Join our community Discord server

Catch drift outside of your infrastructure code

Infrastructure drift is a blind spot and a source of potential security issues.

driftctl is a free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.

GitHub
Documentation

Detect all changes outside of your regular workflow

One of the biggest challenges in an IaC managed infrastructure is to spot discrepancies as they happen.
Drift can have multiple causes: from team members creating or updating infrastructure through the web console without backporting changes to Terraform, to unexpected actions from authenticated apps and services.

Found 11 resource(s)
– 81% coverage
9 covered by IaC
2 not covered by IaC
0 deleted on cloud provider
1/9 drifted from IaC

Run, List, Fix

Scanning resources: ⣟ (60)
Found unmanaged resources:

aws_instance:
– i-026e3757e80439cd0

aws_ebs_volume:
– vol-0283f34ad3e365243

aws_iam_access_key:
– AKIASBXWQ3AYQP26QLEP (User: microservice-lhzogr)

aws_iam_policy_attachment:
– microservice-lhzogr-arn:aws:iam::aws:policy/AdministratorAccess

Found 11 resource(s)
– 63% coverage
7 covered by IaC
4 not covered by IaC
0 deleted on cloud provider
0/7 drifted from IaC

Run, List, Fix

Check your cloud environment and get a list of what you need to get back under control. Remove all blind spots to prevent any unpleasant surprises.

  • Delete immediately admin policy attachment
  • Investigate access key asap
  • Add ebs volume to .driftignore for now
  • Import aws_instance to Terraform

Schedule your checks

Schedule runs to get regular scans and reports on all anomalies and events that shouldn’t exist outside of your process.

Click below to see full workflow and scheduled jobs examples in the documentation.

Stay in touch

Get product updates and occasional news.