Detect Drifts in StackGen

Overview

Drift Detection in StackGen identifies discrepancies between your deployed cloud infrastructure and the state defined in your Terraform configurations. This feature ensures visibility into unauthorized or unintended changes, enabling teams to maintain consistency, security, and compliance across their environments.

Lets see how its done in a step-by-step manner.

Prerequisites

Click to view

• Permissions and Authentication: To enable drift detection, StackGen requires read-only access to your cloud provider and a valid Terraform state file.

  Ensure that you have the following permissions:

  • AWS: IAM policies with Describe, List, and Get permissions for infrastructure components.
  • Azure: Role-based access control (RBAC) with read permissions for required resources.
  • GCP: Read-only IAM roles for resource discovery.

• CLI Version: Ensure StackGen CLI v0.50.1 or higher is installed.

• TOFU Installation: Install OpenTofu (v1.9.0+), a Terraform-compatible tool, and add it to your PATH.

• Cloud Credentials: Configure your AWS, Azure, GCP, or Civo credentials.

• StackGen Login: Authenticate using stackgen configure.

  • To configure your environment variables, refer to the articles Configure StackGen Cloud and Configure StackGen CLI

Drift in StackGen UI

Click to veiw

To begin with Drift, follow these steps:

1. From the StackGen cloud Home page, navigate to the Drifts tab.

2. Click the appStack for which you want to detect drift.

   note

   Before you select the appStack, ensure that:

   • The appStack must be deployed to your cloud to be able to detect drift.
   • You have configured a storage state backend, as the drift command needs access to the .tfstate file.

3. From the Actions column, click View CLI Commands to follow the CLI commands.

   note

   Skip Step 2 of the CLI commands for Drifts Test dialog if you’ve already configured your environment.

   

Enable Drift Detection

Click to veiw

Run the following command:

stackgen drift detect --appstack-id <appstack-id> --var="region=<region>”

Flags

Flag	Description	Required
--appstack-id	ID of the appStack to analyze. You can find this in the URL of your appStack in the StackGen UI. Example: app-stack-12345.	Yes
--var="region=<region>"	Cloud provider region where the app stack is deployed. Example: us-east-1, west-europe.	Yes

Follow the StackGen CLI documentation to detect drift via the CLI.

View Drift Results in UI

Click to veiw

1. From the StackGen cloud Home page, navigate to the Drifts tab.

2. Click the chart icon next to the appStack to view the Drift dashboard.

   

   You will be redirected to the CLI Runs dashboard.

   

   From here you can view the following:

   • Summary: High-level changes (resource types affected).
   • Details: Per-resource diffs (e.g., modified tags, configuration shifts).

3. Click individual resources to view granular details (e.g., modified tags, configurations).

   

4. If you have a Custom IaC, you can view it by clicking the CLI Runs tab and clicking the relevant run.

   

Best Practices

Review Changes Before Applying: Always inspect drift results before updating your appStack.