You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/docs/pulumi-cloud/deployments/drift.md
+3-43Lines changed: 3 additions & 43 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,50 +12,10 @@ menu:
12
12
identifier: pulumi-cloud-deployments-drift
13
13
---
14
14
15
-
Drift detection is the process of identifying changes in the actual state of your cloud environment that deviate from the expected state stored in Pulumi Cloud. This deviation can occur for various reasons, including manual adjustments made directly in the cloud provider’s console, unintended consequences of scripts, or unauthorized changes.
16
15
17
-
To use drift detection and remediation with Pulumi Deployments, you must first configure the deployment settings for your stack.
16
+
Drift detection is the process of identifying changes in the actual state of your cloud environment that deviate from the expected state stored in Pulumi Cloud. This deviation can occur for various reasons, including manual adjustments made directly in the cloud provider's console, unintended consequences of scripts, or unauthorized changes.
18
17
19
-
You can also run a remediate drift operation, which will run a `pulumi up --refresh` to treat the Pulumi program as the source of truth and override what is in the cloud. See [Understanding Drift Remediation](#understanding-drift-remediation) for detailed information about what happens during remediation.
20
-
21
-
## Understanding Drift Remediation
22
-
23
-
Drift remediation automatically corrects infrastructure drift by restoring cloud resources to match your Pulumi program. Remediation treats Infrastructure as Code as the authoritative source of truth and overwrites out-of-band changes.
24
-
25
-
When remediation runs, Pulumi executes `pulumi up --refresh` to:
26
-
27
-
1. Refresh the state to get current cloud resources
28
-
2. Compare actual state with desired state in your program
29
-
3. Generate and apply changes to align infrastructure with your code
30
-
31
-
**Use remediation when:**
32
-
33
-
- You want to maintain IaC as the source of truth
34
-
- Changes were made accidentally or without authorization
35
-
- Security or compliance requires automatic correction
36
-
37
-
**Consider alternatives when:**
38
-
39
-
- Changes were intentional and reflect new requirements
40
-
- Working with critical production systems requiring manual review
41
-
- Large-scale drift needs careful analysis before correction
42
-
43
-
**Remediation vs. Refresh:**
44
-
45
-
-**Remediation** (`pulumi up --refresh`): Updates cloud resources to match your program
46
-
-**Refresh** (`pulumi refresh`): Updates Pulumi state to match current cloud resources
47
-
48
-
## When Drift is Detected
49
-
50
-
When Pulumi detects drift, you have three response options:
51
-
52
-
1.**Remediate drift**: Restore infrastructure to match your Pulumi program. Treats Infrastructure as Code as authoritative and overwrites cloud changes. See [Understanding Drift Remediation](#understanding-drift-remediation) for details.
53
-
54
-
2.**Refresh**: Accept cloud changes and update Pulumi state to reflect current reality. You may also want to update your Pulumi program to align with the accepted changes.
55
-
56
-
3.**Manual review**: Manually review detected drift before taking action, especially for production environments or complex changes.
57
-
58
-
Use the Actions menu in Pulumi Cloud or appropriate CLI commands to perform these actions.
18
+
To use drift detection and remediation with Pulumi Deployments, you must first configure the deployment settings for your stack. You can run a remediate drift operation, which executes `pulumi up --refresh` to treat the Pulumi program as the source of truth and restore cloud resources to match your Infrastructure as Code. When drift is detected, you can choose to remediate (restore to IaC state), refresh (accept cloud changes), or manually review before taking action.
59
19
60
20
## Running Drift Detection from the CLI
61
21
@@ -90,7 +50,7 @@ In order to set up Drift Detection and Remediation in the Pulumi Cloud console,
90
50
91
51
92
52
3. Select "Drift"
93
-
4. (Optional) Turn on auto-remediation if applicable. See [Understanding Drift Remediation](#understanding-drift-remediation) for details about what happens when remediation runs.
53
+
4. (Optional) Turn on auto-remediation if applicable
0 commit comments