One of the main challenges when managing infrastructure as code is drift.
Drift means that the real-world state of your resources is different than your actual code. This can happen if someone is adding, updating or removing resources manually or with some automation tools outside of your Terraform code. env0 can help you detect those drifts and alert you about them automatically, this is done by setting a scheduled deployment task that ends by examining the
terraform plan output.
Although you could configure a scheduled task of drift detection before as well, now we provide additional drift event notifications.
If you would like to set up a drift detection on your environment and get notified if a drift occurred you will need to follow these steps:
- Schedule a drift detection job: In the environment Settings tab, under Drift Detection make sure you add a cron expression based on the interval you would like to check the drift. For example, if you would like to check the drift twice a day at 10AM and at 7PM enter
00 10,19 * * *.
Drift Detection Scheduling
Note that despite being able to configure any cron definition for drift detection, the minimum interval will be 1 hour between checks. Additionally, having checks more frequent than once a day is only available for Business and Enterprise plans.
- Add Slack/Teams Notification: To get notified directly in Slack or Microsoft Teams when a drift has been detected, set up notifications targets & events on your project settings under Notifications.
You can set the following types of events:
- Drift detected - The remote resources have been changed.
- No drift detected - The remote resources are synced with your infrastructure code.
- Drift failed - The task has failed for some reason.
You can read more about notifications here.
When a drift detection job is executed you'll see its status under the Deployments tab :
If a drift has been detected, both environment & deployment statuses will be updated to
Drifted. Notice that the subsequent deployment of a drifted environment will override its status as it should be.
Sometimes, you want to make your source-code the source of the truth. In this scenario, you want to help always enforce that the code is applied in your cloud environment. In env0, you can setup a "Scheduled Deployment" to always update your cloud resource regardless of drift using our Scheduling feature.
Auto-Approval & Approval Policies
If you trust your code, regardless of what happens in the cloud, then you'll want to turn on "Approve Plan Automatically" in the Environment Settings tab.
However, if you want some fine-grain control of when a scheduled deployment should be approved - you can use Approval Policies. For example, you can use the approval policy to automatically allow changes if only tags are being updated, or that there are no delete (or destroy) actions taking place.
Updated 6 days ago