detecting-infrastructure-drift

# Infrastructure Drift Detector

This skill provides automated assistance for infrastructure drift detector tasks.

## Prerequisites

Before using this skill, ensure:
- Infrastructure as Code (IaC) files are up to date in {baseDir}
- Cloud provider CLI is installed and authenticated
- IaC tool (Terraform/CloudFormation/Pulumi) is installed
- Remote state storage is configured and accessible
- Appropriate read permissions for infrastructure resources

## Instructions

1. **Identify IaC Tool**: Determine if using Terraform, CloudFormation, Pulumi, or ARM
2. **Fetch Current State**: Retrieve actual infrastructure state from cloud provider
3. **Load Desired State**: Read IaC configuration from {baseDir}/terraform or equivalent
4. **Compare States**: Execute drift detection command for the IaC platform
5. **Analyze Differences**: Identify added, modified, or removed resources
6. **Generate Report**: Create detailed report of drift with affected resources
7. **Suggest Remediation**: Provide commands to resolve drift (apply or import)
8. **Document Findings**: Save drift report to {baseDir}/drift-reports/

## Output

Generates drift detection reports:

**Terraform Drift Report:**
```
Drift Detection Report - 2025-12-10 10:30:00
==============================================

Resources with Drift: 3

1. aws_instance.web_server
   Status: Modified
   Drift: instance_type changed from "t3.micro" to "t3.small"
   Action: Update IaC to match or revert instance type

2. aws_s3_bucket.assets
   Status: Modified
   Drift: versioning_enabled changed from true to false
   Action: Re-enable versioning or update IaC

3. aws_iam_role.lambda_exec
   Status: Deleted
   Drift: Role no longer exists in AWS
   Action: terraform apply to recreate

Remediation Command:
terraform plan -out=drift-fix.tfplan
terraform apply drift-fix.tfplan
```

**CloudFormation Drift:**
```yaml
StackName: production-vpc
DriftStatus: DRIFTED
Resources:
  - LogicalResourceId: VPC
    ResourceType: AWS::EC2::VPC