Drift Detection
Atmos Pro automatically detects when your deployed infrastructure has drifted from its expected state and can remediate it.
Infrastructure drift happens when the actual state of your deployed resources diverges from what's defined in your code. This can occur due to manual changes made in the cloud console, out-of-band updates from other tools, or failed deployments that left resources in an inconsistent state. Atmos Pro's drift detection finds these discrepancies automatically so you can address them before they cause problems.
With Drift Detection, you can:
Automatically detect when infrastructure drifts from its expected state
Schedule daily drift checks on a cron schedule
Remediate drift automatically with apply workflows
Track drift status across all your stacks in one place
Atmos Pro uses a daily workflow that runs
atmos list instances --upload to discover all deployed component instances. This uploads the current state of all instances to Atmos Pro.Atmos Pro then dispatches plan workflows (configured in
settings.pro.drift_detection.detect) to check each instance for drift. If drift is detected, Atmos Pro can automatically dispatch apply workflows (configured in settings.pro.drift_detection.remediate) to fix it.The detection and remediation workflows are configured separately, giving you full control over what happens when drift is found. You might choose to detect drift without automatically remediating it, allowing your team to review changes before they are applied.
Detection runs plan workflows to identify drift across your stacks. Plans are uploaded to Atmos Pro for review, giving your team visibility into exactly what has changed. No changes are made to your infrastructure during detection—it is a read-only operation.
This is useful for teams that want to review drift before taking action, or for environments where automatic remediation is not appropriate.
To enable drift detection, add the following configuration to your stack mixins:
drift-detection-wf-config: &drift-detection-wf-config
atmos-terraform-plan.yaml:
inputs:
component: "{{ .atmos_component }}"
stack: "{{ .atmos_stack }}"
upload: "true"
apply-wf-config: &apply-wf-config
atmos-terraform-apply.yaml:
inputs:
component: "{{ .atmos_component }}"
stack: "{{ .atmos_stack }}"
github_environment: "{{ .vars.tenant }}-{{ .vars.stage }}"
settings:
pro:
drift_detection:
enabled: true
detect:
workflows: *drift-detection-wf-config
remediate:
workflows: *apply-wf-configNote the
upload: "true" input—this tells the plan workflow to upload its results to Atmos Pro for drift analysis rather than just posting to a PR.Ready to configure drift detection?
Visit the drift detection configuration page to set it up.