Terraform State Drift Detector
Detects infrastructure drift by running terraform plan -detailed-exitcode and parsing the JSON output via terraform show -json. Categorizes drift by resource type and generates targeted terraform apply plans for reconciliation.
Detects infrastructure drift by running terraform plan -detailed-exitcode and parsing the JSON output via terraform show -json. Categorizes drift by resource type and generates targeted terraform apply plans for reconciliation.
npx skills add agentskillexchange/skills --skill terraform-state-drift-detector
Terraform State Drift Detector identifies discrepancies between your Terraform state and actual cloud infrastructure to prevent configuration drift.
How It Works
The skill runs terraform plan -detailed-exitcode to detect changes, then parses the structured output via terraform show -json to categorize and prioritize drift by resource type, severity, and blast radius.
Key Features
- Drift categorization by resource type (compute, network, IAM, storage) with severity scoring
- Blast radius analysis estimating the impact of reconciliation applies
- Selective reconciliation plans using terraform apply -target for surgical fixes
- Support for Terraform workspaces, remote backends (S3, GCS, Azure Blob), and Terraform Cloud
Scheduling
Designed for scheduled drift detection runs. Maintains a drift history log for trend analysis. Alerts on critical drift like IAM policy changes or security group modifications. Compatible with OpenTofu and Terragrunt configurations.