Driftctl: A Tool to detect Infrastructure Drifts


The team behind the infrastructure-as-code collaboration platform for DevOps, Cloudskiff, recently released the first version of a new open-source command-line interface tool called driftctl to help combat infrastructure drifts.

The company stated that the goal of this new tool is to help infrastructure developers, DevOps, SRE, and cloud practitioners help manage all types of infrastructure drifts.

“We built Driftctl to help developers know when things change on their IaaS, whatever reason it does, and give them a good overview of their infrastructure-as-code coverage.” The team said in their official announcement.

What Driftctl does is to make sure that it warns you of infrastructure drift before they become a problem, whereby it runs the Terraform state files against the actual infrastructure
What Driftctl does is to make sure that it warns you of infrastructure drift before they become a problem, whereby it runs the Terraform state files against the actual infrastructure
Key Facts
  1. 1

    Driftctl is designed to monitor, examine, highlight and notify users of infrastructure drift.

  2. 2

    Driftctl is an open-source tool using an Apache 2.0 license.

  3. 3

    It scans the Terraform state of the files and simultaneously compares it with the infrastructure state on provider sites.

  4. 4

    It arranges these notifications of drift according to importance, leading with those that might have severe effects. Developers and other users of driftctl would be able to filter the notifications that they wish to ignore.


Infrastructure-as-code tools make it easy to provision servers and other infrastructure components on public and private clouds. When constant changes, version and configuration differences, with faulty processes, are made to infrastructure even when controlled by tools such as Terraform and other similar tools, it could lead to what is known as Infrastructure drift.

Despite diligence and carefulness from DevOps teams and infrastructure developers, infrastructure drift could still happen. Sometimes tools such as Terraform, fail to catch the update that was made to an infrastructure code. This is however not due to the incompetence of Terraform but due to the fact that Terraform runs without taking into account the capacity of humans to make errors.

Infrastructure drift causes a lot of headache for developers, it means spending a lot of time and energy fixing bugs caused by this infrastructure drift. It could lead to a bunch of security problems, deployment failures, and cost you a lot of money.

What Driftctl does is to make sure that it warns you of infrastructure drift before they become a problem, whereby it runs the Terraform state files against the actual infrastructure.

The most important however is that driftctl doesn’t just catch changes made on the Terraform state files but also notifies you of manual changes that might have been made on the Cloud application programming interface. While Driftctl notifies you of the drift, it doesn’t fix them. However, this is apparently part of the plan for versions to come.

“So far, Driftctl detects and warns of infrastructure drift but does not correct it.” Said Driftctl CTO Stephane Jourdane. He continued, saying “But providing corrections of the drift events is definitely something that we’re planning as a second step of the project. Part of this remediation will be proposed as pull requests with some additional code matching the change detection.”

Alongside that, the team hopes to release updated versions that support other cloud providers apart from AWS and just Terraform as those are what the initial version supports. The team said they did not want to wait to add support for more before releasing driftctl.

Future releases will add support for a lot more, but we didn’t want to wait to release this early. Those releases support what we thought were the most common services on AWS, and this was also backed with hours of interviews with DevOps practitioners around the world those last months. So we started with EC2, S3, IAM, RDS, and Lambda, and we’re already working on supporting VPC, CloudFront, Aurora, DynamoDB, API Gateway, SNS/SQS, ECS/EKS/ECR, or KMS. The coming weeks will be exciting!” The team promised in their official announcement.

Get similar stories in your inbox weekly, for free

Is this news interesting? Share it with your followers

Latest stories

DevOps: Report on Devil's Practices by DORA

The report is drafted from a report release of the annual research and survey of …

Amazon Elasticsearch Gets a New Version With Name Deprecated

Accompanied by new advancements is Amazon OpenSearch, the same body of code as its predecessor, …

McAfee Partners With IBM Security to Deliver TD Synnex Security Solution

The MVISION platform and Security wing of IBM's partnership endgame are to extend increased protection …

Amazon MSK Connect Launched to Better Apache Kafka UX

Amazon follows up on its 2018 data streaming software, Amazon Managed Streaming for Apache Kafka, …

Cloud: Zone Redundant Storage Released on General Availability

The report is drafted from a press release of the Microsoft Azure team on the …

Security: IBM Traces Two-Thirds of Compromises to Misconfigured APIs

The report is drafted from a sweeping survey of dark web analysis and various X-Force …