Why you should take care of infrastructure drift
As infrastructure as code (IaC) becomes widely adopted by users with heterogenous skillsets, and as IaC codebases become larger and larger, it becomes harder to track drift. Drift is a deviation between the actual infrastructure state and the IaC codebase. It causes issues for security posture management, collaborative work, and maintenance. There are a lot of juicy stories from the trenches to be told on infrastructure drift. Sure enough, we all do GitOps by the book! Or we all have the right processes in place. But we also have to interact with other teams. We also have to grant some level of access to our infrastructures to some services or tools that may eventually generate uncontrolled changes. You can’t efficiently improve what you don’t track. We track coverage for unit tests, why not infrastructure as code coverage? How can we make sure our infrastructure code matches our actual infrastructure state? In this talk, using Terraform with AWS resources, I will show how infrastructure drift can go undetected despite our best efforts or tooling and cause issues and end the talk by showing our own free and open source tool driftctl, (just released under Apache-2.0 licence) that tracks IaC coverage and warns of infrastructure drift.
Stephane is CTO and entrepreneur. He has built, maintained and automated infrastructures for 20 years. Currently, he is founder at CloudSkiff where he aims to protect codified cloud infrastructures.
They are starting by building driftctl (Open Source CLI that measures Infrastructure-as-Code coverage, and tracks infrastructure drift). He is also the author of “Infrastructure-as-Code Cookbook” and he has worked essentially remotely for the last 10+ years in Canada and Europe. Fun fact, he loves ancient philosophy and also co-launched and run a community radio. Occasional speaker, he sometimes speaks at the London CNCF Meetup and I will talk at the 2021 FOSDEM this year.