Swiftorial Logo
Home
Swift Lessons
Matchups
CodeSnaps
Tutorials
Career
Resources

Drift Detection & Reconciliation in Infrastructure as Code

Introduction

Drift detection and reconciliation in Infrastructure as Code (IaC) ensure that the infrastructure state defined in code matches the actual state in the environment. This lesson addresses the importance of maintaining consistency and integrity in infrastructure management.

Key Concepts

Drift

Drift refers to the divergence between the actual infrastructure state and the state defined in IaC. This can occur due to manual changes, updates, or failures in automation.

Reconciliation

Reconciliation is the process of bringing the actual infrastructure state back in line with the defined state in IaC. This can involve updating configurations, removing unauthorized changes, or re-applying the desired state.

Drift Detection Process

The drift detection process involves several key steps:

  • Retrieve the current state of the infrastructure.
  • Compare the current state with the desired state defined in IaC.
  • Identify any discrepancies or drift.
  • Report the drift for review and action.
    • terraform plan -out=tfplan

    Use the command above to check for drift in Terraform.

    Reconciliation Process

    Once drift is detected, the reconciliation process can be initiated:

  • Review the detected drift and determine the cause.
  • Decide whether to accept the drift, revert to IaC, or modify the IaC.
  • Apply the changes to restore consistency.
  • Verify the infrastructure state post-reconciliation.
    • terraform apply tfplan

    Apply the plan to reconcile the drift using Terraform.

    Best Practices

    Regularly monitor infrastructure to detect drift early.
    • Automate drift detection using CI/CD pipelines.
    • Implement policies to restrict manual changes to infrastructure.
    • Use version control for IaC scripts for accountability.
    • Document all infrastructure changes and reconciliation actions.

    FAQ

    What tools can be used for drift detection?

    Tools like Terraform, AWS CloudFormation, and Azure Resource Manager provide built-in drift detection capabilities.

    How often should drift detection be performed?

    Drift detection should be performed regularly, ideally as part of your CI/CD pipeline or at predetermined intervals.

    Can drift be prevented?

    While it's difficult to completely prevent drift, implementing strict policies and using automation can significantly reduce occurrences.