Detect and remediate infrastructure drift with automated Terraform plan checks, alerting, and reconciliation workflows. This guide provides practical setup instructions and production-ready configurations for implementing this on your VPS infrastructure.
Installation and Setup
# Install the tool on your VPS
# Follow the official installation guide for your distribution
# Most tools support Docker-based deployment for easy setup
# Quick start with Docker
docker pull infrastructure-drift-detection-terraform:latest
docker run -d --name infrastructure-drift-detection-terraform -p 8080:8080 infrastructure-drift-detection-terraform:latest
# Or install natively
curl -fsSL https://install.example.com | shCore Configuration
The primary configuration covers drift detection and terraform plan -detailed-exitcode setup. These form the foundation of a working deployment:
# Primary configuration file
# Adjust these settings based on your environment
# Enable core features
drift detection:
enabled: true
interval: 300 # seconds
# Configure terraform plan -detailed-exitcode
terraform plan -detailed-exitcode:
enabled: true
targets:
- production
- staging
# Authentication and security
auth:
type: token
token_file: /etc/secrets/api-tokencron-based checks Configuration
Setting up cron-based checks is essential for production reliability:
# Configure cron-based checks
# This ensures your setup handles production workloads correctly
# Key settings for cron-based checks:
# 1. Set appropriate resource limits
# 2. Configure health checks
# 3. Enable logging and monitoring
# 4. Set up backup and recovery
resources:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "500m"
memory: "512Mi"
healthCheck:
enabled: true
interval: 30s
timeout: 10salerting on state differences Integration
Integrating alerting on state differences provides visibility into system health and performance:
# Set up monitoring and alerting
# Prometheus metrics endpoint
metrics:
enabled: true
port: 9090
path: /metrics
# Alert rules
alerts:
- name: HighErrorRate
condition: error_rate > 0.05
duration: 5m
severity: critical
notify:
- slack
- email
# Dashboard integration
# Import provided Grafana dashboards for visual monitoringautomated remediation workflows
- Security: Always use TLS for communication, rotate credentials regularly, and follow the principle of least privilege
- High availability: Run multiple instances behind a load balancer for production workloads
- Backup: Regularly back up configuration and state data
- Updates: Keep the tool updated for security patches and new features
- Documentation: Maintain runbooks for common operations and incident response
Production Deployment
# Systemd service for production
[Unit]
Description=Infrastructure Drift Detection Terraform
After=network.target docker.service
[Service]
Type=simple
User=appuser
ExecStart=/usr/local/bin/infrastructure-drift-detection-terraform serve --config /etc/infrastructure-drift-detection-terraform/config.yaml
Restart=always
RestartSec=5
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
# Enable and start
sudo systemctl enable --now infrastructure-drift-detection-terraformSummary
This tool streamlines drift detection and terraform plan -detailed-exitcode workflows for DevOps teams. Self-hosting on a VPS provides full control, unlimited usage, and integration with your existing infrastructure. Start with the basic configuration, add monitoring early, and gradually adopt advanced features like alerting on state differences and automated remediation workflows as your team matures its practices.