Configuration drift
Configuration drift is the gradual divergence between a system's actual configuration and its declared/documented configuration, caused by manual changes that bypass the infrastructure-as-code source of truth.
Drift accumulates through one of three paths: emergency manual fixes that were never codified back into the IaC repo, vendor-side changes that the team didn't notice (cloud provider defaults change), or out-of-band tooling (the agent installed manually for a one-off debug, the firewall rule added through the cloud console). Detection requires periodic reconciliation: terraform plan, Ansible --check, AWS Config drift detection, or Kubernetes' built-in declarative reconciliation loop. The lasting fix is immutable infrastructure: if the only path to change a server is replacing it, drift is structurally impossible.
Related terms
- Immutable infrastructure
Immutable infrastructure is the operational pattern where servers are never modified after deployment — to change configuration or apply patches, a new image is built and the old instances are replaced rather than updated in-place.
- Infrastructure as code
Infrastructure as code (IaC) is the practice of defining and provisioning infrastructure — servers, networks, databases, IAM policies — through machine-readable declaration files rather than manual configuration.
- GitOps
GitOps is a deployment methodology, coined by Weaveworks in 2017, in which the desired state of infrastructure and applications is declared in Git and reconciled to running systems by an automated agent.