devops-drift-detector_skill

This skill detects infrastructure drift between IaC and live state and generates remediation plans with audit trails.
  • Python

5

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill williamzujkowski/cognitive-toolworks --skill devops-drift-detector

  • CHANGELOG.md1.8 KB
  • index-entry.json789 B
  • SKILL.md14.9 KB

Overview

This skill detects and remediates infrastructure drift between IaC definitions and live cloud state with continuous monitoring and optional automated remediation. It produces drift reports, impact analysis, remediation plans, and an audit trail suitable for compliance and post-incident review. The skill supports Terraform, CloudFormation, Pulumi, and driftctl workflows.

How this skill works

The skill loads IaC state and compares it to live provider state using tool-native commands or driftctl. It classifies changes (added, modified, deleted), computes severity (high/medium/low) based on security, compliance and dependency impact, and generates a remediation plan (accept, revert, ignore). For policy-allowed cases it can execute remediation with pre-flight checks, post-validation scans, and audit logging.

When to use it

  • You detect manual changes outside the IaC workflow or suspect untracked modifications
  • Scheduled or pre-deployment drift scans (daily, weekly, or on-demand)
  • Continuous compliance monitoring in regulated environments
  • After provider API or IaC tool changes that may desynchronize state
  • Post-incident investigations to identify unauthorized configuration changes

Best practices

  • Always backup state files and take pre-flight snapshots before any automated remediation
  • Classify remediation policy per environment: manual for prod, semi-auto for staging, auto for dev
  • Map drifted resources to compliance controls to prioritize fixes by impact
  • Require approval for high-severity network or IAM changes; auto-remediate low-severity tag changes
  • Track drift trends and correlate with change tickets to find recurring root causes

Example use cases

  • Quick single-workspace scan: terraform plan -refresh-only to detect and recommend reverting an unauthorized security group change
  • Multi-stack scheduled scans: run driftctl across accounts, generate compliance report and trend dashboard
  • Semi-automated remediation: require approval for high-risk steps, auto-apply low-risk fixes and log actions
  • Incident response: produce timestamped drift report mapping violations to NIST/PCI controls for audit
  • Targeted scans: filter by resource type or tags to monitor critical services (IAM, network, encryption)

FAQ

Terraform, CloudFormation, Pulumi, and driftctl are supported; the skill requires accessible state or valid cloud credentials.

When should remediation be fully automated?

Fully-automated remediation is appropriate for low-severity, pre-approved resource types in non-production environments; require approvals for production and security-sensitive changes.

How is severity determined?

Severity is computed from changed resource type and attributes: security/network and IAM changes are high, core config changes are medium, tags/metadata are low.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
devops-drift-detector skill by williamzujkowski/cognitive-toolworks | VeilStrat