Back to Cookbook

Drift Hunter

Find out who made that "quick fix" in the AWS console

Runs Terraform drift checks across your workspaces and surfaces everything that's drifted from your declared state. Catches manual console changes, forgot-to-import resources, and environment inconsistencies before they cause the next outage.

House RecipeWork3 min

INGREDIENTS

🐙GitHub💬Slack

PROMPT

Create a skill called "Drift Hunter". Scan my Terraform workspaces for infrastructure drift. For each workspace: 1. Run a refresh-only drift check such as `terraform plan -refresh-only -out=tfplan && terraform show -json tfplan` 2. Identify resources that have been modified outside Terraform 3. Show before (Terraform state) vs. after (actual infrastructure) for each drifted resource 4. Generate `terraform import` suggestions for any unmanaged resources you can identify 5. Recommend whether to update the Terraform code to match reality or revert the manual change If I give you multiple workspaces or environments, also compare them and flag inconsistencies (e.g., a security group rule in prod that doesn't exist in staging).

How It Works

Drift happens when someone makes a change outside Terraform — a quick security

group rule in the console, a manual RDS parameter tweak, a load balancer

config change during an incident. This skill detects all of it.

What You Get

  • Full drift report across one or more Terraform workspaces
  • Identification of manually changed resources with before/after comparison
  • `terraform import` suggestions for resources that exist but aren't managed
  • Recommendations: reconcile in Terraform or revert the manual change
  • Cross-environment comparison (dev vs staging vs prod drift)

Setup Steps

  1. Ensure Terraform is initialized and has cloud credentials
  2. Tell your Claw which workspaces or directories to scan
  3. Review the drift report
  4. Apply the suggested import commands or config updates

Tips

  • Use refresh-only plans to isolate drift from intentional code changes
  • Run weekly as a scheduled task to catch drift early
  • Focus on stateful resources (databases, DNS, IAM) where drift is most dangerous
  • The cross-environment comparison is great for catching "works in dev" issues
  • Can generate `terraform import` commands for moved or renamed resources
Tags:#terraform#iac#drift#devops