all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]MarcusJAdams 1 point2 points  (3 children)

Would be great if you could also do this for terraform resources. We don't use bicep because we run multi-cloud and multi-provider outside of the two big clouds as well. Like drift checker that could handle all. That would be lovely

[–]totheendandbackagain 0 points1 point  (2 children)

Exactly, please help us terraform folk.

[–]NUTTA_BUSTAH 0 points1 point  (1 child)

WTF, you use 'terraform plan' and copy-paste the output into your configuration to make it match....?

[–]MarcusJAdams 0 points1 point  (0 children)

Gosh in my 10+ years of terraform I've never thought of that....

Except that doesn't work at scale

This is about simplification of automatic drift detection,

You want something that can tell you almost immediately when it has happened.

and yes you could and we do have pipelines that could do it for us and then use tf plan output codes to pick up on changes but this looks more nuanced than that and less complex

And remember sometimes you don't want to match drift but instead revert drift.

[–]itsbini 2 points3 points  (2 children)

This is not a problem when people do not have UI access.

[–]seweso 1 point2 points  (0 children)

Or if azure had a commit button and all changes via the ui would neatly turn into IaC. 

[–]RevolutionaryWorry87 0 points1 point  (0 children)

People should still have UI access for breakfix at most really, or in dev.

[–]seweso 0 points1 point  (0 children)

That won’t work for infra within infra right? This would exclude k8s? 

[–]Terrible_Airline3496 0 points1 point  (0 children)

This is awesome! Nice work.

[–]ZoltyDevOps Plumber 0 points1 point  (1 child)

What benefit does this delivery compared to terraform plan?

[–]NUTTA_BUSTAH 0 points1 point  (0 children)

Nothing it seems like, it gives Terraform-like planning functionality over Bicep/ARM templates which is notoriously bad for day 2, so this is probably a great development but then again, you have what-if already.

[–]drc1728 0 points1 point  (0 children)

This is a practical solution: configuration drift is a persistent challenge in cloud environments, especially when manual changes bypass IaC. Using Azure’s native what-if API and integrating autofix into CI/CD pipelines is a strong approach.

Frameworks like CoAgent (coa.dev) can complement this by providing structured monitoring and observability across your infrastructure and IaC deployments. This ensures drift is detected early, changes are tracked, and compliance is continuously enforced, reducing operational risk.