Firefly Documentation Portal
  • Welcome to the Documentation Portal
  • Contacting Firefly support
  • User Guides
    • QuickStart Guide
      • Onboarding
      • Dashboard
      • FAQ
      • Glossary
        • IaC status
    • Exploring the Inventory
    • Compose: Generating new configuration
    • Navigating the IaC Explorer
    • Workflows
      • Guardrails
    • Integrations
      • Integrate your providers and tools
        • Integrate your data sources
          • Integrate PagerDuty
          • Integrate MongoDB Atlas
          • Integrate AWS
            • Integrate AWS using Terraform
            • Integrate AWS using CloudFormation
            • Upgrading AWS integration to event-driven
            • AWS Discovery Status
          • Integrate Google Cloud
            • Integrate Google Cloud using a service account key
            • Integrate Google Cloud using Terraform
            • Google Cloud Discovery Status
          • Integrate Kubernetes
          • Integrate Datadog
          • Integrate New Relic
          • Integrate Okta
          • Integrate GitHub service
          • Integrate Cloudflare
          • Integrate NS1
          • Integrate Microsoft Azure
            • Integrate Microsoft Azure using Terraform
            • Azure Discovery Status
          • Integrate HashiCorp Vault
        • Integrate your IaC remote states
          • Integrate Terraform Cloud
          • Integrate Terraform Enterprise
          • Integrate HashiCorp Consul
          • Integrate remote stacks in Google Cloud Storage
          • Integrate env0
        • Integrate your version control system
          • Integrate GitHub
          • Integrate GitLab
          • Integrate Bitbucket
            • Integrate Bitbucket Data Center
            • Integrate Bitbucket Cloud
          • Integrate AWS CodeCommit
          • Integrate Azure DevOps
        • Send Firefly notifications to your messaging tools
          • Send Firefly notifications to Slack
            • Send notifications to Slack using the Slack App
            • Sending notifications to Slack using a webhook
          • Send Firefly notifications to Microsoft Teams
          • Send Firefly notifications to Torq
          • Send Firefly notifications to webhooks
          • Send Firefly notifications to Opsgenie
          • Send Firefly notifications to PagerDuty
            • Integration Key
            • General Access REST API Key
          • Send Firefly notifications to Google Chat
        • Integrate project management tools
          • Integrate Jira
    • Governance
    • Event-Center
    • How-to Guides
      • Manage assets
        • Codify assets
          • Codify assets to Config Connector
          • Codify assets to Manifest
          • Codify assets to Helm
          • Codify assets to CDK8S
          • Codify assets to Terraform
          • Codify assets to Pulumi
          • Codify assets to CloudFormation
          • Codify assets to CDK
          • Codify assets to Crossplane
          • Codify assets to Ansible
        • Delete unmanaged assets
        • Fix drifts
        • Remove asset Terraform code
        • Excluded drifts
        • IaC-Ignored assets
      • Monitor events
      • Manage notifications
      • Manage user roles
    • Deep Dive articles
      • Disaster recovery
      • Drifts
      • Codification
      • Notifications
      • Governance
      • Event-driven
      • IaC-Ignored assets
  • Appendix
    • Migrating CloudFormation resources to Terraform
    • Terraform Cloud Run Tasks
    • Creating a key pair
    • SSO Configuration
    • Firefly API Documentation
    • Support Matrix
    • Data privacy and AI usage
  • Firefly MCP
  • Firefly Backstage Plugin
Powered by GitBook
On this page
  • What is a drift?
  • Types of drifts
  • What causes drifts?
  • Advantages of fixing drifts
  • How to fix drifts?
  • Drift notifications
  • Excluding drifts

Was this helpful?

  1. User Guides
  2. Deep Dive articles

Drifts

Drifted assets are configured differently from their original code (IaC). Detecting, Alerting, and Fixing drifts keeps your cloud in its optimal state.

What is a drift?

