Automated Configuration Drift Detection and Remediation #370
Description
Problem Statement
Configuration drift, where actual cloud configurations deviate from desired IaC definitions, is a common issue in infrastructure management. Current open-source tools lack robust, automated mechanisms to both detect and automatically remediate these drifts, leading to security vulnerabilities, unexpected costs, and deployment failures.
Use Case
This boilerplate deploys critical infrastructure that must maintain consistent configuration states. Manual changes made directly in the AWS console (or other cloud providers) create drift from Terraform-defined configurations. We need an automated system that regularly monitors for such drift and provides both detection and remediation capabilities.
Expected Behavior
Detection Phase:
- Schedule: Daily automated execution without human intervention
- Success: No changes detected → workflow passes silently
- Failure: Drift detected → workflow fails with detailed notification
- Reporting: Comprehensive drift report with affected resources and change details
Remediation Phase:
- Selective Automation: Auto-remediate low-risk changes
- Manual Approval: Required for high-impact changes
- Audit Trail: Complete logging of all remediation actions
- Rollback Capability: Automated rollback for failed remediation attempts