Join us for live office hours! Next WednesdayNext Wed
Drift Detection
← Back to Glossary
Infrastructure as Code

What is Drift Detection?

Drift detection is the process of identifying when actual infrastructure state has diverged from the desired state defined in code, enabling remediation before issues occur.

What Causes Infrastructure Drift

Drift occurs when the actual state of infrastructure diverges from the desired state defined in code. Common causes include:

  • Manual changes — someone modifies a resource through the AWS console
  • Automated scaling — auto-scaling groups add or remove instances
  • External tools — other automation systems modify shared resources
  • Failed deployments — partially applied changes leave resources in an inconsistent state

Detection Methods

  • Terraform plan — running terraform plan compares state against actual infrastructure and reports differences
  • Scheduled drift checks — automated pipelines that run plan regularly and alert on detected drift
  • AWS Config — monitors resource configurations and flags deviations from desired state
  • Custom monitoring — application-level checks that verify infrastructure meets expectations

Remediation Strategies

When drift is detected, teams have two options: reconcile by applying the desired state from code (overwriting manual changes), or adopt by updating the code to match the current state (preserving manual changes).

The right choice depends on context. Unauthorized changes should be reconciled. Legitimate changes made outside of Terraform should be adopted into code.

Prevention

The best drift detection is drift prevention. Restrict console access to read-only for production accounts, route all changes through pull requests, and use Service Control Policies to enforce guardrails at the AWS Organizations level.

Related Terms

TerraformTerraform StateInfrastructure as Code

Related Articles

The Role of Open Source Module Libraries in a Post-AI World

Open source Terraform module libraries are infrastructure's equivalent of npm and PyPI—battle-tested foundations that become even more critical when AI enters the picture.

Feb 17 2026

Own Your Infrastructure

AI leveled the playing field. You don't need vendor platforms anymore. Here's what real infrastructure ownership looks like and why it's your strategic advantage.

Feb 15 2026

Why Terraform Is More Relevant Than Ever in the AI Era

Generative AI doesn't replace infrastructure as code—it supercharges it. Here's why IaC is the perfect foundation for agentic development.

Jan 28 2026

Service-Oriented Terraform: Why the Patterns That Work for Software Work for Infrastructure

Infrastructure as Code follows the same architectural principles software engineering established decades ago. Here's why service-oriented patterns aren't workarounds—they're the right way to build.

Nov 30 2025

Building Enterprise-Grade Terraform: A Practical Guide

Ready to build enterprise-grade Terraform? This guide covers the architectural patterns, governance frameworks, and practical implementation steps that successful teams use to balance compliance with team autonomy.

Nov 15 2025

The Production Ready Newsletter

Build Smarter. Avoid Mistakes. Stay Ahead of DevOps Trends That Matter.

The fastest way to achieve SOC 2 on AWS with Terraform and GitHub Actions.

For Developers

  • GitHub
  • Documentation
  • Quickstart Docs
  • Resources
  • Read our Blog

Community

  • Join Office Hours
  • Join the Slack Community
  • DevOps Podcast
  • Try our Newsletter

Company

  • Services & Support
  • AWS Migrations
  • Pricing
  • Book a Meeting

Legal

  • Terms of Use
  • Privacy Policy
  • Disclaimer
  • Cookie Policy
Copyright ©2026 Cloud Posse, LLC. All rights reserved.