Remediating Drifts

Drifted assets are resources whose configuration in your cloud environment differs from the configuration defined in your Infrastructure as Code (IaC) stack. Remediating drift ensures your cloud stays in its optimal, intended state.

This guide explains how to remediate drifted assets in Firefly, either by aligning your IaC code to match the current asset configuration or by reconciling the asset to match the desired configuration in your IaC.

Note: Fixing drifts promptly helps maintain security, compliance, and operational consistency.

Before you begin

Verify your Version Control System (VCS) is integrated with Firefly (e.g., GitHub, GitLab).

Procedure

  1. Go to Drifted Assets: In the Firefly console, navigate to Inventory and filter to view the Drifted assets. This page lists all assets detected as drifted.

  2. View Drift Details: Click on the asset row to open the asset details pop-up. In the pop-up, click on the Drift Details button. A window appears, displaying the difference between the Running Configuration (cloud value) and the Desired Configuration (IaC state value).

  3. Review the Drift Remediation Options: In the Drift Details window, you will see two options to remediate the drift:

    • Align the IaC to the Asset (Update Code): This option will update your IaC code to match the current configuration of the asset in the cloud.

    • Reconcile the Asset to the IaC (Update Cloud): This option will update the asset in the cloud to match the desired configuration in your IaC code.

Option 1: Align the IaC to the Asset (Update Code)

If you want to update your IaC code to match the current configuration of the asset in the cloud:

  1. In the Drift Details window, review the code block change suggested by Firefly.

  2. Click Create Pull Request. Firefly will generate a code change in your IaC repository to align the code with the asset's current configuration.

  3. Review and merge the pull request in your VCS to update your IaC code.

  4. (Optional) To refresh the Terraform state, copy and run the provided terraform apply -refresh-only command in the CLI where your Terraform workspace is configured. This will update the Terraform state to reflect the current configuration of the asset in the cloud.

# Example: Refresh Terraform state to synchronize with the cloud
terraform apply -refresh-only -target <resource-address>  # Replace <resource-address> with the actual resource

Option 2: Reconcile the Asset to the IaC (Update Cloud)

If you want to update the asset in the cloud to match the desired configuration in your IaC code:

  1. In the Drift Details window, copy the suggested terraform apply command.

  2. Run the command in the CLI where your Terraform workspace is configured. This will update the asset in the cloud to match your IaC definition.

# Example: Apply Terraform changes to fix drift in the cloud
terraform apply -target <resource-address>  # Replace <resource-address> with the actual resource

Tip: Always review the proposed changes before applying them to production environments.

Summary

  • Drifted assets are resources whose configuration differs between the cloud and your IaC code.

  • You can remediate drift by either aligning your IaC code to the asset's current state or by reconciling the asset to match your IaC code.

  • Use Firefly's Drift Details and Remediate Drift features to generate code changes or CLI commands for remediation.

  • Always review and test changes before applying them in production.

PreviousCloud Asset InventoryNextDeleting Assets

Last updated

Was this helpful?