Conf42: Cloud Native 2021


Why you should take care of infrastructure drift

Stephane Jourdan
CTO @ CloudSkiff

Stephane Jourdan's LinkedIn account Stephane Jourdan's twitter account

As infrastructure as code (IaC) becomes widely adopted by users with heterogenous skillsets, and as IaC codebases become larger and larger, it becomes harder to track drift. Drift is a deviation between the actual infrastructure state and the IaC codebase. It causes issues for security posture management, collaborative work, and maintenance. It’s hard to improve what you can’t measure! Can we define good metrics for drift?

Developers track unit tests coverage to track how well unit tests match application code over time. Can we use an analogy and define infrastructure code coverage to track how well IaC matches the actual infrastructure state?

In this talk, we will show how minor infrastructure drift can cause issues. We will then introduce various ways to track IaC coverage, and how we can use them to bring visibility into the state of infrastructure and anticipate common drift issues. We will also show how measuring IaC codebase also benefits IaC adoption.

Awesome tech events for

Priority access to all content

Community Discord

Exclusive promotions and giveaways