Business Problem
Cloud infrastructure drifts from its desired state due to manual changes, failed deployments, or external modifications. This leads to security vulnerabilities, compliance violations, and unpredictable behavior.
Solution Overview
Connect Terraform MCP Server with AWS MCP Server and Slack for continuous drift detection. The agent periodically plans Terraform changes, identifies drift, and either auto-remediates or alerts the team.
Implementation Steps
Connect Terraform MCP Server
Set up the Terraform MCP Server pointing to your state files and configuration.
Schedule Drift Checks
Create a cron-triggered agent that runs terraform plan every hour to detect changes.
Classify Drift Severity
Categorize detected drift as critical (security groups, IAM), warning (instance types), or info (tags).
Auto-Remediate Safe Changes
Automatically apply fixes for low-risk drift like missing tags or incorrect instance counts.
const plan = await terraform.plan();
const changes = plan.resource_changes.filter(c => c.change.actions.includes('update'));
const safeChanges = changes.filter(c => isSafeToAutoFix(c));
if (safeChanges.length > 0) {
await terraform.apply({ targets: safeChanges.map(c => c.address) });
await slack.sendMessage({ channel: '#infra', text: `Auto-fixed ${safeChanges.length} drift issues` });
}Alert on Critical Drift
Send PagerDuty alerts for critical infrastructure changes that require human review.
Code Examples
function classifyDrift(change) {
const criticalResources = ['aws_security_group', 'aws_iam_role', 'aws_iam_policy'];
if (criticalResources.some(r => change.type.startsWith(r))) return 'critical';
if (change.change.actions.includes('delete')) return 'critical';
if (change.type.includes('instance')) return 'warning';
return 'info';
}