Driftctl : how it works
A simple demo to show how to quickly catch your infrastructure drift
In this first demo, we will create, using Terraform, a simple IAM user with a keypair and attach to it a limited policy. Then we will make a series of (bad!) manual changes on the AWS console, to finally show how simply running driftctl helps to be alerted about new drifts!
Once you’ve gone through this page, we also recommend you to visit this advanced demo where you will learn how to use driftctl in a more realistic real-life environment, with multiple Terraform states and output filtering.
Requirements
We recommend using an AWS account dedicated to testing.
- An AWS account with IAM keys (AWS Homepage). See this AWS CLI documentation for a quick start.
- Terraform 0.14.x (download link)
- Driftctl (github)
- Example Terraform code (here)
Create a test AWS environment
Download the example Terraform code and execute it:
AWS_ACCESS_KEY_ID / AWS_SECRET_KEY pair): Initialize the Terraform environment:
Run Terraform
Log in to the AWS console here, navigate to the IAM tab and confirm the new IAM user is created.
Create a manual drift on AWS
For demonstration purposes, let’s create some major drifts from the Terraform code and intention:
- Go to the IAM user details, and deactivate the IAM key
2. Go to the IAM user details, and create a new IAM access key pair (don’t save the details, it’s for demo purposes)
3. Go to the IAM user details
- Click on “Add permissions”
- Click on “Attach existing policies directly”
- Add an IAM policy of your choosing.
- Click on “review” then “add permissions”
- Confirm both policies are displayed.
Detect the drift
Confirm that Terraform doesn’t rollback nor notify the changes we just made manually:
Now, using driftctl, execute the following:
Voila!
Driftctl just reported you a set of manual changes that would otherwise stay in the dark!
This first demo gave you a basic understanding of how the CLI works. Feel free to visit this advanced demo where you will learn how to use driftctl in a more realistic real-life environment, with multiple Terraform states and output filtering.
Stay in touch
Get product updates and occasional news.