Remediating Drifts

Drifted assets are resources whose configuration in your cloud environment differs from the configuration defined in your Infrastructure as Code (IaC) stack. Remediating drift ensures your cloud stays in its optimal, intended state.

This guide explains how to remediate drifted assets in Firefly, either by aligning your IaC code to match the current asset configuration or by reconciling the asset to match the desired configuration in your IaC.

Note: Fixing drifts promptly helps maintain security, compliance, and operational consistency.

Before you begin

Verify your Version Control System (VCS) is integrated with Firefly (e.g., GitHub, GitLab).
Ensure the Terraform IaC stack for the drifted asset is present in your VCS.

Procedure

Go to Drifted Assets: In the Firefly console, navigate to Inventory > Drifted. This page lists all assets detected as drifted.
View Drift Details: Select the row of the desired asset, or click the kebab menu (three dots) > Drift Details. A window appears, displaying the difference between the Running Configuration (cloud value) and the Desired Configuration (IaC state value).

Option 1: Align the IaC to the Asset (Update Code)

If you want to update your IaC code to match the current configuration of the asset in the cloud:

In the Drift Details window, review the code block showing the difference between the cloud value and the IaC value.
Click Fix Drift > Create Pull Request. Firefly will generate a code change in your IaC repository to align the code with the asset's current configuration.
Review and merge the pull request in your VCS to update your IaC code.
(Optional) To refresh the Terraform state, copy and run the provided terraform refresh command in the CLI where your Terraform workspace is configured.

# Example: Refresh Terraform state to synchronize with the cloud
terraform apply -refresh-only -target <resource-address>  # Replace <resource-address> with the actual resource

Option 2: Reconcile the Asset to the IaC (Update Cloud)

If you want to update the asset in the cloud to match the desired configuration in your IaC code:

In the Drift Details window, review the code block showing the difference between the cloud value and the IaC value.
Copy the provided terraform apply command.
Run the command in the CLI where your Terraform workspace is configured. This will update the asset in the cloud to match your IaC definition.

# Example: Apply Terraform changes to fix drift in the cloud
terraform apply -target <resource-address>  # Replace <resource-address> with the actual resource

Tip: Always review the proposed changes before applying them to production environments.

Summary

Drifted assets are resources whose configuration differs between the cloud and your IaC code.
You can remediate drift by either aligning your IaC code to the asset's current state or by reconciling the asset to match your IaC code.
Use Firefly's Drift Details and Fix Drift features to generate code changes or CLI commands for remediation.
Always review and test changes before applying them in production.

PreviousCloud Asset Inventory NextDeleting Assets

Last updated 1 month ago

Was this helpful?

Procedure

Go to Drifted Assets: In the Firefly console, navigate to Inventory > Drifted. This page lists all assets detected as drifted.

View Drift Details: Select the row of the desired asset, or click the kebab menu (three dots) > Drift Details. A window appears, displaying the difference between the Running Configuration (cloud value) and the Desired Configuration (IaC state value).

Option 1: Align the IaC to the Asset (Update Code)

If you want to update your IaC code to match the current configuration of the asset in the cloud:

In the Drift Details window, review the code block showing the difference between the cloud value and the IaC value.

Click Fix Drift > Create Pull Request. Firefly will generate a code change in your IaC repository to align the code with the asset's current configuration.

Review and merge the pull request in your VCS to update your IaC code.

(Optional) To refresh the Terraform state, copy and run the provided terraform refresh command in the CLI where your Terraform workspace is configured.

# Example: Refresh Terraform state to synchronize with the cloud
terraform apply -refresh-only -target <resource-address>  # Replace <resource-address> with the actual resource

Option 2: Reconcile the Asset to the IaC (Update Cloud)

If you want to update the asset in the cloud to match the desired configuration in your IaC code:

In the Drift Details window, review the code block showing the difference between the cloud value and the IaC value.

Copy the provided terraform apply command.

Run the command in the CLI where your Terraform workspace is configured. This will update the asset in the cloud to match your IaC definition.

# Example: Apply Terraform changes to fix drift in the cloud
terraform apply -target <resource-address>  # Replace <resource-address> with the actual resource

Tip: Always review the proposed changes before applying them to production environments.

Summary

Drifted assets are resources whose configuration differs between the cloud and your IaC code.

You can remediate drift by either aligning your IaC code to the asset's current state or by reconciling the asset to match your IaC code.

Use Firefly's Drift Details and Fix Drift features to generate code changes or CLI commands for remediation.

Always review and test changes before applying them in production.