Drift Detection for Terraform Cloud is Now Generally Available

HashiCorp’s Terraform Cloud added Drift Detection in June and we’re excited to announce Drift Detection for Terraform Cloud Business is generally available — and includes UI improvements. Drift Detection provides continuous checks against infrastructure state to detect and notify when infrastructure changes happen outside of the Terraform workflow, helping organizations beyond just Day 1 provisioning to manage infrastructure throughout its lifecycle.

Drift occurs when someone changes infrastructure outside of the tracked and versioned workflows, creating untracked differences between the actual infrastructure and its recorded state. This is problematic — applications can suddenly crash, deployments can unexpectedly fail, thousands of dollars in monthly costs can be wasted due to unused resources, and systems or unknown resources can be left open to public access — all because the infrastructure state didn’t match reality.

Drift Detection in Terraform Cloud makes it easy to detect drift and provides a single, shared source of truth so teams can increase efficiency while reducing risk related to security, compliance, and operational consistency. Enabling Drift Detection in your workspaces allows Terraform to:

• Detect when a resource has changed from what is recorded in the Terraform state file. You can also see additional context on the last time drift was checked, the resources that have drifted, and a visualization showing which attributes have changed.
• Notify the right infrastructure owners with customizable notifications using your preferred method of communication including email, Slack, or a webhook.
• Remediate drift directly from the Terraform Drift tab by accepting changes with a refresh-only plan or by making changes to the new infrastructure state.

During the public beta, users turned on Drift Detection for thousands of workspaces and provided feedback that helped us continue refining the user experience. The following sections highlight updates to Drift Detection added since the beta release.

»New in Drift Detection GA

Drift Detection helps operators gain continuous visibility into the state and condition of their multi-cloud infrastructure. This is to help those operators understand the health of complex infrastructure. While the functionality of Drift Detection remains the same, we’ve made several improvements to the UI that give you a better view into the health of your infrastructure.

»Enable Drift Detection in Health Assessments Tab

You’ll now find Drift Detection under “Health Assessments” in the UI under a workspace's General Settings.

We always want the same user experience for UI and API users, and the workspace setting, drift_detection is being renamed to assessments_enabled. This will not impact UI users, but if you have custom scripts hitting the API, they will need to be updated.

»Drift Detection for All Workspaces

We’ve seen Drift Detection become one of the most popular features of Terraform Cloud Business, and we want to make it even easier for organizations to reap the security, cost savings, and agility benefits it brings. You can now turn on Drift Detection for all workspaces by enabling Health Assessment for all accessible workspaces.

»Greater Visibility Into Your Infrastructure

The workspaces view includes a “Drift” designation in the workspace index listing, as well as a new filter for drift. This provides a simple holistic view of drift within your infrastructure.

Clicking into a workspace and selecting the Drift tab provides additional information such as:

• The last time drift was checked
• The resources that have drifted
• A visualization showing which attributes have changed

»Summary

To fully reap the benefits of infrastructure as code, operators must be able to detect changes in the infrastructure state not reflected in the code. Drift Detection for Terraform Cloud provides continuous checks against infrastructure state to detect and notify operators of changes in your infrastructure reducing risk exposure, application downtime, and costs.

»How to Get Started with Drift Detection

If you’re an existing Terraform Cloud Business customer, you can get leverage Drift Detection in four easy steps:

1. Enable Drift Detection in your workspace's General Settings, or for all workspaces by going into Organization Settings, selecting Health, and updating settings to “Enable across all workspaces in your organization”.
2. Once drift is detected, the workspaces view will show the drift status in the workspace index listing as well as a filter for drift.
3. Clicking on a workspace will outline the changes in the new workspace Drift tab
4. Resolve drift issues from the Terraform Drift tab by accepting changes with a refresh-only plan, or overwrite them by manually queueing a plan.

Take a look at our Drift Detection documentation for more details.

If you’re new to Terraform, try Terraform Cloud for free to provision, change, and version infrastructure resources on any environment. When you’re ready, upgrade to Terraform Cloud Business to take advantage of Drift Detection.

»Drift Detection Resources

To learn more about Drift Detection visit our Drift Detection for Terraform page, sign up for HashiConf Global (in Los Angeles and virtual, on Oct. 4-6), attend our HashiConf Lab on Drift Detection, and watch the overview video below.