Scalr Drift Detection: Capabilities and Processes
Discover how Scalr’s new drift-detection auto-scans Terraform stacks, flags unauthorized changes, and speeds remediation to keep your infrastructure compliant.
Infrastructure drift, the divergence of an infrastructure's actual state from its intended configuration, can result in compliance violations, security vulnerabilities, and operational disruptions. Scalr incorporates built-in drift detection functionalities to address this issue. This document outlines Scalr's drift detection capabilities.
Native Capability and Scheduling
Scalr includes a native drift detection capability integrated within the platform.
Drift detection can be enabled at the environment level, allowing for selective monitoring of infrastructure sets. Upon enablement, a schedule can be defined for automated checks at specified intervals (e.g., daily, weekly). These scheduled checks encompass all workspaces within the designated Environment.
Reporting and Notifications
Scalr provides mechanisms for reporting and notification when drift is detected:
Dedicated Drift Tab: Runs identifying drift are listed in a "Drift Detection" tab in the Scalr interface, centralizing the review and management of detected changes.
Notifications: Scalr supports notifications for drift alerts. Slack integration is currently available, with MS Teams integration planned.
Drift Dashboards: Users can construct drift dashboards to gain an overview of all workspaces experiencing drift within their organization.
Automated Remediation
Scalr does not provide direct, fully automated remediation for detected drift. The platform requires user intervention to select a course of action. This approach maintains user control over infrastructure modifications.
Drift Actions
Upon detection of drift, Scalr offers the following actions:
- Ignore: Users can decline to act on the detected changes. This option is appropriate if the drift is intentional, anticipated, or will be addressed manually outside of Scalr.
- Sync State (Refresh-Only Run): This action updates Scalr's state file to reflect the detected changes in the actual infrastructure, equivalent to a "terraform refresh" operation.
- Revert Infrastructure (Plan & Apply Run): For undesired drift, users can initiate a rollback to the previously defined infrastructure state. Scalr will generate and apply a plan to revert the changes.
Summary
Scalr's drift detection offers an integrated solution for identifying and managing infrastructure drift. Key features include native functionality, scheduled checks, reporting mechanisms, and user-controlled remediation actions. The system is designed to help maintain configuration consistency and stability.