Skip to main content

What is Configuration Drift?

Configuration drift occurs when your live cloud infrastructure diverges from the state defined in your Infrastructure as Code (IaC) repositories. Cloudgeni’s Configuration Drift feature helps you detect these discrepancies automatically and provides AI-powered remediation suggestions to keep your infrastructure in sync.

What Configuration Drift Provides

  • Automated drift detection between IaC definitions and live cloud resources
  • Scheduled monitoring with customizable frequency
  • Manual scan capabilities for on-demand drift detection
  • AI-powered remediation suggestions to fix detected drifts
  • Automated pull request creation for seamless drift resolution
  • Comprehensive drift analytics and reporting

Initial Setup

Setting up configuration drift monitoring is a three-step process that takes just a few minutes to complete.
First, you’ll need to connect the Infrastructure as Code repositories that define your cloud infrastructure.Select IaC repositories for drift monitoring
  1. Navigate to ComplianceConfiguration Drift in your Cloudgeni dashboard
  2. On the Select Repositories step, select the repositories you want to monitor
  3. Select from supported IaC formats:
    • Terraform Terraform (.tf files)
    • AWS AWS CloudFormation (.yaml, .json templates)
    • Azure Azure Resource Manager (ARM templates)
    • Pulumi Pulumi configuration files
  4. Choose which repositories that back your cloud infrastructure
  5. Click Save & Continue
You can monitor multiple repositories and different IaC formats simultaneously. Each repository will be scanned according to your monitoring schedule.
Next, choose the cloud accounts where your infrastructure is provisioned.Connect cloud accounts for drift monitoring
  1. On the Select Clouds step, select the cloud accounts you want to monitor
  2. Select your cloud provider:
    • AWS Amazon Web Services (AWS)
    • Azure Microsoft Azure
    • Google Cloud Platform (coming soon)
  3. Add multiple accounts if your infrastructure spans across different cloud accounts
  4. Click Save & Continue to complete the connection
Ensure your cloud account credentials have read-only access to all resources you want to monitor. Cloudgeni never requires write permissions for drift detection.
Finally, set up your drift monitoring preferences and schedule.Configure drift monitoring settings

Scan Frequency

Choose how often Cloudgeni should scan for configuration drift:
  • Hourly - Scan every hour for immediate drift detection
  • Daily - Daily scans to catch drift early while minimizing noise (default)
  • Weekly - Weekly scans for less critical environments
  • Monthly - Monthly scans for stable environments
  • Manual - Manually trigger scans on demand

Notification Preferences

Configure how you want to be notified about detected drift:
  • Email - Receive email alerts when configuration drift is detected
  • Slack - Send notifications to your Slack workspace
  • Webhook - Send HTTP webhooks to your custom endpoints

Pull Request Automation

Automatically create pull requests to fix detected drifts:
  • Auto-create Pull Requests - Automatically create PRs with fixes for detected drift
  • Auto-merge Safe Changes - Automatically merge low-risk fixes after validation

Security & Approvals

Manual approval and security settings:
  • Always Require Manual Approval - Require human review before applying any fixes
  • Ask for Repository Selection on Manual Trigger - Prompt user to select specific repositories when manually triggering scans
Click Complete Setup to activate drift monitoring with your configured settings.
You can always change your settings on the Configuration tab of the Configuration Drift page.

Using the Configuration Drift Dashboard

Once setup is complete, access your drift monitoring dashboard to view and manage detected configuration drift.

Accessing the Dashboard

Navigate to ComplianceConfiguration Drift in your Cloudgeni dashboard to access:

Configuration Drift Dashboard

  • Active Drift Count across all monitored repositories and cloud accounts
  • Monitoring Status for your organization
  • Connected cloud accounts and repositories
  • Recent drifts detected in your infrastructure
Configuration drift dashboard overview

Running Manual Scans

While scheduled scans run automatically, you can trigger manual scans anytime:
  1. Navigate to the Scans tab
  2. Click Scan
Manual scans typically complete within 2-5 minutes depending on infrastructure size.
You can view your scan history in the Scans tab.
Run manual drift scan

Viewing Drifts

The Drifts tab shows all detected configuration drifts: List of detected configuration drifts

Viewing Drift Details

Click on any drift item to see comprehensive details: Detailed view of configuration drift

Drift Details

  • Resource identification (ARN, ID, name)
  • Drift description in plain language
  • Impact assessment and risk level
  • Affected IaC files and related resources

Drift Remediation

AI-Powered Remediation Suggestions

AI-generated remediation suggestions For each detected drift, Cloudgeni provides intelligent remediation options:

Suggested Actions

  • Generate code changes to match actual infrastructure state
  • Apply IaC to to revert actual infrastructure state to the IaC definition

Remediation Analysis

  • Impact assessment of proposed changes
  • Risk evaluation for each remediation option
  • Dependencies consideration and potential side effects
  • Rollback procedures in case of issues

Code Generation

For IaC updates, Cloudgeni automatically generates:
  • Terraform configuration updates
  • CloudFormation template modifications
  • ARM template changes
  • Proper syntax and formatting

Creating Remediation Pull Requests

Create pull request for drift remediation Streamline your remediation workflow with automated pull request creation:

PR Generation Process

  1. Select drift items to remediate (single or multiple)
  2. Choose remediation approach:
    • Update IaC to match live state
    • Revert resources to IaC state
    • Mixed approach (resource-by-resource)
  3. Review generated changes in the preview
  4. Add custom commit message and PR description
  5. Assign reviewers and set labels
  6. Create pull request directly in your Git repository

PR Content

Each generated pull request includes:
  • Detailed description of detected drift
  • Remediation rationale and impact analysis
  • Before/after configuration comparison
  • Testing recommendations and validation steps
  • Rollback instructions if needed

Integration Features

  • Branch protection rule compliance
  • Automated testing trigger integration
  • CI/CD pipeline compatibility
  • Review requirement enforcement

Best Practices

Monitoring Strategy

  • Start with daily scans for critical production infrastructure
  • Use weekly scans for development environments
  • Monitor high-change resources more frequently
  • Set up proper alerting for critical drift detection

Remediation Workflow

  • Review all drift before automated remediation
  • Test changes in non-production environments first
  • Document intentional drift to avoid false positives
  • Maintain drift remediation as part of your regular maintenance

Team Collaboration

  • Assign drift ownership to specific team members
  • Establish SLAs for drift remediation
  • Use PR reviews for all IaC changes
  • Track remediation metrics and trends

Troubleshooting

Common Issues

Scan Failures
  • Verify cloud account permissions
  • Check repository access credentials
  • Ensure IaC files are properly formatted
False Positives
  • Review resource tags and naming conventions
  • Check for resources created outside of IaC
  • Configure drift exclusion rules if needed
Performance Issues
  • Limit scan scope for large infrastructures
  • Use incremental scans for frequent monitoring
  • Contact support for optimization recommendations
For additional help, visit our troubleshooting guide or contact our support team.
I