Detect and manage drift in Terraform and IaC configurations proactively
How quickly are you able to respond to application drift or other changes in your Terraform, Helm, or other IaC assets? Do you even know when drift occurs?
Many of our customers have found that the speed and volume of changes in infrastructure configurations is climbing rapidly, especially as software architectures become highly distributed and services based.
Commensurate with those changes is a critical infrastructure management challenge: identifying and dealing with drift in Terraform configurations and other IaC scripts.
Building on our recent post on auto-discovery of IaC configurations, this post outlines the new, automatic drift detection and remediation capabilities in Torque.
Clarifying – what is “drift”?
Let’s start with a definition. Drift is a change in the current configuration of a live operating environment compared to the original configuration definition used to deploy the environment. It is a mismatch between what is defined in your IaC configuration (contained in the source of truth – usually stored in a GIT) and what is actually running in the real world.
Drift occurs for many reasons. The most common is when manual changes to a cloud resource made directly in a cloud console are not reflected in the IaC code. Another cause of drift is when a security flaw requires the immediate application of a patch to a resource.
How drift can create risk
Unrecognized infrastructure drift can create multiple risks that can become major problems if left unaddressed.
Even a simple misconfiguration of cloud resource could expose sensitive data and systems to the public internet. One industry survey reported that Site Reliability Engineers spend 44% of their time responding to incidents and outages.
Risk also extends to performance and productivity. Development teams unaware of environment changes may experience applications suddenly failing, or find their pipeline derailed when development and test environments break.
Responding to drift in Terraform scripts and other IaC assets
When drift is detected, Torque posts an alert notice for the associated environment that details which specific resource was changed (S3 bucket, database, EC2 instance etc.) and the impacted infrastructure blueprints. These notifications allow those with the appropriate permissions to implement any necessary changes, while preventing intervention from any unauthorized users.
Torque blueprints also provide developers direct visibility into what changes occurred and where, eliminating the need to manually decode the IaC definition to figure out what infrastructure was affected. They can simply contact the appropriate colleague to determine the best path forward and resume coding.
Drift detection in Torque is tightly aligned with its auto discovery and auto identification of infrastructure assets. The identification step de-constructs IaC configurations and identifies and models the infrastructure elements into standardized views of the entire infrastructure stack. This allows users to detect drift changes at a very granular level and provide seamless transparency into the change.
Whether your developers are just getting started with IaC or you have highly skilled dev teams experienced in performing IaC workflows, Torque’s drift management will:
- Help your operators take corrective action quickly
- Eliminate wasted time for manual troubleshooting by developers
- Deliver increased visibility into what is running in your cloud accounts
- Streamline change management and infrastructure lifecycle management processes
- Develop standardized views of your entire infrastructure stacks
This is just the start!
Torque’s automatic drift detection capability supports Terraform configurations, and we are working to enable drift detection for additional IaC and virtualization technologies. Stay tuned for updates!
Check out these related assets:
To experience first-hand the power of Torque’s control plane, start a 30-day free trial.
Sign up here – no credit card required!