Scalr Drift Detection: Capabilities and Processes

Infrastructure drift, the divergence of an infrastructure's actual state from its intended configuration, can result in compliance violations, security vulnerabilities, and operational disruptions. Scalr incorporates built-in drift detection functionalities to address this issue. This document outlines Scalr's drift detection capabilities.

Native Capability and Scheduling

Scalr includes a native drift detection capability integrated within the platform.

Drift detection can be enabled at the Environment level, allowing for selective monitoring of infrastructure sets. Upon enablement, a schedule can be defined for automated checks at specified intervals (e.g., daily, weekly). These scheduled checks encompass all workspaces within the designated Environment.

Scalr's drift detection does not exclusively rely on Git as the sole source of truth. While Git is utilized for IaC configuration version control, Scalr's detection can also identify discrepancies against the last known applied state.

Reporting and Notifications

Scalr provides mechanisms for reporting and notification when drift is detected:

• Dedicated Drift Tab: Runs identifying drift are listed in a "Drift Detection" tab in the Scalr interface, centralizing the review and management of detected changes.
• Notifications: Scalr supports notifications for drift alerts. Slack integration is currently available, with MS Teams integration planned.
• Drift Dashboards: Users can construct drift dashboards to gain an overview of all workspaces experiencing drift within their organization.

Automated Remediation

Scalr does not provide direct, fully automated remediation for detected drift. The platform requires user intervention to select a course of action. This approach maintains user control over infrastructure modifications.

Drift Actions

Upon detection of drift, Scalr offers the following actions:

1. Ignore: Users can decline to act on the detected changes. This option is appropriate if the drift is intentional, anticipated, or will be addressed manually outside of Scalr.
2. Sync State (Refresh-Only Run): This action updates Scalr's state file to reflect the detected changes in the actual infrastructure, equivalent to a "terraform refresh" operation. This action is classified as a billable run.
3. Revert Infrastructure (Plan & Apply Run): For undesired drift, users can initiate a rollback to the previously defined infrastructure state. Scalr will generate and apply a plan to revert the changes. This action is also classified as a billable run.

Summary

Scalr's drift detection offers an integrated solution for identifying and managing infrastructure drift. Key features include native functionality, scheduled checks, reporting mechanisms, and user-controlled remediation actions. The system is designed to help maintain configuration consistency and stability.

‍