env0 Logo
Solutions
ship Fast
  • Managed Self-Service
    Better DevEx, greater velocity
  • IaC Automation
    Productivity and reliability at scale
Gain Full Context
  • Cloud Asset Management
    Improve IaC coverage and control
  • Drift Management
    Rapid detection, smart remediation
  • Analytics and Insights
    Data-driven cloud operations
manage With Confidence
  • IaC Governance
    Flexible guardrails and policies
  • Security & Compliance
    Enterprise-grade risk mitigation
  • Infrastructure Reliability
    High availability and performance
  • IaC Cost Controls
    Cost efficiency and predictability
Case StudiesPricingDocsIntegrations
Resources
RESOURCE LIBRARY
  • Events Hub
    Here’s Where You’ll Find Us Next
  • Blog
    All content, one place
  • Case Studies
    Customer success stories
  • Videos
    A frame worth a thousand words
  • Library
    Ebooks and solution briefs
  • New Features
    What's new on our platform
  • Terraform
    env0 and Terrafrom, better together
  • OpenTofu
    Shaping the future of IaC
  • How Tos
    Practical guides and tutorials
Featured ON OUR blog
Introducing env0 Cloud Analyst – AI-Powered Infrastructure Intelligence
Login
Free Trial
Get a Demo
Free TrialGet a Demo
Home
/
Case Study
/
This is some text inside of a div block.

Heading

This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
Home
/
Blog
/
Expanding Drift Remediation: Keep Your Code Aligned with Cloud Changes

Expanding Drift Remediation: Keep Your Code Aligned with Cloud Changes

Hadas Weinrib
Product Marketing
Schedule a technical demo
See env0 in action
With special guest
Mitchell Hashimoto
Case Study Video Background

Managing infrastructure drift doesn't always start with your code. Changes are often made directly to cloud resources—whether through urgent security hotfixes, manual fixes, or automated optimization and security tools. To ensure your Infrastructure as Code stays fully aligned, env0 now suggests a pull request based on those cloud-side changes, allowing you to easily review, merge, and sync your environments.

This enhancement expands drift remediation to cover the full lifecycle: detecting drift, analyzing its source, and giving you the flexibility to either align the cloud with your code or update your code to reflect changes made directly in the cloud—all handled manually or automatically based on your policies.

Why It Matters

Infrastructure environments are dynamic by nature. While the best practice is to make all changes through Infrastructure as Code, reality doesn't always follow the ideal. Urgent fixes, security updates, or automated tools often introduce changes directly in the cloud.

To keep your environments consistent and reliable, env0 now expands drift remediation beyond just redeploying your code. When changes are made directly in the cloud—whether manually or by automated systems—you can choose to update your code to reflect them. This can be done automatically or with manual review, giving you flexibility to decide how to manage each situation.

How It Works

When env0 detects drift between your Infrastructure as Code and the live cloud environment, it analyzes the difference and uses AI to generate code changes that reflect the current state of your infrastructure while preserving your existing structure and conventions.

You can choose how to reconcile the drift:

  • Redeploy your code – Apply your current codebase to bring the infrastructure back to its intended state.

  • Update your code – env0 rewrites only the relevant blocks, whether standalone resources or modules, and generates the necessary changes as a pull request in your connected version control system. You can review and merge the PR manually or configure it to be applied automatically based on policy.

When you choose to update your code, env0 analyzes the detected drift and uses AI to generate updated Terraform code. It rewrites only the affected blocks, whether they are standalone resources or part of modules, and commits those changes to a new branch in your connected version control system. A pull request is created automatically so you can review, approve, and merge the changes.

 env0 generates a pull request that summarizes the infrastructure differences that triggered the update.

When you inspect the diff, you’ll see exactly which lines were changed to bring your code in line with the live environment.

This flexibility enables you to choose whether to enforce the state defined in your code or adapt it to reflect what’s currently running—depending on the context of the change.

Automated Remediation Options

You can also configure env0 to take action automatically based on your policies. The following options are available for automated drift remediation:

  • Disabled – No automatic action is taken when drift is detected. You’ll receive a notification, but resolution is manual.

  • Sync Cloud to match Code – env0 automatically applies the changes from your IaC code to the cloud, resolving drift by deploying the current configuration.

  • Sync Code to match Cloud – env0 automatically opens a Pull Request to update your codebase to reflect the cloud state, syncing from the infrastructure back to the repository.

  • Smart Remediation –
    • When a change is detected in the cloud (e.g. a manual update or external automation), env0 generates the necessary code changes and opens a pull request to update the code.
    • When a change is detected in the codebase (e.g., a merge to main that hasn’t been applied), env0 automatically runs a deployment to apply it to the cloud.

env0 links all actions and pull requests to the affected environment, giving you full visibility and control over every change.

[Insert Screenshot Placeholder: Auto-generated PR showing cloud-side changes in code]

For more information about connecting your VCS, managing drift settings, and using automatic remediation, see Automatic Drift Remediation.

Wrapping Up

Being able to update your code based on changes made directly in the cloud gives you a new level of control and flexibility. Whether you're responding to critical security updates, operational fixes, or changes introduced automatically by optimization and security tools, env0 ensures your cloud environment and your Infrastructure as Code remain fully aligned. 

This capability helps teams move faster, reduce risk, and simplify the way they manage infrastructure changes.

Ready to see how env0 can help you manage drift end-to-end and keep your code and cloud in sync? Schedule a demo today.

‍

Help us build
OpenTofu Logo
The open source Terraform alternative
Join us on GitHub
in this post
This is some text inside of a div block.

Related Content

Drift Cause Analysis: Context That Drives Confident Action
Blog
video

Drift Cause Analysis: Context That Drives Confident Action

Yuval Nelinger
April 7, 2025
•
5 min read
Read more
Introducing env0 Cloud Analyst – AI-Powered Infrastructure Intelligence
Blog
video

Introducing env0 Cloud Analyst – AI-Powered Infrastructure Intelligence

Yuval Nelinger
March 26, 2025
•
5 min read
Read more
How Policy-as-Code Enhances Infrastructure Governance with Open Policy Agent (OPA)
Blog
video

How Policy-as-Code Enhances Infrastructure Governance with Open Policy Agent (OPA)

March 24, 2025
•
5 min read
Read more

Schedule a technical demo. See env0 in action.

Get a Demo
Founding member:
OpenTF Logo
Available on:
  • AWS Marketplace Logo
    AWS
    Marketplace
  • Azure Marketplace Logo
    Azure
    Marketplace
  • Google Cloud Marketplace Logo
    GDC
    Marketplace
Company
  • About Us
  • Case Studies
  • Careers
  • Newsroom
  • Contact Us
Developer and DevOps
  • Documentation
  • API
  • env0 Terraform Provider
  • Terratag Open Source
Alternatives
  • Terraform Cloud Alternatives
  • Terraform Cloud  vs env0
  • Atlantis Alternative
  • © Copyright env0 2023
  • Terms of Service
  • Privacy Policy
  • Security
  • System Status
  • Search