A drift is when the real-world state of your infrastructure differs from the one defined by your IaC. Drifts occur when an asset is changed outside the IaC flow, whether manually using the console or using the API directly. Small changes result in drifts that can have a big impact on your infrastructure. If drifts are not remediated, they can cause major performance and security issues for your company. Firefly allows you to detect, alert and fix drifts using IaC automatically.

Types of drifts

  • Configuration drift: When an IaC drift occurs, the actual state of the infrastructure can diverge from the desired state defined in the code. This can lead to configuration drift, where the infrastructure becomes misconfigured and begins to behave in unexpected ways.

  • Security vulnerabilities: Configuration drift can also introduce security vulnerabilities into the infrastructure. For example, if security settings are not properly managed, the infrastructure may become vulnerable to attack (such as a drift in a Security Group - AWS).

  • Increased costs: An IaC drift can also result in increased costs. For example, if resources are not properly managed, they may continue to run when not needed, leading to unnecessary charges (too expensive type of EC2 or a misconfigured Lambda). Additionally, resolving drift can be time-consuming and require additional resources, further increasing costs.

  • Downtime and outages: An IaC drift can also result in downtime and outages. For example, if the infrastructure is not properly managed, resources may become unavailable, leading to service disruptions. Additionally, resolving drift can also result in downtime as changes are made to bring the infrastructure back into the desired state.

What causes drifts?

Drifts in Terraform can occur for several reasons, including:

  • Manual changes: If someone makes changes to the infrastructure outside of the IaC configuration, these changes can create a drift.

  • Automated changes: Some systems or processes may automatically make changes to the infrastructure using APIs, leading to drifts if these changes are not reflected in the IaC configuration.

  • Configuration drift: Over time, changes may be made to the IaC configuration that are not applied to the actual infrastructure, leading to a drift.

  • Concurrent changes: When multiple people are making changes to the infrastructure at the same time, it can be difficult to keep the IaC configuration in sync with the actual infrastructure, leading to drifts.

  • Lack of version control: If the IaC configuration is not version controlled, it can be difficult to track changes and ensure that the actual infrastructure is in line with the desired state defined in the IaC configuration.

Advantages of fixing drifts

Fixing drifts returns the actual infrastructure back in line with what the IaC configuration says it should be so that you can have a consistent and predictable infrastructure that matches the original. Additional benefits include:

  • Improved infrastructure consistency: Fixing drifts in the IaC configuration ensures that your infrastructure is in line with the desired state defined in the Terraform configuration, leading to more predictable and consistent infrastructure.

  • Enhanced security: By keeping your infrastructure up-to-code, you reduce the risk of security vulnerabilities and ensure that your systems are protected.

  • Better collaboration: Fixing drifts in your IaC configuration makes it easier for teams to work together by providing a clear and accurate picture of the infrastructure, reducing the risk of miscommunication and making it easier to make changes and updates (hence not blocking a terraform apply for a workspace with too many out-of-code changes).

By managing infrastructure with IaC and monitoring for drift, organizations can reduce the risk of these negative consequences and ensure that their infrastructure remains secure and cost-effective over time.

How to fix drifts?

There are two different ways to fix drifts:

  • Align the cloud with the IaC stack Fix the drift in the cloud and not in the IaC stack repository. Align the cloud with the IaC stack so that the cloud overrides the manual change that was made in your source control.

  • Align the IaC stack with the cloud Fix the drift in the IaC stack by creating a pull request that makes changes in your IaC repository.

Drift notifications

Excluding drifts

PreviousDisaster recoveryNextCodification

Last updated 1 year ago

Was this helpful?

For detailed instructions on fixing drifts, go to .

Firefly notifies you when you have an asset drift. To set-up drift notifications, go to

When you disable drift detection for selected asset properties, Firefly ignores your asset drifts. You can choose to ignore drifts on specific properties in the asset configuration. For instructions, go to .

Fix Drifts
Manage notifications
Excluded Drifts