Driftctl: A Tool to detect Infrastructure Drifts

Infrastructure-as-code tools make it easy to provision servers and other infrastructure components on public and private clouds. When constant changes, version and configuration differences, with faulty processes, are made to infrastructure even when controlled by tools such as Terraform and other similar tools, it could lead to what is known as Infrastructure drift.

Despite diligence and carefulness from DevOps teams and infrastructure developers, infrastructure drift could still happen. Sometimes tools such as Terraform, fail to catch the update that was made to an infrastructure code. This is however not due to the incompetence of Terraform but due to the fact that Terraform runs without taking into account the capacity of humans to make errors.

Infrastructure drift causes a lot of headache for developers, it means spending a lot of time and energy fixing bugs caused by this infrastructure drift. It could lead to a bunch of security problems, deployment failures, and cost you a lot of money.

What Driftctl does is to make sure that it warns you of infrastructure drift before they become a problem, whereby it runs the Terraform state files against the actual infrastructure.

The most important however is that driftctl doesn’t just catch changes made on the Terraform state files but also notifies you of manual changes that might have been made on the Cloud application programming interface. While Driftctl notifies you of the drift, it doesn’t fix them. However, this is apparently part of the plan for versions to come.

“So far, Driftctl detects and warns of infrastructure drift but does not correct it.” Said Driftctl CTO Stephane Jourdane. He continued, saying “But providing corrections of the drift events is definitely something that we’re planning as a second step of the project. Part of this remediation will be proposed as pull requests with some additional code matching the change detection.”

Alongside that, the team hopes to release updated versions that support other cloud providers apart from AWS and just Terraform as those are what the initial version supports. The team said they did not want to wait to add support for more before releasing driftctl.

“Future releases will add support for a lot more, but we didn’t want to wait to release this early. Those releases support what we thought were the most common services on AWS, and this was also backed with hours of interviews with DevOps practitioners around the world those last months. So we started with EC2, S3, IAM, RDS, and Lambda, and we’re already working on supporting VPC, CloudFront, Aurora, DynamoDB, API Gateway, SNS/SQS, ECS/EKS/ECR, or KMS. The coming weeks will be exciting!” The team promised in their official announcement.