Terraform Drift Detection and Remediation

Author

Govardhana M K
August 23, 2025

In partnership with

TechOps Examples

Hey — It's Govardhana MK 👋

Welcome to another technical edition.

Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.

Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.

  • Zesty just launched the advanced Kubernetes Optimization Playbook!

  • Real world examples. Automation strategies. Assessment checklist.

  • Pure practical insights for DevOps practitioners and tech leaders.

👀 Remote Jobs

📚️ Resources

👋 Searching jobs on job boards like Indeed and Glassdoor is too crowded. The smartest and most rational way is to locate them in your own hidden network first.

INDY AI brings that smartness to you.

Finding work shouldn’t feel like work.

You don’t need another job board.
You need a signal in the noise.

Indy AI, a new offering by Contra, helps independents find career-defining opportunities through the networks they’ve already built. It connects to LinkedIn and X, then quietly surfaces warm, high-fit opportunities hiding in your extended network, including from people you didn’t even know were hiring.

No cold outreach. No endless scrolling. No pitching into the void. Just real opportunities, backed by real people you already know.

It’s not hustle culture. It’s human signal.


And it’s how independents grow without burning out.

Finding work shouldn’t feel like work.


Let Indy AI do the searching, so you can focus on the work that actually matters.

Looking to promote your company, product, service, or event to 55,000+ Cloud Native Professionals? Let's work together. Advertise With Us

🧠 DEEP DIVE USE CASE

Terraform Drift Detection and Remediation

You may have heard the word drift when people talk about Terraform. Drift simply means your real cloud infrastructure no longer matches what your Terraform code says it should be. This often happens when someone makes a manual change in the console, or another system updates resources outside Terraform’s control.

Why is this such a big deal?

Because drift quietly breaks the single source of truth. Your code promises one setup but the cloud runs another. That gap can create surprise costs, weaken security, and cause outages that are hard to debug. In real production systems, even a small unnoticed drift can snowball into a major issue.

The terms you must know when talking about drift:

  • Current state – the resources running in your cloud right now

  • Desired state – the configuration written in your Terraform code

  • Terraform state – the file Terraform maintains to map and track resources

  • Terraform refresh – the process of updating the Terraform state with the actual cloud setup

How a State File works

Everything in drift detection comes back to the state file, so it is crucial to understand that first.

  • Terraform manifest files (main.tf, variables.tf, outputs.tf, etc.) define the desired state.

  • Terraform Core reads these files and communicates with providers like AWS, Azure, GCP, or Kubernetes.

  • The state file (terraform.tfstate) records the mapping between your code and the real provisioned resources.

  • Providers and provisioners use this mapping to decide whether to create, update, or delete resources.

When the state file is refreshed, Terraform pulls the actual configuration from the cloud and compares it with what is stored. Any mismatch shows a drift.

Remediation then depends on this comparison. Terraform can either update the state file to accept the current setup, or it can push changes from the code to overwrite the drift and restore the desired state. This cycle of detect, decide, and reconcile is what makes drift management possible.

A typical workflow looks like this:

With this basic understanding, let us look at an AWS architecture demonstrating a real world practical detection and remediation example.

I am giving away 25% OFF on all annual plans of membership offerings.

A membership will unlock access to read these deep dive editions on Thursdays and Saturdays.

Get greater value at a fractional price

Upgrade to Paid to read the rest.

Become a paying subscriber to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

Paid subscriptions get you:

  • • Access to archive of 200+ use cases
  • • Deep Dive use case editions (Thursdays and Saturdays)
  • • Access to Private Discord Community
  • • Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
  • • Quarterly 1:1 'Ask Me Anything' power session