Log in Start for Free Get a Demo

Better Terraform Drift Detection with Terrateam

Terrateam avatar

Terrateam

Better Terraform Drift Detection with Terrateam blog post

On this page

Drift happens. You deploy your infrastructure with Terraform, and over time, things change outside of your control. Sometimes, ClickOps is unavoidable. Drift detection catches these changes outside of Terraform and helps you keep everything in sync with your code.

Terrateam just updated its drift detection feature to support multiple drift schedules and execution windows. This means you can now run drift detection and reconciliation on different schedules per environment.

How it works

By default, drift detection is off. To enable it, you can define schedules in your .terrateam/config.yml:

drift:
  enabled: true
  schedules:
    default:
      schedule: daily
      tag_query: ""
    production:
      schedule: hourly
      tag_query: "dir:production"
      reconcile: true
      window:
        start: "18:00 EST"
        end: "07:00 EST"

Updates

This release updates the drift configuration key to expand the feature so teams can run drift detection and reconciliation in more flexible ways.

See the updated documentation for details on the new drift capabilities.

Multiple schedules

Define separate drift schedules for different parts of your infrastructure using the schedules key.

Execution windows

Limit drift runs to specific time frames, e.g., after hours for production using the window key.

Some things to note

A few things to keep in mind. Drift detection runs a terraform plan operation under the hood, so existing workflows and hooks still apply. If reconciliation is enabled, changes are applied automatically so you should be careful about enabling this in production.

To configure notifications using GitHub Issues or custom scripts using your .terrateam/config.yml:

hooks:
  plan:
    post:
      - type: drift_create_issue

or:

hooks:
  plan:
    post:
      - type: run
        cmd: ["bash", "-c", "$TERRATEAM_ROOT/drift-notify.sh"]

TL;DR

  • Drift happens. Terrateam now lets you schedule multiple drift runs.
  • Set up execution windows to control when drift runs.
  • Enable reconciliation if you want to auto-fix drift.
  • Use tag queries to scope drift detection to specific directories, workspaces, and environments.
  • Use GitHub Issues or Slack for notifications.

This is all live now. If you’re using Terrateam, update your .terrateam/config.yml to take advantage of these new features. Let us know how it works for you.

Back to all posts

GitOps-First Infrastructure as Code

Ready to get started?

Build, manage, and deploy infrastructure with GitHub pull requests.

Get a Demo Start for Free