Driftctl: A Tool to detect Infrastructure Drifts


The team behind the infrastructure-as-code collaboration platform for DevOps, Cloudskiff, recently released the first version of a new open-source command-line interface tool called driftctl to help combat infrastructure drifts.

The company stated that the goal of this new tool is to help infrastructure developers, DevOps, SRE, and cloud practitioners help manage all types of infrastructure drifts.

“We built Driftctl to help developers know when things change on their IaaS, whatever reason it does, and give them a good overview of their infrastructure-as-code coverage.” The team said in their official announcement.

What Driftctl does is to make sure that it warns you of infrastructure drift before they become a problem, whereby it runs the Terraform state files against the actual infrastructure
What Driftctl does is to make sure that it warns you of infrastructure drift before they become a problem, whereby it runs the Terraform state files against the actual infrastructure
Key Facts
  1. 1

    Driftctl is designed to monitor, examine, highlight and notify users of infrastructure drift.

  2. 2

    Driftctl is an open-source tool using an Apache 2.0 license.

  3. 3

    It scans the Terraform state of the files and simultaneously compares it with the infrastructure state on provider sites.

  4. 4

    It arranges these notifications of drift according to importance, leading with those that might have severe effects. Developers and other users of driftctl would be able to filter the notifications that they wish to ignore.


Infrastructure-as-code tools make it easy to provision servers and other infrastructure components on public and private clouds. When constant changes, version and configuration differences, with faulty processes, are made to infrastructure even when controlled by tools such as Terraform and other similar tools, it could lead to what is known as Infrastructure drift.

Despite diligence and carefulness from DevOps teams and infrastructure developers, infrastructure drift could still happen. Sometimes tools such as Terraform, fail to catch the update that was made to an infrastructure code. This is however not due to the incompetence of Terraform but due to the fact that Terraform runs without taking into account the capacity of humans to make errors.

Infrastructure drift causes a lot of headache for developers, it means spending a lot of time and energy fixing bugs caused by this infrastructure drift. It could lead to a bunch of security problems, deployment failures, and cost you a lot of money.

What Driftctl does is to make sure that it warns you of infrastructure drift before they become a problem, whereby it runs the Terraform state files against the actual infrastructure.

The most important however is that driftctl doesn’t just catch changes made on the Terraform state files but also notifies you of manual changes that might have been made on the Cloud application programming interface. While Driftctl notifies you of the drift, it doesn’t fix them. However, this is apparently part of the plan for versions to come.

“So far, Driftctl detects and warns of infrastructure drift but does not correct it.” Said Driftctl CTO Stephane Jourdane. He continued, saying “But providing corrections of the drift events is definitely something that we’re planning as a second step of the project. Part of this remediation will be proposed as pull requests with some additional code matching the change detection.”

Alongside that, the team hopes to release updated versions that support other cloud providers apart from AWS and just Terraform as those are what the initial version supports. The team said they did not want to wait to add support for more before releasing driftctl.

Future releases will add support for a lot more, but we didn’t want to wait to release this early. Those releases support what we thought were the most common services on AWS, and this was also backed with hours of interviews with DevOps practitioners around the world those last months. So we started with EC2, S3, IAM, RDS, and Lambda, and we’re already working on supporting VPC, CloudFront, Aurora, DynamoDB, API Gateway, SNS/SQS, ECS/EKS/ECR, or KMS. The coming weeks will be exciting!” The team promised in their official announcement.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …