driftctl is an Open Source CLI that will warn of infrastructure drifts.
We track coverage for unit tests, why not infrastructure as code coverage? - driftctl
What can do driftctl?
- Scan cloud provider and map resources with IaC code
- Analyze diffs, and warn about drift and unwanted unmanaged resources
- Schedule checks (CI/CD)
Here is an example output of the
scan command which reads a Terraform input and compare it with the current profile infrastructure.
Found missing resources:
Found resources not covered by IaC:
Found changed resources:
- driftctl-bucket-test-1 (aws_s3_bucket):
~ Versioning.0.Enabled: false => true
Found 3 resource(s)
- 33% coverage
- 1 covered by IaC
- 1 not covered by IaC
- 1 missing on cloud provider
- 1/1 changed outside of IaC