- Home
- Skills
- Williamzujkowski
- Cognitive Toolworks
- Devops Drift Detector
devops-drift-detector_skill
- Python
5
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill williamzujkowski/cognitive-toolworks --skill devops-drift-detector- CHANGELOG.md1.8 KB
- index-entry.json789 B
- SKILL.md14.9 KB
Overview
This skill detects and remediates infrastructure drift between IaC definitions and live cloud state with continuous monitoring and optional automated remediation. It produces drift reports, impact analysis, remediation plans, and an audit trail suitable for compliance and post-incident review. The skill supports Terraform, CloudFormation, Pulumi, and driftctl workflows.
How this skill works
The skill loads IaC state and compares it to live provider state using tool-native commands or driftctl. It classifies changes (added, modified, deleted), computes severity (high/medium/low) based on security, compliance and dependency impact, and generates a remediation plan (accept, revert, ignore). For policy-allowed cases it can execute remediation with pre-flight checks, post-validation scans, and audit logging.
When to use it
- You detect manual changes outside the IaC workflow or suspect untracked modifications
- Scheduled or pre-deployment drift scans (daily, weekly, or on-demand)
- Continuous compliance monitoring in regulated environments
- After provider API or IaC tool changes that may desynchronize state
- Post-incident investigations to identify unauthorized configuration changes
Best practices
- Always backup state files and take pre-flight snapshots before any automated remediation
- Classify remediation policy per environment: manual for prod, semi-auto for staging, auto for dev
- Map drifted resources to compliance controls to prioritize fixes by impact
- Require approval for high-severity network or IAM changes; auto-remediate low-severity tag changes
- Track drift trends and correlate with change tickets to find recurring root causes
Example use cases
- Quick single-workspace scan: terraform plan -refresh-only to detect and recommend reverting an unauthorized security group change
- Multi-stack scheduled scans: run driftctl across accounts, generate compliance report and trend dashboard
- Semi-automated remediation: require approval for high-risk steps, auto-apply low-risk fixes and log actions
- Incident response: produce timestamped drift report mapping violations to NIST/PCI controls for audit
- Targeted scans: filter by resource type or tags to monitor critical services (IAM, network, encryption)
FAQ
Terraform, CloudFormation, Pulumi, and driftctl are supported; the skill requires accessible state or valid cloud credentials.
When should remediation be fully automated?
Fully-automated remediation is appropriate for low-severity, pre-approved resource types in non-production environments; require approvals for production and security-sensitive changes.
How is severity determined?
Severity is computed from changed resource type and attributes: security/network and IAM changes are high, core config changes are medium, tags/metadata are low.