Drift is one of the most frequent and fundamental challenges of the infrastructure built with the terraform.
To understand drift better, let's walkthrough
[1] Desired State: It is the state of a resource that is configured in the resource block of your terraform (.tf) file.
[2] Current State: It is the actual configuration state of a resource that is in service.
Drift is nothing but the deviation between the desired state and the current state !!
Why does a drift happen?
Though it is recommended to centralize terraform to provision the infra, it doesn't stop an individual with the provisioning access to modify/remove the resources spun by terraform.
Some of the best practices to limit the drift:
π· Provide least privilege access to the users with permission boundaries
π· Integrate Terraform with version control tools (GIT) and CI/CD pipelines
How to detect a drift?
πΆ terraform State: The state file tracks the resources defined in the desired state and those that exist in the infrastructure (current state)
πΆ terraform plan βrefresh-only: The refresh command to reconcile the real-world drift outside of terraform
Note:
This is a refresh-only plan, so Terraform will not take any actions to undo the detected drift.
How to remediate the drift then?
πΆ Running 'terraform apply' would reset the current state to the desired state.
Look at the below diagram to understand the sample architecture to detect the drifts and remediate them π
Follow: https://www.linkedin.com/in/govardhana-miriyala-kannaiah/
for more content related to Professional Development/ Cloud / DevSecOps / Infrastructure as Code / CyberSecurity
Top comments (0)