Drift is one of the most frequent and fundamental challenges of the infrastructure built with the terraform.
To understand drift better, let's walkthrough
[1] Desired State: It is the state of a resource that is configured in the resource block of your terraform (.tf) file.
[2] Current State: It is the actual configuration state of a resource that is in service.
Drift is nothing but the deviation between the desired state and the current state !!
Why does a drift happen?
Though it is recommended to centralize terraform to provision the infra, it doesn't stop an individual with the provisioning access to modify/remove the resources spun by terraform.
Some of the best practices to limit the drift:
🔷 Provide least privilege access to the users with permission boundaries
🔷 Integrate Terraform with version control tools (GIT) and CI/CD pipelines
How to detect a drift?
🔶 terraform State: The state file tracks the resources defined in the desired state and those that exist in the infrastructure (current state)
🔶 terraform plan –refresh-only: The refresh command to reconcile the real-world drift outside of terraform
Note:
This is a refresh-only plan, so Terraform will not take any actions to undo the detected drift.
How to remediate the drift then?
🔶 Running 'terraform apply' would reset the current state to the desired state.
Look at the below diagram to understand the sample architecture to detect the drifts and remediate them 👇
Follow: https://www.linkedin.com/in/govardhana-miriyala-kannaiah/
for more content related to Professional Development/ Cloud / DevSecOps / Infrastructure as Code / CyberSecurity
Top comments (0)