Many enterprise customers on AWS have a multi-account, multi-region setup built using infrastructure as code (IaC) such as Terraform.
IaC improves the speed and efficiency of an organisation in deploying cloud infrastructure, but there are too many moving parts: Codebase, state file, and actual cloud state. This creates the unique challenge of IaC drift whereby real-life configuration differs from predetermined build-time states.
IaC drift can have multiple causes: From team members creating or updating infrastructure through the web console without backporting changes to Terraform, to unexpected actions from authenticated apps and services. This challenge of managing IaC drift becomes acute in a multi-region, multi-account setup.
Until now, to be sure no change happens in your infrastructure it implied: An excellent level of trust in the tools and dependencies, every single resource in every region carefully described in Terraform, revocation of admin credentials of your team, strong CI/CD pipelines, usage of compliance tools, and regular auditing, which eventually slowed down team velocity.
DriftCTL is CLI tool that measures infrastructure as code coverage and tracks infrastructure drift. Developers can now know when things change in their cloud infrastructure and take corrective actions to resolve the drift.