Infrastructure Drift Detection and How to Fix It With Terraform

For one of my projects, I decided to go all in. I built infrastructure using Terraform, stored everything in GitHub, and even linked it to a CI/CD pipeline. It felt like running my own tech startup! After hitting deploy, I thought, “Boom, we’re done!” — but nope. That’s when I discovered infrastructure drift — a hidden challenge that keeps DevOps pros on their toes.

In This Blog, I’ll break down what I discovered about Infrastructure drift with Terraform, Including:

1.What is infrastructure drift?
2.Why does it happen?
3.Why should we care?
4.How do we detect it with Terraform?
5.What do we do when we find it?
6. How do we fix it?

What Is Infrastructure Drift?
Imagine you’ve written Terraform files that say, “I want two servers running in the cloud.” That’s your desired state — your perfect plan. Terraform makes it happen, and everything’s great. But then, something changes outside of Terraform — like someone manually adds a third server — and now your actual setup (the actual state) doesn’t match your plan anymore. That difference? That’s infrastructure drift. It’s like when your group project gets off track because someone added extra slides without telling anyone!

Why Does Infrastructure Drift Happen?
From what I’ve learned, drift sneaks in for two main reasons:

a.)Manual Changes:
Most of the drift is usually caused by manual changes performed by individuals. You log into the cloud console and bump up the server count to handle the load. Totally understandable in the moment! But if you forget to update your Terraform files afterward, boom — drift happens. Sometimes, though, people make changes just because they don’t know better — like skipping the “code” part of IaC. That’s a no-no.
b.)Overlapping Terraform Files:
Okay, this one’s trickier. Say you’ve got multiple Terraform files managing the same resources, and they don’t agree. One file says “two servers,” another says “three,” and they fight it out. This can happen if your project grows big or if you switch tools over time. It’s like when two people edit the same Google Doc at once — chaos!

Why Should We Care About Drift?
IaC is supposed to make life easier by letting us version our infrastructure like code — think Git commits and pull requests. Drift messes that up. If your Terraform files say one thing but reality says another, you’re not really in control anymore. It’s like thinking your study notes are complete, but someone swapped them out before the exam. Avoiding drift keeps everything consistent and trustworthy.

How Do We Detect Drift with Terraform?
Here’s where Terraform shines. Drift is just the difference between what your Terraform files want and what’s actually running. To spot it, you run:

terraform plan

This command compares your files to the real world and lists any changes it would make to sync them up. For example, if someone manually changed the max server count in an Auto Scaling Group to 5, but your Terraform file says 3, terraform plan will flag that.

In the screenshot below, we can see that the maximum number of servers in the Auto Scaling Group was set to 5 outside of Terraform which is drift.

What Do We Do When We Find Drift?
Finding drift is only half the battle. When it pops up, you’ve got two choices:

i.Fix the Drift: If the change (like that extra server) was a mistake or temporary, you’ll want to undo it and get back to your desired state.
ii.Update the Plan: Sometimes, the change makes sense — like if traffic is always high now. In that case, you edit your Terraform files to match the new reality.

How Do We Fix Configuration Drift with Terraform?
Fixing drift is easy-peasy with Terraform. If terraform plan shows changes (meaning drift exists), you just run:

terraform apply

---

This tells Terraform to enforce your desired state, undoing any manual tweaks. For example, if someone set the server count to 5 outside Terraform, terraform applywill bring it back to whatever your file says — like 3. It’s like hitting “undo” on someone else’s edits. Just make sure your files are up to date first, or you might accidentally wipe out something important!

Conclusion:

Learning about Terraform and infrastructure drift has been a game-changer. It’s more than just writing code — it’s about maintaining order in a constantly shifting environment. Tools like Terraform help detect and fix drift, but it’s up to us to use them wisely. Whether it’s enforcing access controls or running terraform plan regularly, staying ahead of drift is what separates good IaC management from chaos. Now, if only I could manage my schedule with the same precision!

---