IaC Drift Detection with rsync

Infrastructure drift detection is the only way to know. Changes happen outside of IaC pipelines. Manual tweaks, emergency hotfixes, or hidden automation can push systems out of sync with the code. Left unchecked, drift destroys trust in your deployments.

Iac drift detection with rsync is a fast, low-friction way to spot and reconcile these changes. Rsync compares live server state to the desired state stored in your infrastructure-as-code repository. By syncing directories in a dry-run mode, you can list exactly what has changed, without altering the systems during detection.

First, export the intended configuration to a directory. This can be a rendered Terraform plan, an Ansible-generated config set, or any IaC tool’s output. Then run:

rsync -avnc --delete /rendered-iac/ user@server:/actual-state/

The -n flag makes it a dry run. The --delete flag shows files that should not exist on the target. Every difference is a piece of drift. Pipe the output to a parser or feed it into a CI/CD job to trigger alerts.

Rsync is lightweight, widely available, and works over SSH out of the box. For many environments, this method detects file-level drift faster than waiting for a full IaC plan refresh. You can run it per-service, cluster-wide, or on a schedule. It scales linearly and exposes drift as a clear, file-based diff.

Combine rsync-based detection with other checks. Infrastructure drift can occur in systemd units, firewall rules, package versions, or cloud resource metadata. For files and directories—config, templates, binaries—rsync gives you a low-latency signal that something has moved.

The result is a tighter feedback loop between intended state and live state. Faster detection leads to faster fixes, fewer outages, and deploy pipelines you can trust.

Drift won’t wait. See how you can implement IaC drift detection with rsync in minutes—try it live now at hoop.dev.