driftctl is a free and open-source CLI that tracks, analyses, prioritizes and warns of infrastructure drift.
Just run driftctl to scan your tfstate, compare it to your actual infrastructure state on the provider side
and get a report on your infrastructure as code coverage.
Comprehensive and reliable information at a glance
Infrastructure as Code coverage
Scan your cloud provider and map your ressources with your infrastructure code base to generate your IaC coverage overview.
Analyse diff between consecutive runs and get warned about drift and unmanaged ressources.
Filter resources you wish to ignore.
Just integrate driftctl into your CI flow or run it at scheduled intervals.
Driftctl supports multiple kinds of output formats and by default uses a standard console output console. Json outputs are also available.
Filtering resources can be done either through a driftignore that will simply put resources in a
.driftignore file like a
.gitignore or with Filter rules (powered by JMESPath) that will allow you to build complex expression to include and exclude a set of resources in your workflow.
Supported remotes and infrastructure sources
So far, driftctl only supports reading IaC from a Terraform state, be it local:
--from tfstate://terraform.tfstate or on S3:
--from tfstate+s3://my-bucket/path/to/state.tfstate and for resources based on AWS.
Multi state support
driftctl compares a combination of multiple Terraform states to the cloud provider APIs, so the output is more complete.
available on Linux, macOS and Windows.
Released under Apache 2.0 licence
To learn more about contributing to driftctl, please refer to the contribution guidelines and contributing guide for technical details.