Drift Detection
← Back to Glossary
Infrastructure as Code

What is Drift Detection?

Drift detection is the process of identifying when actual infrastructure state has diverged from the desired state defined in code, enabling remediation before issues occur.

What Causes Infrastructure Drift

Drift occurs when the actual state of infrastructure diverges from the desired state defined in code. Common causes include:

  • Manual changes — someone modifies a resource through the AWS console
  • Automated scaling — auto-scaling groups add or remove instances
  • External tools — other automation systems modify shared resources
  • Failed deployments — partially applied changes leave resources in an inconsistent state

Detection Methods

  • Terraform plan — running terraform plan compares state against actual infrastructure and reports differences
  • Scheduled drift checks — automated pipelines that run plan regularly and alert on detected drift
  • AWS Config — monitors resource configurations and flags deviations from desired state
  • Custom monitoring — application-level checks that verify infrastructure meets expectations

Remediation Strategies

When drift is detected, teams have two options: reconcile by applying the desired state from code (overwriting manual changes), or adopt by updating the code to match the current state (preserving manual changes).

The right choice depends on context. Unauthorized changes should be reconciled. Legitimate changes made outside of Terraform should be adopted into code.

Prevention

The best drift detection is drift prevention. Restrict console access to read-only for production accounts, route all changes through pull requests, and use Service Control Policies to enforce guardrails at the AWS Organizations level.

Related Terms

TerraformTerraform StateInfrastructure as Code

Related Articles

Terraform the Easy Way

The companion to 'Terraform the Hard Way.' Same twenty-one crossroads, framed against what each one looks like under a framework that's already made the decisions. With concrete Atmos snippets at every step.

May 09 2026

Terraform the Hard Way

A guided checklist of every decision you'll make on the road from `terraform apply` to production. Not a recommendation — an education. Borrowed in spirit from Kelsey Hightower's 'Kubernetes the Hard Way.'

May 08 2026

Build Your Internal Developer Platform Last

An internal developer platform is the icing on the cake — the reward for getting the foundation underneath into shape. Here's what I've learned about when the icing actually delivers, and why a framework matters more than the portal.

May 05 2026

The Most Expensive Lie in Cloud Engineering

Teams keep telling themselves infrastructure is simple. 'It's just Terraform.' 'A contractor can clean it up.' Here's what those assumptions actually cost.

Apr 20 2026

The Role of Open Source Module Libraries in a Post-AI World

Open source Terraform module libraries are infrastructure's equivalent of npm and PyPI—battle-tested foundations that become even more critical when AI enters the picture.

Feb 17 2026

The Production Ready Newsletter

Build Smarter. Avoid Mistakes. Stay Ahead of DevOps Trends That Matter.

Turn SOC 2 controls into code and evidence into automation.

For Developers

  • GitHub
  • Documentation
  • Quickstart Docs
  • Resources
  • Read our Blog

Community

  • Join Office Hours
  • Join the Slack Community
  • DevOps Podcast
  • Try our Newsletter

Company

  • Services & Support
  • AWS Migrations
  • Pricing
  • Book a Meeting
  • Media Kit

Legal

  • Terms of Use
  • Privacy Policy
  • Disclaimer
  • Cookie Policy
Copyright ©2026 Cloud Posse, LLC. All rights reserved.