Sign in Subscribe
Compare

Detecting Infrastructure Drift with Shell Scripting

Andrios Robert

1 min read

Infrastructure as Code (IaC) promises consistency. But drift lurks. Drift is when the live infrastructure no longer matches the code in your repository. It can break deployments, expose security holes, and make debugging painful. Detecting it early is critical.

Shell scripting is a direct, fast way to perform IaC drift detection without adding heavy tooling. When your infrastructure is managed by Terraform, CloudFormation, Pulumi, or similar, you can compare the declarative state against the actual state from APIs.

Start by pulling the expected state. For Terraform, run:

terraform show -json > expected.json

Fetch the live state from the provider:

aws cloudformation describe-stacks --output json > actual.json

Or query resources directly:

aws ec2 describe-instances --output json > actual.json

Then use diff or jq to pinpoint changes:

jq -S . expected.json > expected_sorted.json
jq -S . actual.json > actual_sorted.json
diff expected_sorted.json actual_sorted.json

This simple shell-based pipeline reveals any resource additions, deletions, parameter changes, or configuration mismatches.

To improve accuracy, normalize data before comparing. Remove timestamps, IDs, or metadata fields that change frequently but do not impact configuration. Store drift reports in CI logs so every commit can be checked against live infrastructure.

Integrate your shell script into a scheduled job or a pre-deploy hook. The faster drift is caught, the less damage it can cause. Many teams run drift detection daily or hourly to maintain tight control.

You can extend this approach for multi-cloud setups by writing provider-specific collection scripts and combining results into a single JSON tree. Simple shell commands, paired with strict IaC discipline, keep infrastructure reproducible and aligned.

Drift detection with shell scripting is lightweight, transparent, and easy to customize. It removes guesswork and exposes issues before they spiral.

Run it yourself and see how zero-drift feels. Visit hoop.dev to set it up and catch live infrastructure drift in minutes.

Sign up for more like this.

Enter your email
Subscribe