Detecting Drift in a Stack

Detect drift in a stack in Resource Manager. Drift is the difference between the actual, real-world state of your infrastructure and the stack's last executed configuration.

Common reasons for drift include a team member adding a production tag to your resources or deleting a resource.

You can detect drift for new stacks created from compartments or for stacks where the last job run was Apply or Import state. When detecting drift, you can specify all resources or selected resources.


After detecting drift, list the drift status for resources. See Listing Drift Status for a Stack.
    1. Open the navigation menu and click Developer Services. Under Resource Manager, click Stacks.
    2. On the Stacks page, select the compartment that contains the stack that you want.
    3. Click the name of the stack that you want.
    4. On the Stack details page, go to More actions and select Run drift detection.
    5. In the Run drift detection panel, select the option you want.
      • All resources: Detects drift for all resources in the stack.

      • Selected resources: Detects drift for the specified resources in the stack.

        You can select an address from the list or enter the address. Each resource is identified by a resource address, which is a string derived from the resource type and name specified in the stack's Terraform configuration plus an optional index. For example, the resource address for the fourth Compute instance with the name "test_instance" is oci_core_instance.test_instance[3]. The resource type is oci_core_instance, a period acts as delimiter, the resource name is test_instance, and the index is 3 in bracket. For more details and examples of resource addresses, see the Terraform documentation at Examples.

    6. To retrieve the latest versions available from the configured source of Terraform providers, click Show advanced options and select Upgrade provider versions.
      The stack must be Terraform 0.14 or later, and if the stack is older, it must be upgraded to use Terraform Registry.This step is required if provider versions in the Terraform configuration changed since the last time a job was run on the stack. Dependency lock files are automatically managed for new and updated stacks. Providers are updated within the version constraints of the Terraform configuration.
    7. Click Run drift detection.

    A work request is started. When the work request is complete, the drift status appears in the Stack information tab.

  • Use the oci resource-manager stack detect-drift command and required parameters to detect drift in a stack.

    oci resource-manager stack detect-drift stack-id <stack_OCID>

    For a complete list of parameters and values for CLI commands, see the Command Line Reference for Resource Manager.

  • Use the DetectStackDrift operation to detect drift.