DocumentationAPI ReferenceTerraform ProviderStatus PageSchedule a DemoFree Trial
Documentation

Drift Remediation

Suggest Edits

Drift occurs when the actual state of your infrastructure no longer matches its desired state, which can lead to security, compliance, and reliability risks, as well as increased costs. Complementing env0's Drift Detection capabilities, Drift Remediation ensures consistency by quickly reconciling drift as part of your infrastructure management workflow—either automatically or with a simple two-click manual action.

Configuring Automatic Drift Remediation

Activating automatic Drift Remediation offers a hassle-free way to ensure that all detected drifts are immediately corrected, using one of the following options:

  • Code to Cloud: With this option, when drift is detected, an automatic deployment is triggered to bring the infrastructure back in sync with your Infrastructure as Code configuration.
  • Cloud to Code: With this option (coming soon), the configuration is automatically updated to match the current state of the cloud resources, making the cloud a source of truth for IaC configuration.

The setting can be configured at the project level for all newly created environments or individually at the environment level.
Finally, automatic remediation can also be set to Disabled, allowing you to reconcile drift manually using the ‘Remediate Drift’ button available on the deployment details page.
There, you can choose between the same two reconciliation options: ‘Code to Cloud’ and ‘Cloud to Code’, as shown below.

Policies and Governance

Importantly, Drift Remediation deployments support all existing env0 policies and governance features. This ensures that any automated remediation action adheres to approval processes, security policies, and compliance requirements.
For example, you can require approval before applying Automatic Drift Remediation to certain environments.
See Approval Policies for details on how to configure these rules.

Scheduling Deployments

In some cases, rather than reacting to drift immediately, you may want to ensure that infrastructure is regularly reconciled with your code.
Scheduling allows you to automate deployments at predefined intervals to maintain alignment with your declared configuration.

Updated about 1 month ago