Terraformcloud~30 mins

Drift detection in CI/CD in Terraform - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Drift detection in CI/CD

📖 Scenario: You are managing infrastructure using Terraform. Sometimes, manual changes happen outside Terraform, causing drift between your declared infrastructure and the actual cloud resources.Detecting this drift early in your CI/CD pipeline helps keep your infrastructure consistent and reliable.

🎯 Goal: Build a simple Terraform configuration and a drift detection step that checks for differences between your Terraform state and real infrastructure.You will create a Terraform resource, configure a drift detection command, and output the drift check result.

📋 What You'll Learn

Create a Terraform configuration file with an AWS S3 bucket resource named exactly example_bucket.

Add a Terraform variable called bucket_name with default value my-unique-bucket-12345.

Use the terraform plan command to detect drift in the infrastructure.

Print the output of the drift detection command.

💡 Why This Matters

🌍 Real World

Infrastructure drift can cause unexpected issues in cloud environments. Detecting drift early helps maintain stable and secure infrastructure.

💼 Career

DevOps engineers and cloud engineers use drift detection to ensure infrastructure as code matches the real deployed resources, preventing configuration errors.

Progress0 / 4 steps

Create Terraform configuration with an S3 bucket

Create a Terraform file with a resource named aws_s3_bucket.example_bucket that uses the bucket name from a variable called bucket_name. Define the variable bucket_name with default value my-unique-bucket-12345.

Terraform

# Create variable "bucket_name" with default "my-unique-bucket-12345"
# Create resource "aws_s3_bucket.example_bucket" using variable "bucket_name"
# Your code here

Need a hint?

Use variable block to define bucket_name. Use resource "aws_s3_bucket" "example_bucket" to create the bucket resource.

Add a Terraform plan command for drift detection

Add a shell command string variable called drift_command that contains the exact command terraform plan -detailed-exitcode to detect drift.

Terraform

variable "bucket_name" {
  default = "my-unique-bucket-12345"
}

resource "aws_s3_bucket" "example_bucket" {
  bucket = var.bucket_name
}

# Define variable drift_command with value "terraform plan -detailed-exitcode"
# Your code here

Need a hint?

Use a variable block to store the shell command string for drift detection.

Create a local-exec provisioner to run drift detection

Add a null resource named drift_check with a local-exec provisioner that runs the command stored in the variable drift_command.

Terraform

variable "bucket_name" {
  default = "my-unique-bucket-12345"
}

resource "aws_s3_bucket" "example_bucket" {
  bucket = var.bucket_name
}

variable "drift_command" {
  default = "terraform plan -detailed-exitcode"
}

# Add resource "null_resource" "drift_check" with local-exec provisioner running var.drift_command
# Your code here

Need a hint?

Use null_resource with a local-exec provisioner to run the drift detection command.

Print the drift detection result

Add an output named drift_result that shows the result of running the drift_check resource.

Terraform

variable "bucket_name" {
  default = "my-unique-bucket-12345"
}

resource "aws_s3_bucket" "example_bucket" {
  bucket = var.bucket_name
}

variable "drift_command" {
  default = "terraform plan -detailed-exitcode"
}

resource "null_resource" "drift_check" {
  provisioner "local-exec" {
    command = var.drift_command
  }
}

# Add output "drift_result" to show drift_check resource status
# Your code here

Need a hint?

Use an output block with a value string describing the drift detection result.