Managing Infrastructure as Code (IaC) comes with its own set of challenges, and one of the most significant is drift. Drift occurs when the actual state of your cloud resources deviates from the state defined in your code—whether due to manual changes, external automation tools, or other processes outside of your IaC pipeline.

Detecting and managing drift is critical to maintaining consistency, security, and compliance across your infrastructure. With env0, you can proactively address this issue by setting up automated drift detection. env0 schedules deployment tasks that conclude with an analysis of the Terraform plan output, allowing you to identify and resolve drifts in real-time.

📘

Previous Support

Although configuring a scheduled task of drift detection has been a feature of env0 for a while , now we provide additional drift event notifications.

If you would like to set up a drift detection on your environment and get notified on drift occurrences, you will need to follow these steps:

1. Schedule a drift detection job: In the environment Settings tab, under Drift Detection, make sure you add a cron expression based on the interval you would like to check the drift. For example, if you would like to check the drift twice a day at 10AM and at 7PM, enter 00 10,19 * * *.

🚧

Drift Detection Scheduling

Despite being able to configure any cron pattern for drift detection, the minimum interval is one day for Free and plans, and one hour for Enterprise plans.

The scheduler runs once an hour, and controlling the exact minute of the run within the hour is not possible.

2. Add Notification: To get notified directly in Slack,Microsoft Teams, email, or Webhooks when a drift has been detected, set up notification targets and events on your project settings under Notifications.
   You can set the following types of events:
   - Drift detected - The remote resources have been changed.
   - No drift detected - The remote resources are synced with your infrastructure code.
   - Drift failed - The task has failed for some reason.

You can read more about notifications here.

When a drift detection job is executed, you'll see its status under the Deployments tab :

When a drift is identified, or if the drift detection process encounters an issue, environment drift-status will shift to Drifted or Error, correspondingly.
These statuses will be accompanied by an informative message that links to the related Drift Detection deployment logs.
It's important to note that performing a new deployment on an environment with a drift will reset its status accordingly.

Following a drift occurrence:

Following an error during drift detection:

Understanding Drift Statuses

• OK: No drift has been detected; the environment's state matches the defined Infrastructure-as-Code (IaC) configuration
• Error: An error has occurred during the drift detection process
• Drifted: Drift has been detected; the environment's state differs from the IaC configuration
• Never Run: Drift detection has never been executed for this environment
• Disabled: Drift detection is disabled for this environment

Drift Remediation

Sometimes, you want to make your source code the source of the truth and ensure that the code is always applied in your cloud environment. In env0, you can set up a Scheduled Deployment to always update your cloud resource, regardless of drift, using our Scheduling feature.

✏️ Suggested Blog Content

Terraform Modules Guide

Terraform Plan Examples

Managing Terraform Variable Hierarchy

Manage Terraform Remote State with a Remote Backend