Brainboard's documentation
Go to the app ↗
  • Welcome
  • Getting started
    • Fast track
    • Start with a template
    • Start with AI
    • Use cases videos
    • Brainboard philosophy
  • Cloud design
    • Left bar
      • Cloud resources
      • Input & output
    • Design area
      • Node
      • ID card
      • Connectors
      • Versioning
      • Graphical options
    • One action
    • Code Edition
  • Data
    • Data structure
      • Project
      • Environment
      • Cloud architecture
        • Terraform files
        • Readme file
        • Architecture Synchronization
        • Remote backend
      • Template
    • Cloud providers
      • Supported cloud providers
      • Customize provider configuration
      • Unsupported cloud providers
    • Terraform / OpenTofu
      • Modules
        • Module
        • Import modules
        • Manage module
        • Terraform registry credentials
        • Use modules
    • Disaster recovery
  • Automation
    • CI/CD engine
    • Supported plugins
      • Terraform
      • Security
        • Trivy
        • Tfsec
        • Terrascan
        • OPA
        • Checkov
      • Infracost
      • Notifications
        • Email
        • Slack
        • Microsoft Teams
      • Webhooks
    • Pipelines
    • Workflow templates
    • Drift detection
      • Types of drift
      • Remediation
    • Self-Hosted Runner
      • Deploy runner with Kubernetes
      • Deploy runner with docker-compose
  • Settings
    • Overview
    • Authentication
      • Login into Brainboard
      • Single sign-on (SSO)
    • Account management
    • Organization
    • Members
    • Teams
    • Roles & Permissions (RBAC)
      • Level of access
      • Organization RBAC
      • Project RBAC
    • Integrations
      • Git configuration
        • GitHub
        • Azure DevOps (ADO)
        • Bitbucket
        • GitLab
        • How to use
      • Cloud providers
        • AWS
        • Azure
        • GCP
        • OCI
  • Security
    • Data managed by Brainboard
    • SOC 2 Type II
    • Role Based Access Control
  • Help & FAQ
    • Shortcuts
    • FAQ
    • Migration
      • Import from cloud provider
    • Support
    • Glossary
  • Changelog
Powered by GitBook
On this page
  • Overview
  • Detecting the drift
  • Output
  • Best practices

Was this helpful?

Edit on GitHub
  1. Automation

Drift detection

PreviousWorkflow templatesNextTypes of drift

Last updated 8 months ago

Was this helpful?

Overview

Brainboard allows you to detect any drift happening to the cloud infrastructure, and in some cases it removes the root cause of the drift.

Detecting the drift

To detect a drift happening to the cloud infrastructure, you have 2 options. Both options are based on a workflow.

Actually, Brainboard is the only tool in the market that allows you to create multiple CI/CD workflows for the same infrastructure. You can for e.g. create a workflow for security checks, another one for costs and a third one to detect a drift.

Refer to this page if you want additional information about workflows.

Manual workflow

You can create a workflow to check if a drift has happened to the cloud infrastructure and run it manually as follows:

  1. Go to the CI/CD page of the infrastructure by clicking on the rocket in the top bar

  2. Either create a new workflow by clicking on the button New workflow or use the public template called [Public] Drift detection by Brainboard:

  3. Once the workflow created, add a drift detection task and give it a name:

  4. Run the pipeline by clicking on the button on the top right called Run pipeline.

Scheduled automatic detection

  1. Go to the CI/CD page of the infrastructure by clicking on the rocket in the top bar

  2. Either create a new workflow by clicking on the button New workflow or use the public template called [Public] Drift detection by Brainboard:

  3. Open the settings of the workflow you just created:

  4. Activate the cron schedule and specify the frequency of the execution of the workflow

  5. If you want to be notified when a drift is detected, enable Notify on failure and specify the email address(es) that will receive the notification.

Output

When the pipeline runs (either manually or automatically), Brainboard creates an execution environment, runs the detection and gives you the output:

When a drift is detected, the workflow will be marked as failed, because when a drift happens this is considered a failure by Brainboard as the infrastructure doesn't comply with the provisioned one.

Best practices

It's a good practice to use the automatic scheduled drift detection, for both critical workloads in case anything unwanted happens outside the source of truth, and for non-critical workloads to control costs and detect any modification that may increase them beyond the allowed budget.

You can use this to generate a cron expression.

crontab generator
Drift task output