Execute use when detecting infrastructure drift from desired state. Trigger with phrases like "check for drift", "infrastructure drift detection", "compare actual vs desired state", or "detect configuration changes". Identifies discrepancies between current infrastructure and IaC definitions using terraform plan, cloudformation drift detection, or manual comparison.
Detect discrepancies between actual cloud infrastructure state and the desired state defined in IaC (Terraform, CloudFormation, Pulumi). Run drift detection commands, analyze modified/added/deleted resources, generate drift reports with affected resources, and provide remediation steps to bring infrastructure back into compliance.
.tf files, template.yaml, or Pulumi.yamlterraform init to download providers and configure backendterraform plan -detailed-exitcode (exit code 2 = drift detected), aws cloudformation detect-stack-drift, or pulumi previewterraform apply to enforce desired state, terraform import to adopt changes, or update IaC to match realityterraform apply, terraform import, or IaC code updates| Error | Cause | Solution |
|---|---|---|
Error acquiring state lock | Another Terraform process is running or stale lock | Wait for the other process; use terraform force-unlock <ID> if the lock is stale |
Unable to authenticate to cloud provider | Expired or missing credentials | Refresh with aws configure, gcloud auth login, or az login |
No state file found | Backend not initialized or state file deleted | Run terraform init to configure the backend; restore state from backup if deleted |
Access denied reading resource | IAM policy missing read permissions for some resource types | Grant read-only access for all resource types managed by IaC (ReadOnlyAccess or specific policies) |
State file version mismatch | Terraform version newer than state format | Upgrade Terraform to match the state version or use terraform state replace-provider |
terraform plan and posts drift results to Slack if any resources are out of sync."