CloudDrift

CloudDrift is a web app (with optional CLI) that continuously detects and explains configuration drift across AWS, Azure, and GCP. It snapshots your “known-good” infrastructure and security posture, then compares it to what’s running now—highlighting risky changes like widened security groups, public storage, disabled logging, or IAM privilege creep. Instead of dumping raw diffs, it generates a short, actionable incident-style report: what changed, who/what likely changed it (Terraform, console, CI, or a specific principal), blast radius, and the safest rollback path. Teams can set drift policies (e.g., ‘no public S3 buckets’, ‘no admin role grants’) and get alerts in Slack/PagerDuty with one-click evidence for audits. This is not a full IaC platform; it’s a focused drift and accountability layer that works even when your infrastructure is a messy mix of IaC and click-ops.