Track infrastructure drift

driftctl is a free and open-source CLI that tracks, analyses, prioritizes and warns of infrastructure drift.

Just run driftctl to scan your tfstate, compare it to your actual infrastructure state on the provider side
and get a report on your infrastructure as code coverage.

Comprehensive and reliable information at a glance

Stop wasting hours reconciling your code and your cloud resources


Infrastructure as Code coverage

Scan your cloud provider and map your ressources with your infrastructure code base to generate your IaC coverage overview.

Track drift
as it happens

Analyse diff between consecutive runs and get warned about drift and unmanaged ressources.

Filter resources you wish to ignore.

Easy to setup
and to use

Just integrate driftctl into your CI flow or run it at scheduled intervals.

Output formats
Driftctl supports multiple kinds of output formats and by default uses a standard console output console. Json outputs are also available.

Resources filtering
Filtering resources can be done either through a driftignore that will simply put resources in a .driftignore file like a .gitignore or with Filter rules (powered by JMESPath) that will allow you to build complex expression to include and exclude a set of resources in your workflow.

Supported remotes and infrastructure sources
So far, driftctl only supports reading IaC from a Terraform state, be it local: --from tfstate://terraform.tfstate or on S3: --from tfstate+s3://my-bucket/path/to/state.tfstate and for resources based on AWS.

Multi state support
driftctl compares a combination of multiple Terraform states to the cloud provider APIs, so the output is more complete.

Easy to set up - Free and open source

available on Linux, macOS and Windows.

Released under Apache 2.0 licence

To learn more about  contributing to driftctl, please refer to the contribution guidelines and contributing guide for technical details.


Get product updates and occasional news.