Tutorial: Achieving Auto Remediation with env0
In the dynamic landscape of Infrastructure-as-Code (IaC), aligning your resources with your code is a constant challenge. This misalignment, commonly known as drift, can occur when resources are manually added, updated, or removed outside of your IaC scripts.
Enter env0, a powerful platform that offers a trio of capabilities — drift detection, scheduling, and approval policies — to facilitate what we like to call ‘smart’ auto remediation.
Auto Scheduling
Automation is the backbone of modern IT management. With env0’s scheduling capability, you can automatically trigger deployments and destroys on a predefined schedule.
This means that your environments can be kept in a consistent state, reducing the risk of drift and making sure that your infrastructure always aligns with your code.
Approval Policies
env0 brings a sophisticated touch to policy enforcement through the use of Open Policy Agent (OPA) and .rego files. These policies, located within your repository, ensure that deployments meet your organization’s standards and requirements.
During the deployment process, an approval step is executed after the plan and cost estimation phases. The deployment may then proceed, pause for further approval, or even be canceled depending on different factors — the policies, deployment type, and other relevant data.
Auto Remediation
By combining scheduling and approval policies, you achieve ‘smart’ auto remediation.
Imagine automatically detecting drift in your environment, triggering a remediation deployment on a schedule, and ensuring that it adheres to your organization’s policies before proceeding.
This level of automation, monitoring, and enforcement keeps infrastructure
- In sync with your IaC code
- Compliant with your organization’s standards
With our platform, you can attain ‘smart’ auto remediation that keeps your infrastructure at its best, effortlessly aligning your real-world resources with your IaC code.
env0 drift detection serves as the watchful guardian of your infrastructure. By setting up scheduled deployment tasks that conclude with an examination of the terraform plan output, env0 automatically detects drift in your environment.
When drift is detected, you’re promptly alerted so you can take corrective actions before it becomes a bigger problem.
For example, you can detect drifts in S3 buckets. If it’s something simple, like missing tags, you can enable policy in a .rego file that allows for any minor changes like updates (but not deletions or creations) to take immediate effect (see the video below to watch this in action).
For a full video walkthrough, watch the tutorial below:
