Declarative, drift-aware infrastructure — stateless, multi-cloud ready, and human-centric.
Drift is Ataiva's next-generation Infrastructure-as-Code platform. It solves the common pain points of existing IaC tools — brittle state files, drift surprises, and complex multi-cloud orchestration — by offering a stateless, DAG-driven execution engine with real-time reconciliation and human-friendly CLI workflows.
- Stateless Execution: No centralized state files - infrastructure state is inferred from cloud provider APIs WORKING
- Real-time Drift Detection: Continuous reconciliation with optional auto-healing WORKING
- DAG-based Orchestration: Parallel execution with intelligent dependency resolution WORKING
- Human-centric CLI: Clean, readable output with comprehensive change summaries WORKING
- Expression Language: Support for loops, conditionals, and variables in YAML WORKING
- Policy-as-Code: Built-in security and governance policy enforcement WORKING
- Module System: Reusable infrastructure components with local module support WORKING
- Multi-cloud Ready: Extensible provider system (AWS production-ready, Kubernetes planned)
Drift is production-ready for AWS infrastructure management with:
- Complete stateless execution with AWS API integration
- Real-time drift detection and auto-healing
- DAG-based parallel execution with dependency resolution
- Comprehensive error handling and retry logic
- S3 Buckets: Full lifecycle management with versioning and tagging
- EC2 Instances: Complete instance management with state tracking
- VPC Networking: VPC, subnet, internet gateway, and security group management
- Lambda Functions: Serverless function deployment and management
- Database Services: RDS instances and DynamoDB tables with full configuration
- API Gateway: REST API management for serverless architectures
- IAM Resources: Complete IAM user, role, and policy management with tagging
- Resource Validation: Comprehensive validation for all resource types
- Built-in security policies (S3 versioning, resource tagging)
- Governance policies (environment tagging, cost optimization)
- Severity-based enforcement (errors, warnings, info)
- Real-time policy evaluation during bootstrap
- Module system for reusable infrastructure components
- Expression language with conditionals and loops
- Comprehensive CLI with human-readable output
- Full test coverage with integration testing
Ready to use Drift in production? Check out our comprehensive documentation:
- Complete Documentation - Auto-generated, always up-to-date
- Getting Started Guide - Step-by-step tutorial
- API Reference - Complete CLI command reference
- Configuration Reference - YAML configuration guide
- Examples - Real-world use cases and patterns
Or jump right in with the Quick Start below.
Download the latest release for your platform:
- Linux (x64): drift-linux-amd64
- Linux (ARM64): drift-linux-arm64
- macOS (Intel): drift-darwin-amd64
- macOS (Apple Silicon): drift-darwin-arm64
- Windows (x64): drift-windows-amd64.exe
After downloading, make the binary executable and move it to your PATH:
# Linux/macOS
chmod +x drift-*
sudo mv drift-* /usr/local/bin/drift
# Verify installation
drift --version# Clone the repository
git clone https://github.com/ataiva-software/drift.git
cd drift
# Build the binary
go build -o drift .
# Install globally (optional)
go install .project: my-app
environment: dev
variables:
region: us-east-1
tags:
owner: platform-team
purpose: demo
Environment: dev # Required by policy
providers:
aws:
region: "${region}"
profile: default
resources:
# S3 bucket with versioning (policy compliant)
- kind: aws:s3:bucket
name: my-app-logs
properties:
versioning: true # Required by policy
tags:
owner: platform-team
purpose: demo
Environment: dev # Required by policy
driftPolicy:
autoHeal: true
notifyOnly: false
# RDS database
- kind: aws:rds:instance
name: my-app-db
properties:
db_instance_class: db.t3.micro
engine: mysql
engine_version: "8.0"
db_name: myapp
master_username: admin
master_user_password: "ChangeMe123!"
allocated_storage: 20
backup_retention_period: 1
tags:
owner: platform-team
purpose: demo
Environment: dev # Required by policy
driftPolicy:
autoHeal: true
notifyOnly: false
# Multiple EC2 instances using count
- kind: aws:ec2:instance
name: web-${index}
count: 2
properties:
instance_type: t3.micro
ami: ami-0abcdef1234567890
tags:
Name: "web-${index}"
Environment: "${environment}"
owner: "${tags.owner}"
driftPolicy:
autoHeal: true
notifyOnly: false
depends_on:
- "aws:rds:instance.my-app-db"
# IAM user for application access
- kind: aws:iam:user
name: app-service-user
properties:
path: "/applications/"
tags:
owner: platform-team
purpose: application-access
Environment: dev # Required by policy
driftPolicy:
autoHeal: true
notifyOnly: falsedrift bootstrapOutput:
Bootstrapping Drift environment...
Installing provider aws...
Validating configuration...
Configuration validated successfully
Found 5 resource instances
Evaluating policies...
No policy violations found
Bootstrap complete!
drift previewOutput:
Inspecting live infrastructure...
Changes detected:
+ 5 new resources will be created
Detailed changes:
+ Create aws:s3:bucket.my-app-logs (aws:s3:bucket)
+ Create aws:rds:instance.my-app-db (aws:rds:instance)
+ Create aws:ec2:instance.web-0 (aws:ec2:instance)
+ Create aws:ec2:instance.web-1 (aws:ec2:instance)
+ Create aws:iam:user.app-service-user (aws:iam:user)
Next: run 'drift commit' to apply these changes.
drift commitOutput:
Committing infrastructure changes...
--- Execution Level 1 ---
+ Creating aws:s3:bucket.my-app-logs
✓ Completed aws:s3:bucket.my-app-logs
+ Creating aws:rds:instance.my-app-db
✓ Completed aws:rds:instance.my-app-db
+ Creating aws:iam:user.app-service-user
✓ Completed aws:iam:user.app-service-user
--- Execution Level 2 ---
+ Creating aws:ec2:instance.web-0
+ Creating aws:ec2:instance.web-1
✓ Completed aws:ec2:instance.web-0
✓ Completed aws:ec2:instance.web-1
--- Execution Complete ---
Commit complete (duration: 3m45s)
Changes applied:
+ Created aws:s3:bucket.my-app-logs
+ Created aws:rds:instance.my-app-db
+ Created aws:iam:user.app-service-user
+ Created aws:ec2:instance.web-0
+ Created aws:ec2:instance.web-1
drift align --onceOutput:
Aligning desired state with reality... (14:30:15)
Infrastructure aligned (no drift detected)
Drift includes built-in policies that automatically evaluate your infrastructure:
# Example with policy violations
drift bootstrap --config examples/policy-demo.yamlOutput:
Bootstrapping Drift environment...
Installing provider aws...
Validating configuration...
Configuration validated successfully
Found 4 resource instances
Evaluating policies...
Found 3 policy violations:
3 warnings
- aws:s3:bucket.bad-bucket: S3 bucket should have versioning enabled for data protection
- aws:s3:bucket.bad-bucket: Resource must have an Environment tag for proper resource management
- aws:rds:instance.demo-db: Resource must have an Environment tag for proper resource management
Bootstrap complete!
Built-in Policies Include:
- S3 versioning enforcement
- Resource tagging requirements
- Cost optimization rules
- Security best practices
| Command | Description |
|---|---|
bootstrap |
Install providers, pull modules, and validate configuration |
preview |
Preview changes and detect drift (dry-run) |
commit |
Apply infrastructure changes |
align |
Continuously reconcile drift |
dismantle |
Destroy infrastructure resources |
# Bootstrap
drift bootstrap --config infra.yaml
# Preview with JSON output
drift preview --output json
# Commit with DAG visualization
drift commit --graph --auto-approve
# Continuous alignment
drift align --interval 10m
# One-time alignment
drift align --once
# Destroy infrastructure
drift dismantle --auto-approveAll commands support multiple output formats for CI/CD integration:
# Human-readable output (default)
drift bootstrap --output human
# JSON output for automation
drift bootstrap --output json
# Markdown output for documentation
drift bootstrap --output markdownCI/CD Integration: See examples/ci-cd-integration.md for complete GitHub Actions, GitLab CI, and Jenkins pipeline examples.
project: string # Project name
environment: string # Environment (dev, staging, prod)
variables: # Global variables
key: value
providers: # Cloud providers
aws:
region: string
profile: string
modules: # Reusable modules (future)
name:
source: string
version: string
inputs: {}
resources: # Infrastructure resources
- kind: string
name: string
properties: {}
driftPolicy: {}Runestone supports expressions in YAML values using ${} syntax:
# Variable substitution
region: "${region}"
# Ternary conditions
instance_type: "${environment == 'prod' ? 't3.large' : 't3.micro'}"
# Complex expressions
storage_size: "${environment == 'prod' ? 100 : 20}"
backup_enabled: "${environment == 'prod'}"resources:
- kind: aws:ec2:instance
name: web-${index}
count: 3
properties:
instance_type: t3.micro
tags:
Name: "web-${index}"variables:
regions: [us-east-1, us-west-2, eu-west-1]
resources:
- kind: aws:s3:bucket
name: "logs-${region}"
for_each: "${regions}"
properties:
versioning: true
tags:
region: "${region}"resources:
- kind: aws:s3:bucket
name: my-bucket
properties:
versioning: true
driftPolicy:
autoHeal: true # Automatically fix drift
notifyOnly: false # Don't just notify, take action| Resource Type | Kind | Properties |
|---|---|---|
| Storage | ||
| S3 Bucket | aws:s3:bucket |
versioning, tags |
| Compute | ||
| EC2 Instance | aws:ec2:instance |
instance_type, ami, tags |
| Lambda Function | aws:lambda:function |
runtime, handler, role, code_content, timeout, memory_size, tags |
| Networking | ||
| VPC | aws:ec2:vpc |
cidr_block, tags |
| Subnet | aws:ec2:subnet |
vpc_id, cidr_block, availability_zone, tags |
| Internet Gateway | aws:ec2:internet_gateway |
tags |
| Security Group | aws:ec2:security_group |
description, vpc_id, ingress, egress, tags |
| Database | ||
| RDS Instance | aws:rds:instance |
db_instance_class, engine, engine_version, db_name, master_username, master_user_password, allocated_storage, backup_retention_period, tags |
| DynamoDB Table | aws:dynamodb:table |
hash_key, range_key, attributes, tags |
| API & Integration | ||
| API Gateway | aws:apigateway:rest_api |
description, tags |
| Security & Identity | ||
| IAM User | aws:iam:user |
path, tags |
| IAM Role | aws:iam:role |
assume_role_policy, path, description, tags |
| IAM Policy | aws:iam:policy |
policy, path, description, tags |
Ready for Production: All resources include full CRUD operations, drift detection, policy compliance, and comprehensive validation.
Run the test suite:
# Run all tests
go test ./...
# Run tests with coverage
go test -cover ./...
# Run specific package tests
go test ./internal/config
go test ./internal/providers/aws
go test ./internal/drift
go test ./internal/executordrift/
├── cmd/ # CLI commands
│ ├── bootstrap.go
│ ├── preview.go
│ ├── commit.go
│ ├── align.go
│ ├── dismantle.go
│ └── docs.go # Documentation generation
├── internal/
│ ├── config/ # Configuration parsing
│ ├── providers/ # Cloud provider implementations
│ │ └── aws/
│ ├── executor/ # DAG execution engine
│ ├── drift/ # Drift detection
│ └── docs/ # Documentation generation
├── examples/ # Example configurations
├── docs/ # Generated documentation
├── .github/workflows/ # GitHub Actions
├── Makefile # Build automation
└── README.md
Drift uses a Makefile for build automation with automatic documentation generation:
# Development build with docs
make dev
# Full release build
make release VERSION=v1.0.0
# Run tests
make test
# Generate documentation only
make docs
# Clean build artifacts
make clean
# Install globally
make installThe project includes two GitHub Actions workflows:
- Triggers: Every push to
mainand pull requests - Actions: Run tests, build binary, validate examples
- Purpose: Continuous integration and quality assurance
- Triggers:
- Manual dispatch with version input
- Push of version tags (e.g.,
v1.0.0)
- Actions:
- Run full test suite
- Build binaries for multiple platforms (Linux, macOS, Windows)
- Generate documentation
- Create GitHub release with binaries and release notes
- Purpose: Automated releases with cross-platform binaries
Option 1: Manual Trigger
- Go to GitHub Actions → Release workflow
- Click "Run workflow"
- Enter version (e.g.,
v1.0.0) - Workflow creates tag and release automatically
Option 2: Tag Push
git tag v1.0.0
git push origin v1.0.0Both methods create a GitHub release with:
- Cross-platform binaries
- Auto-generated release notes
- Complete documentation
Documentation is automatically generated during build using the drift docs command:
- Getting Started Guide - Step-by-step tutorial
- API Reference - Complete CLI command reference
- Configuration Reference - YAML configuration guide
- Examples - Practical use cases and patterns
# Generate docs manually
./drift docs --output docs
# Generated files:
# docs/getting-started.md
# docs/api-reference.md
# docs/configuration-reference.md
# docs/examples.md
# docs/README.md (overview)- Implement the
Providerinterface ininternal/providers/ - Register the provider in CLI commands
- Add resource validation and operations
- Write comprehensive tests
- Add resource kind to provider's
GetSupportedResourceTypes() - Implement CRUD operations in provider
- Add validation logic
- Write tests for the new resource type
We welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch
- Write tests for your changes
- Ensure all tests pass
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- 📧 Email: support@ataiva.com
- 🐛 Issues: GitHub Issues
- Documentation: docs/
- YAML configuration parsing WORKING
- Expression language with variables, conditionals, loops WORKING
- Resource expansion (count, for_each) WORKING
- Configuration validation WORKING
-
bootstrap- Install providers and validate configuration WORKING -
preview- Preview changes and detect drift WORKING (requires valid AWS credentials) -
commit- Apply infrastructure changes WORKING (requires valid AWS credentials) -
align- Continuously reconcile drift WORKING (requires valid AWS credentials) -
dismantle- Destroy infrastructure resources WORKING (requires valid AWS credentials) -
docs- Generate comprehensive documentation WORKING
- Provider initialization and authentication WORKING
- S3 bucket support (create, update, delete, state retrieval) WORKING
- EC2 instance support (create, state retrieval, delete) WORKING
- Resource tagging WORKING
- Error handling and retries WORKING
- DAG-based execution engine WORKING
- Dependency resolution WORKING
- Parallel execution WORKING
- State management (stateless design) WORKING
- Drift detection algorithm WORKING
- Auto-healing capabilities WORKING
- Comprehensive test suite WORKING (all tests passing)
- Integration tests with AWS WORKING (skips when no credentials)
- CLI help documentation WORKING
- Example configurations WORKING
- Automatic documentation generation WORKING
- Getting Started guide WORKING
- API Reference WORKING
- Configuration Reference WORKING
- Examples documentation WORKING
- Makefile with automated builds WORKING
- Automatic documentation generation on build WORKING
- Test automation WORKING
- Development and release builds WORKING
- RDS instance support (create, update, delete, state retrieval) WORKING
- IAM User support (create, update, delete, state retrieval) WORKING
- IAM Role support (create, update, delete, state retrieval) WORKING
- IAM Policy support (create, update, delete, state retrieval) WORKING
- VPC support (create, update, delete, state retrieval) WORKING
- Subnet support (create, update, delete, state retrieval) WORKING
- Internet Gateway support (create, update, delete, state retrieval) WORKING
- Enhanced resource validation and error handling WORKING
- Comprehensive test coverage for all AWS resources WORKING
- Policy engine with rule evaluation WORKING
- Built-in security and governance policies WORKING
- Policy violation detection and reporting WORKING
- Integration with bootstrap command WORKING
- Severity-based policy enforcement WORKING
- Module registry and management WORKING
- Local module loading support WORKING
- Module validation and expansion framework WORKING
- Comprehensive test coverage WORKING
- Kubernetes provider
- Enhanced AWS resources (Lambda, CloudFormation) Lambda WORKING
- JSON/Markdown output for CI/CD WORKING
- CI/CD integration examples WORKING
- Multi-cloud orchestration (GCP, Azure)
- Self-healing infrastructure
- Observability and metrics
- GraphQL/REST API
- Cost analysis and optimization
- Performance optimization
- Universal infrastructure control plane
- Plugin ecosystem
- GUI dashboard
- Advanced policy engine
- AI-powered infrastructure optimization
Built with by Ataiva Software