Configure Drift Detection
Set up automated drift detection to identify and remediate infrastructure changes that diverge from your Atmos configuration.
Drift detection has two parts: configuring your stack config to define which workflows to run, and configuring Atmos Pro to schedule when drift detection runs.
How it works
This tells Atmos which GitHub Actions workflows to dispatch for detecting and remediating drift. Add this to your Atmos Pro mixin:
drift-detection-wf-config: &drift-detection-wf-config
atmos-terraform-plan.yaml:
inputs:
component: "{{ .atmos_component }}"
stack: "{{ .atmos_stack }}"
upload: "true"
apply-wf-config: &apply-wf-config
atmos-terraform-apply.yaml:
inputs:
component: "{{ .atmos_component }}"
stack: "{{ .atmos_stack }}"
github_environment: "{{ .vars.tenant }}-{{ .vars.stage }}"
settings:
pro:
drift_detection:
enabled: true
detect:
workflows: *drift-detection-wf-config
remediate:
workflows: *apply-wf-configThe
detect section configures plan workflows with upload: "true" so results are reported to Atmos Pro. The remediate section configures apply workflows to automatically fix drift when you choose to remediate.Use descriptive workflow filenames that include command keywords (e.g.,
atmos-terraform-plan.yaml for detection,
atmos-terraform-apply.yaml for remediation). Atmos Pro uses the filename to determine the command type for each
deployment. See Workflow Naming Conventions.Drift detection requires that Atmos Pro know about every deployed instance. A separate GitHub Actions workflow runs
atmos list instances --upload on every push to main and on a daily schedule to keep that inventory current.The full workflow YAML, configuration variables, and verification steps live on a dedicated page:
Configure the Upload Instances Workflow
The list instances workflow needs to read Terraform state to discover deployed infrastructure. Cloud authentication is handled by your Atmos Auth Profile, which configures OIDC between GitHub Actions and your cloud provider. This is the same auth profile used by your plan and apply workflows.
Configure Cloud Authentication
Once your stack config and workflows are in place, configure when drift detection runs in the Atmos Pro dashboard. This is done per-repository in the repository settings.
Drift Detection Schedules
Automated schedules for acme-org/infra
Daily at 9:00 AM
Created by Erik Osterman on Mar 15, 2026
Max Concurrency:
UnlimitedSchedule (America/New_York):
0 9 * * *Enabled
Weekly on Monday at 6:00 PM
Created by Jane Smith on Mar 10, 2026
Max Concurrency:
10Schedule (America/New_York):
0 18 * * 1Disabled
Preview Only
In the Atmos Pro dashboard, navigate to your repository and open the settings panel. From there you can:
- Add schedules with cron expressions or quick presets (daily, weekly, monthly, every N hours)
- Set a timezone so schedules run at the right local time
- Limit concurrency to control how many drift detection workflows run simultaneously
- Enable or disable individual schedules without deleting them
- Trigger drift detection manually from the repository toolbar for on-demand checks
Ready to detect drift?
Now that drift detection is configured, explore example workflows or learn more about how drift detection works under the hood.