Drift Dashboard
Terracotta AI provides an org-wide Drift Dashboard that surfaces infrastructure drift across all your connected repositories in a single view β giving your team immediate visibility into which resources have diverged from their Terraform state.
π Overview
The Drift Dashboard aggregates drift scan results from every connected repository into one unified interface. Instead of checking individual repos or waiting for PR-triggered scans, you get a real-time picture of your infrastructure's alignment with its declared state.
Use the dashboard to:
- Monitor drift health across your entire organization
- Identify which repos have the most drifted resources
- Trigger on-demand scans without opening a pull request
- Drill into individual resources to understand what changed
π Dashboard Layout
The dashboard is organized into three layers:
Health Bar
A visual summary at the top showing the overall drift percentage across all repos. Green indicates full compliance, while red segments represent drifted resources.
Repository Cards
Each connected repo appears as a summary card displaying:
- Repository name and provider (GitHub / GitLab)
- Total resources tracked
- Count of drifted vs. compliant resources
- Last scan timestamp
- A quick-action button to trigger a new scan
Aggregate Counts
Below the repo cards, totals are displayed for:
- Drifted resources β resources where live cloud state differs from Terraform state
- Compliant resources β resources that match their declared configuration
- Missing resources β resources present in state but deleted from the cloud
π οΈ Running a Drift Scan
To scan a repository from the dashboard:
- Locate the repo card on the Drift Dashboard
- Click Run Scan
- Terracotta fetches the Terraform state and compares each resource against the live cloud environment using direct AWS SDK calls
- Results populate on the dashboard and in the report detail view
Scans run asynchronously β you can navigate away and return to see results once complete.
Drift scans require AWS credentials configured for the repository. See the AWS Integration Setup Guide for IAM role configuration.
π Plan Limits
| Plan | Repos for Drift Detection |
|---|---|
| OSS (Free) | 1 repo |
| Pro | Unlimited repos |
| Enterprise | Unlimited repos |
Drift detection requires AWS integration credentials configured on each repository. Without credentials, the repo card appears but scans are disabled.
π Report Details
Expand any repo card to see the full drift report:
- Drifted resources β Each resource listed with its type, primary ID, and the specific fields that differ between state and live
- What changed β Side-by-side comparison of Terraform state values vs. live AWS values for each drifted field
- Recommended actions β Contextual suggestions: reconcile with code, remove from state, or accept and override
- Severity ratings β Each drifted resource is scored based on security impact, blast radius, and compliance implications
Click any individual resource to navigate to the detailed drift view with Mermaid attribute comparison tables.
π TL;DR
- The Drift Dashboard gives you an org-wide view of infrastructure drift across all repos
- Health bar, repo cards, and aggregate counts provide layered visibility
- Run on-demand scans from any repo card without opening a PR
- Expand a repo to see drifted resources, field-level diffs, and recommended actions
- OSS plan supports 1 repo; Pro and Enterprise support unlimited
- AWS credentials must be configured per-repo for drift scans to run
Updated about 22 hours ago