Drift Detection Policy

When users create an environment they can enable the environment's drift detection and set its schedule. Administrators can set the policies on a Project level so that new environments will inherit the policy upon creation.

🚧

Drift Detection Scheduling

Note that despite being able to configure any cron definition for drift detection, the minimum interval will be 1 hour between checks. Additionally, having checks more frequent than once a day is only available for Enterprise plan.

Configuring Automatic Drift Remediation

This section allows you to configure how env0 automatically handles detected drift in your infrastructure deployments. Drift occurs when the actual state of your cloud resources deviates from the state defined in your Infrastructure as Code (IaC) configuration.

Understanding Automatic Remediation:

env0 can automatically attempt to reconcile drift based on the options you select below. This can help maintain consistency and reduce manual intervention. However, keep in mind:

• Manual Remediation: Manual remediation is always an option, regardless of your automatic remediation settings.
• Approval Policies: The execution of any automatic remediation is subject to your project's approval policies. These policies ensure that automated changes align with your organization's governance and security requirements.

Automatic Remediation Options:

Choose one of the following options to define how env0 should handle drift:

• Disabled: Selecting this option will disable automatic drift remediation. When drift is detected, you will need to manually review and remediate the differences.
• Deploy code changes to the cloud (Run env0 deployment): If drift is detected, env0 will automatically attempt to remediate it by running an env0 deployment with the latest configuration from your connected version control system (VCS). This option assumes that the desired state is accurately reflected in your code.
• Create a pull request for manually modified cloud resources: If drift is detected and it appears that cloud resources were modified manually (outside of env0), this option will trigger the creation of a pull request in your connected VCS. This pull request will contain the changes necessary to bring your IaC configuration in line with the current cloud state. This allows you to review and approve the changes before they are applied.
• If the cloud resource was manually changed, create a pull request; otherwise, deploy code changes to the cloud: This option provides a hybrid approach. If drift is detected and identified as a manual cloud modification, a pull request will be created for review. However, if the drift is not attributed to a manual change, env0 will automatically attempt to remediate it by deploying the latest code from your VCS.

🚧

Manual Cloud Modifications

Automatic pull requests for manual cloud modifications are only supported for Terraform >= 1.1 or OpenTofu.

❗️

Pull Request Creation

• For seamless automatic pull request creation, ensure you connect a supported VCS (GitHub or GitHub Self-Hosted) with write access and are managing Terraform or Tofu IaC.
• If you are using other VCS, you can still leverage the pull request creation settings to review the proposed drift remediation changes in the env0 drift logs and manually create the pull request in your VCS.