DriftWarden 🛡️☁️

DriftWarden is an intelligent Infrastructure Governance Platform designed to maintain the integrity of multi-cloud environments (AWS & Azure).

It solves the "ClickOps" problem by continuously monitoring infrastructure for Drift (unauthorized changes made manually in the console), scanning these changes against security policies, and performing Auto-Remediation based on severity.

🏗️ Architecture

DriftWarden operates as a continuous loop of detection and correction, orchestrated by GitHub Actions.

1. Scheduled Scan: Runs hourly (terraform plan -detailed-exitcode).
2. State Locking: Acquires a lock on DynamoDB (AWS) or Blob Lease (Azure) to prevent race conditions.
3. Policy Check: Analyzes the plan using Trivy/Checkov.
4. Decision Engine:
   • Minor Drift: Auto-remediate.
   • Critical/Security Drift: Alert via Slack/Teams (ChatOps).

🚀 Key Features & Technical Highlights

1. Advanced State Management (The Locking Strategy)

A common challenge in CI/CD is the "Race Condition" where two pipelines try to modify the infrastructure simultaneously.

• DriftWarden implements a robust backend strategy using S3 + DynamoDB (AWS) and Storage Account (Azure).
• Mechanism: If a pipeline is running, the state file is locked. Any secondary attempt (e.g., a developer running terraform apply locally) is gracefully queued or rejected to prevent terraform.tfstate corruption.

2. The "Drift" Detection Engine

The core of the system relies on Terraform's exit codes to detect reality vs. code discrepancies.

terraform plan -detailed-exitcode
# Exit Code 0: Succeeded, diff is empty (No Drift)
# Exit Code 1: Error
# Exit Code 2: Succeeded, there is a diff (Drift Detected!)