Skip to main content
Drift detection compares the current configuration of your cloud resources against a captured baseline. When InfraAudit finds a difference — a security group rule added, an S3 bucket made public, encryption disabled — it creates a finding with a severity level and timestamps so you can act on it.

How drift detection works

1

Baseline capture

When you first connect a provider, InfraAudit snapshots the configuration of every discovered resource. This becomes the initial baseline for each resource.
2

Scheduled scans

The drift scanner runs every 4 hours by default. Each run fetches the current state from the cloud provider API and compares it against the active baseline.
3

Findings created

Differences that exceed the detection threshold become drift findings, stored with a severity and a detected status.
4

Alerts fire

If alert rules are configured, drift findings at or above the severity threshold trigger notifications to your configured Slack channels, email addresses, or webhooks.

Drift types

TypeWhat it detects
ConfigurationAny change to resource settings not classified as security or compliance
SecurityChanges that weaken the security posture (e.g. port 22 opened to 0.0.0.0/0)
ComplianceChanges that violate a control in an enabled compliance framework

Severity levels

SeverityExamples
CriticalS3 bucket made public, unrestricted admin access granted
HighSecurity group opened to the internet, SSL/TLS disabled
MediumNon-critical configuration change, unexpected tag removed
LowDisplay name changed, description updated

Viewing drift findings

1

Open Drift Detection

In the sidebar, click Drift Detection. The list shows all active findings, newest first.
2

Filter the list

Use the filter bar to narrow by severity, type, provider, status, or resource type. Start with Critical and High to focus on the most urgent items.
3

Open a finding

Click a drift to see its full detail: what changed, on which resource, at what time, and a side-by-side JSON diff of the baseline versus current configuration.

Drift detail

The detail panel for each finding shows:
  • Summary — what changed, on which resource, and when
  • Diff — a side-by-side JSON comparison of the baseline and current configuration
  • Affected resource — a link to the resource detail panel
  • Timeline — detected time and last updated time
  • Recommendations — suggested remediation steps

Resolving a drift

From the detail panel, you have three options:
ActionWhen to use it
Mark as resolvedThe drift is intentional or has already been fixed manually. Closes the finding without making a change.
Apply remediationExecutes an automated fix. Only available when a remediation action exists for this drift type.
Create ticketCopies the drift detail to your clipboard in a format suitable for a Jira or GitHub issue.

IaC drift

InfraAudit also detects IaC drift — cases where the live resource configuration no longer matches the Terraform or CloudFormation template that originally defined it. Upload your IaC files under IaC in the sidebar. InfraAudit parses the files, identifies the resources they declare, and compares their expected state against the current live state.

Managing baselines

A baseline is the “known good” snapshot that drift detection compares against. You can:
  • Capture a manual baseline from the resource detail panel — useful before a planned change
  • Promote the current live state to a new baseline after an intentional change — this resets the comparison point so the change no longer appears as drift
InfraAudit also automatically creates a new baseline after a drift is resolved.

CLI

# Trigger a drift scan
infraudit drift detect

# List all open drifts
infraudit drift list

# Filter by severity
infraudit drift list --severity critical

# Get detail on a specific drift
infraudit drift get <drift-id>

# Resolve a drift
infraudit drift resolve <drift-id>

Next steps

  • Remediation — apply automated fixes with a rollback window
  • Alerts — configure severity thresholds for notifications
  • Recommendations — view AI-generated fix suggestions