Use when performing infrastructure drift detection — detects and catalogs infrastructure drift between the desired state defined in Infrastructure as Code and the actual state of deployed resources. This template guides teams through drift detection, impact assessment, and reconciliation to maintain infrastructure consistency and compliance.
Execute drift detection across all IaC-managed resources.
terraform plan / equivalent drift detection commandCatalog each drifted resource.
| Resource | Type | Drift Category | Attribute Changed | IaC Value | Actual Value | Severity |
|---|---|---|---|---|---|---|
Drift Categories:
| Category | Description |
|---|---|
| Modified | Resource exists but attributes differ from IaC |
| Unmanaged | Resource exists in cloud but not defined in IaC |
| Missing | Resource defined in IaC but not found in cloud |
| Tainted | Resource marked for recreation |
For each drifted resource, identify the cause.
| Root Cause | Description | Example |
|---|---|---|
| Manual change | Someone modified resource via console/CLI | Security group rule added manually |
| Auto-scaling | Cloud provider modified resource automatically | Instance count changed |
| Dependency update | Upstream change propagated | Managed policy updated by provider |
| State corruption | IaC state file is inaccurate | Failed apply left partial state |
| Intentional bypass | Emergency change not back-ported to IaC | Hotfix applied directly |
Decision Matrix — Drift Severity:
| Severity | Criteria | Response |
|---|---|---|
| Critical | Security-relevant drift (IAM, firewall, encryption) | Reconcile immediately |
| High | Production configuration drift affecting behavior | Reconcile within 24 hours |
| Medium | Non-functional drift (tags, descriptions) | Reconcile in next sprint |
| Low | Cosmetic or auto-managed drift | Document and accept or reconcile at convenience |
For each drifted resource, choose a reconciliation strategy.
| Shortcut | Counter | Why |
|---|---|---|
| "We can skip some steps for this case" | Adapt the workflow steps, don't skip them | Skipped steps are where incidents and oversights originate |
| "The user seems to already know what to do" | Complete all workflow phases with the user | The workflow catches blind spots that experience alone misses |
| "This is a minor case, full process is overkill" | Scale the process down, don't turn it off | Minor cases become major when unstructured; the process scales, not disappears |
| "I'll fill in the details later" | Complete each section before moving on | Deferred details are forgotten; real-time capture is more accurate |
| "The template output isn't necessary" | Always produce the structured output format | Structured output enables comparison, audit trails, and handoff to other teams |