Claude-skill-registry detecting-infrastructure-drift
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/detecting-infrastructure-drift" ~/.claude/skills/majiayu000-claude-skill-registry-detecting-infrastructure-drift && rm -rf "$T"
manifest:
skills/data/detecting-infrastructure-drift/SKILL.mdtags
source content
Infrastructure Drift Detector
This skill provides automated assistance for infrastructure drift detector tasks.
Prerequisites
Before using this skill, ensure:
- Infrastructure as Code (IaC) files are up to date in {baseDir}
- Cloud provider CLI is installed and authenticated
- IaC tool (Terraform/CloudFormation/Pulumi) is installed
- Remote state storage is configured and accessible
- Appropriate read permissions for infrastructure resources
Instructions
- Identify IaC Tool: Determine if using Terraform, CloudFormation, Pulumi, or ARM
- Fetch Current State: Retrieve actual infrastructure state from cloud provider
- Load Desired State: Read IaC configuration from {baseDir}/terraform or equivalent
- Compare States: Execute drift detection command for the IaC platform
- Analyze Differences: Identify added, modified, or removed resources
- Generate Report: Create detailed report of drift with affected resources
- Suggest Remediation: Provide commands to resolve drift (apply or import)
- Document Findings: Save drift report to {baseDir}/drift-reports/
Output
Generates drift detection reports:
Terraform Drift Report:
Drift Detection Report - 2025-12-10 10:30:00 ============================================== Resources with Drift: 3 1. aws_instance.web_server Status: Modified Drift: instance_type changed from "t3.micro" to "t3.small" Action: Update IaC to match or revert instance type 2. aws_s3_bucket.assets Status: Modified Drift: versioning_enabled changed from true to false Action: Re-enable versioning or update IaC 3. aws_iam_role.lambda_exec Status: Deleted Drift: Role no longer exists in AWS Action: terraform apply to recreate Remediation Command: terraform plan -out=drift-fix.tfplan terraform apply drift-fix.tfplan
CloudFormation Drift:
StackName: production-vpc DriftStatus: DRIFTED Resources: - LogicalResourceId: VPC ResourceType: AWS::EC2::VPC DriftStatus: IN_SYNC - LogicalResourceId: PublicSubnet ResourceType: AWS::EC2::Subnet DriftStatus: MODIFIED PropertyDifferences: - PropertyPath: /Tags ExpectedValue: [{Key: Env, Value: prod}] ActualValue: [{Key: Env, Value: production}]
Error Handling
Common issues and solutions:
State Lock Error
- Error: "Error acquiring state lock"
- Solution: Ensure no other terraform process is running, or force-unlock if safe
Authentication Failure
- Error: "Unable to authenticate to cloud provider"
- Solution: Refresh credentials with
oraws configuregcloud auth login
Missing State File
- Error: "No state file found"
- Solution: Initialize terraform with
or specify remote backendterraform init
Permission Denied
- Error: "Access denied reading resource"
- Solution: Grant read-only IAM permissions to service account
State Version Mismatch
- Error: "State file version too new"
- Solution: Upgrade Terraform version or use compatible state version
Resources
- Terraform drift documentation: https://www.terraform.io/docs/cli/state/
- AWS CloudFormation drift detection: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/detect-drift-stack.html
- Drift remediation best practices in {baseDir}/docs/drift-remediation.md
- Automated drift detection scripts in {baseDir}/scripts/drift-check.sh
Overview
This skill provides automated assistance for the described functionality.
Examples
Example usage patterns will be demonstrated in context.