Drift Detection for Terraform Cloud continuously checks infrastructure state to detect and notify operators of any changes, minimizing risk, downtime, and costs.
HashiCorp’s Terraform Cloud added Drift Detection in June and we’re excited to announce Drift Detection for Terraform Cloud Business is generally available — and includes UI improvements. Drift Detection provides continuous checks against infrastructure state to detect and notify when infrastructure changes happen outside of the Terraform workflow, helping organizations beyond just Day 1 provisioning to manage infrastructure throughout its lifecycle.
Drift occurs when someone changes infrastructure outside of the tracked and versioned workflows, creating untracked differences between the actual infrastructure and its recorded state. This is problematic — applications can suddenly crash, deployments can unexpectedly fail, thousands of dollars in monthly costs can be wasted due to unused resources, and systems or unknown resources can be left open to public access — all because the infrastructure state didn’t match reality.
Drift Detection in Terraform Cloud makes it easy to detect drift and provides a single, shared source of truth so teams can increase efficiency while reducing risk related to security, compliance, and operational consistency. Enabling Drift Detection in your workspaces allows Terraform to:
During the public beta, users turned on Drift Detection for thousands of workspaces and provided feedback that helped us continue refining the user experience. The following sections highlight updates to Drift Detection added since the beta release.
Drift Detection helps operators gain continuous visibility into the state and condition of their multi-cloud infrastructure. This is to help those operators understand the health of complex infrastructure. While the functionality of Drift Detection remains the same, we’ve made several improvements to the UI that give you a better view into the health of your infrastructure.
You’ll now find Drift Detection under “Health Assessments” in the UI under a workspace's General Settings.
We always want the same user experience for UI and API users, and the workspace setting,
drift_detection is being renamed to
assessments_enabled. This will not impact UI users, but if you have custom scripts hitting the API, they will need to be updated.
We’ve seen Drift Detection become one of the most popular features of Terraform Cloud Business, and we want to make it even easier for organizations to reap the security, cost savings, and agility benefits it brings. You can now turn on Drift Detection for all workspaces by enabling Health Assessment for all accessible workspaces.
The workspaces view includes a “Drift” designation in the workspace index listing, as well as a new filter for drift. This provides a simple holistic view of drift within your infrastructure.
Clicking into a workspace and selecting the Drift tab provides additional information such as:
To fully reap the benefits of infrastructure as code, operators must be able to detect changes in the infrastructure state not reflected in the code. Drift Detection for Terraform Cloud provides continuous checks against infrastructure state to detect and notify operators of changes in your infrastructure reducing risk exposure, application downtime, and costs.
If you’re an existing Terraform Cloud Business customer, you can get leverage Drift Detection in four easy steps:
Take a look at our Drift Detection documentation for more details.
If you’re new to Terraform, try Terraform Cloud for free to provision, change, and version infrastructure resources on any environment. When you’re ready, upgrade to Terraform Cloud Business to take advantage of Drift Detection.
To learn more about Drift Detection visit our Drift Detection for Terraform page, sign up for HashiConf Global (in Los Angeles and virtual, on Oct. 4-6), attend our HashiConf Lab on Drift Detection, and watch the overview video below.
Streamlined run task reviews provide meaningful context on run task evaluations to help practitioners resolve issues faster without having to leave Terraform Cloud.
No-code provisioning adds more Day 2 operations. Users can now update the module version used in their no-code workspaces.
Terraform Enterprise now supports more flexible deployment options for self-hosted environments, including cloud-managed Kubernetes services.