I'm currently delving into Infrastructure as Code (IaC) and I've encountered a common issue: drift due to ClickOps. What are some effective methods to detect these drifts? Is it even possible to track them if they occur?
5 Answers
First things first, you need to have IaC implemented before you even start thinking about drift detection. Without IaC in place, there's nothing to compare against if changes are made via ClickOps.
You can allow ClickOps on development environments for quick tests. It’s useful to click around, see how things work in the portal, and then later translate those observations back into your IaC. Just make sure it's strictly controlled!
To tackle drift, restrict ClickOps permissions entirely. Ideally, only allow ClickOps in a sandbox or development environment where you can experiment safely. This way, you can ensure that your production infrastructure remains stable.
If you're using Terraform, simply run a plan command to check for changes. This will show you any discrepancies between your actual infrastructure and the code you have. Make sure to run these checks when no other changes are happening to get an accurate picture.
The best way to handle ClickOps is to have strict policies in place. Enforce a policy that prohibits any ClickOps in production. If someone breaks the rule, hold them accountable! You want your team to be disciplined in maintaining IaC.
Absolutely! Running plans at a time when you can lock out changes is key. If you consistently see non-zero changes, that indicates some drift that you'll need to address.