SYSTEM OPERATIONAL●EU‑WEST‑1 / EU‑CENTRAL‑1●p99 <2s
●v0.1.0-beta
Docs · Core concepts
Drift detection
Real cloud state vs. what your Terraform plan expects.
How it works
DriftGuard compares the resources in your terraform plan output against the real state in your cloud account. Any resource that exists in the plan but not in live state (or vice-versa) is flagged as drift.
AWS integration
Grant DriftGuard read-only access to your AWS account via STS AssumeRole. DriftGuard fetches the S3 state backend and compares it to the PR plan. No credentials are stored — only short-lived session tokens from STS.
# In your repo settings (DriftGuard dashboard) aws_role_arn: arn:aws:iam::123456789:role/DriftGuardReadOnly state_bucket: my-tf-state-bucket state_key: prod/terraform.tfstate aws_region: eu-west-1
Without AWS access
Without AWS integration, DriftGuard falls back to comparing the plan against any terraform.tfstate file committed in the repository. This is less accurate but requires no IAM setup.