Drift Detection
Atmos Pro automatically detects when your deployed infrastructure has drifted from its expected state and can remediate it.
Infrastructure drift happens when the actual state of your deployed resources diverges from what's defined in your code. This can occur due to manual changes made in the cloud console, out-of-band updates from other tools, or failed deployments that left resources in an inconsistent state. Atmos Pro's drift detection finds these discrepancies automatically so you can address them before they cause problems.
With Drift Detection, you can:
Automatically detect when infrastructure drifts from its expected state
Schedule daily drift checks on a cron schedule
Remediate drift automatically with apply workflows
Track drift status across all your stacks in one place
Atmos Pro uses a workflow that runs
atmos list instances --upload to discover all deployed component instances. This workflow runs on every merge to the default branch and on a daily schedule, uploading the current state of all instances to Atmos Pro.Atmos Pro then dispatches plan workflows (configured in
settings.pro.drift_detection.detect) to check each instance for drift. If drift is detected, Atmos Pro can automatically dispatch apply workflows (configured in settings.pro.drift_detection.remediate) to fix it.The detection and remediation workflows are configured separately, giving you full control over what happens when drift is found. You might choose to detect drift without automatically remediating it, allowing your team to review changes before they are applied.
By default, Atmos Pro also verifies drift after successful apply and remediate runs. The repository-level Verify drift after apply setting dispatches a follow-up drift detection run for the same stack and component when a detection workflow is configured. This confirms the post-apply drift status with a fresh plan instead of relying only on apply success. If no detection workflow is configured, Atmos Pro skips the follow-up run and uses the apply result so the instance does not remain stuck in a checking state.
Detection runs plan workflows to identify drift across your stacks. Plans are uploaded to Atmos Pro for review, giving your team visibility into exactly what has changed. No changes are made to your infrastructure during detection—it is a read-only operation.
This is useful for teams that want to review drift before taking action, or for environments where automatic remediation is not appropriate.
To enable drift detection, add the following configuration to your stack mixins:
drift-detection-wf-config: &drift-detection-wf-config
atmos-terraform-plan.yaml:
inputs:
component: "{{ .atmos_component }}"
stack: "{{ .atmos_stack }}"
apply-wf-config: &apply-wf-config
atmos-terraform-apply.yaml:
inputs:
component: "{{ .atmos_component }}"
stack: "{{ .atmos_stack }}"
github_environment: "{{ .vars.stage }}"
settings:
pro:
drift_detection:
enabled: true
detect:
workflows: *drift-detection-wf-config
remediate:
workflows: *apply-wf-configThe
settings.pro.drift_detection.detect block points Atmos Pro at the plan workflow to dispatch for drift checks. That workflow should run atmos terraform plan --upload so Atmos Pro receives the drift result.Use descriptive workflow filenames (e.g.,
atmos-terraform-plan.yaml, atmos-terraform-apply.yaml) so Atmos Pro can
identify the command type. See Workflow Naming
Conventions.Ready to configure drift detection?
Visit the drift detection configuration page to set it up.