Configuration Drift in a Multi-Cloud World
Configuration drift occurs when live infrastructure diverges from its IaC-declared state, and managing it becomes significantly harder across multiple cloud providers due to differing APIs, resource models, and lack of a unified source of truth. Common causes include manual console fixes during incidents, forgotten proof-of-concept resources, partial applies, and third-party tooling. Drift carries costs in security, reproducibility, destructive applies, and orphaned resource spend. The recommended approach is to codify all resources, run regular plan/refresh cycles across all providers, and treat each drift event as a deliberate reconciliation decision rather than an automatic revert. Two tools are contrasted: Atlantis (open-source, PR-driven, no native drift detection) and Spacelift (orchestration platform with built-in scheduled drift detection for Terraform, OpenTofu, Pulumi, and CloudFormation).