboard to monitor drift trends over time
  • Address critical infrastructure drift immediately
  • Document any intentional changes made outside of Terraform