Infrastructure drift is silent until it breaks things. You run terraform plan thinking everything matches the repo, but it doesn’t. Someone changed something in the cloud console. A script tweaked a setting. A fix went straight to production and bypassed your IaC pipeline. Now your Git repo and your running infrastructure are out of sync.
IaC drift detection catches this before it turns into downtime or a security hole. But drift detection alone is not enough. You need to decide what to do the moment drift is found. That’s where Just-In-Time Action Approval becomes a game changer.
With Just-In-Time Action Approval, drift detection workflows don’t just alert — they pause, wait, and ask for human confirmation. Automated alerts feed into a fast approval process. When drift is real, you can approve the fix on the spot. When it’s noise, you dismiss it instantly. No waiting for the next scheduled run, no risky automation that overwrites something important.
A mature IaC drift detection system runs continuously. It scans state against declared code on every change, in real time. When mismatches happen, it gives the exact diff: resources created, modified, or destroyed outside code control. Adding Just-In-Time approval on top means every response is intentional. You lock down autopilot behaviors that cause hidden problems, while still moving at the pace of automation.
The best setups combine:
- Continuous IaC drift detection with clear, actionable output.
- Hooks to stop proposed changes until they’re approved.
- Native integration with your existing Git-based IaC workflow.
- Instant approval from chat, CLI, or web without long delays.
These patterns keep teams in control with the speed needed for modern cloud environments. You maintain compliance, reduce risk, and prevent expensive surprises.
You can see this working in minutes. Try it now with hoop.dev and watch IaC drift detection and Just-In-Time Action Approval run end-to-end.