Home
/
Case Study
/
This is some text inside of a div block.

Heading

This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
Home
/
Blog
/
Expanding Drift Remediation: Keep Your Code Aligned with Cloud Changes

Expanding Drift Remediation: Keep Your Code Aligned with Cloud Changes

Hadas Weinrib
Product Marketing
Schedule a technical demo
See env0 in action
With special guest
Mitchell Hashimoto
Case Study Video Background

Managing infrastructure drift doesn't always start with your code. Changes are often made directly to cloud resources—whether through urgent security hotfixes, manual fixes, or automated optimization and security tools. To ensure your Infrastructure as Code stays fully aligned, env0 now suggests a pull request based on those cloud-side changes, allowing you to easily review, merge, and sync your environments.

This enhancement expands drift remediation to cover the full lifecycle: detecting drift, analyzing its source, and giving you the flexibility to either align the cloud with your code or update your code to reflect changes made directly in the cloud—all handled manually or automatically based on your policies.

Why It Matters

Infrastructure environments are dynamic by nature. While the best practice is to make all changes through Infrastructure as Code, reality doesn't always follow the ideal. Urgent fixes, security updates, or automated tools often introduce changes directly in the cloud.

To keep your environments consistent and reliable, env0 now expands drift remediation beyond just redeploying your code. When changes are made directly in the cloud—whether manually or by automated systems—you can choose to update your code to reflect them. This can be done automatically or with manual review, giving you flexibility to decide how to manage each situation.

How It Works

When env0 detects drift between your Infrastructure as Code and the live cloud environment, it analyzes the difference and uses AI to generate code changes that reflect the current state of your infrastructure while preserving your existing structure and conventions.

You can choose how to reconcile the drift:

  • Redeploy your code – Apply your current codebase to bring the infrastructure back to its intended state.

  • Update your code – env0 rewrites only the relevant blocks, whether standalone resources or modules, and generates the necessary changes as a pull request in your connected version control system. You can review and merge the PR manually or configure it to be applied automatically based on policy.

When you choose to update your code, env0 analyzes the detected drift and uses AI to generate updated Terraform code. It rewrites only the affected blocks, whether they are standalone resources or part of modules, and commits those changes to a new branch in your connected version control system. A pull request is created automatically so you can review, approve, and merge the changes.

 env0 generates a pull request that summarizes the infrastructure differences that triggered the update.

When you inspect the diff, you’ll see exactly which lines were changed to bring your code in line with the live environment.

This flexibility enables you to choose whether to enforce the state defined in your code or adapt it to reflect what’s currently running—depending on the context of the change.

Automated Remediation Options

You can also configure env0 to take action automatically based on your policies. The following options are available for automated drift remediation:

  • Disabled – No automatic action is taken when drift is detected. You’ll receive a notification, but resolution is manual.

  • Sync Cloud to match Code – env0 automatically applies the changes from your IaC code to the cloud, resolving drift by deploying the current configuration.

  • Sync Code to match Cloud – env0 automatically opens a Pull Request to update your codebase to reflect the cloud state, syncing from the infrastructure back to the repository.

  • Smart Remediation –
    • When a change is detected in the cloud (e.g. a manual update or external automation), env0 generates the necessary code changes and opens a pull request to update the code.
    • When a change is detected in the codebase (e.g., a merge to main that hasn’t been applied), env0 automatically runs a deployment to apply it to the cloud.

env0 links all actions and pull requests to the affected environment, giving you full visibility and control over every change.

[Insert Screenshot Placeholder: Auto-generated PR showing cloud-side changes in code]

For more information about connecting your VCS, managing drift settings, and using automatic remediation, see Automatic Drift Remediation.

Wrapping Up

Being able to update your code based on changes made directly in the cloud gives you a new level of control and flexibility. Whether you're responding to critical security updates, operational fixes, or changes introduced automatically by optimization and security tools, env0 ensures your cloud environment and your Infrastructure as Code remain fully aligned. 

This capability helps teams move faster, reduce risk, and simplify the way they manage infrastructure changes.

Ready to see how env0 can help you manage drift end-to-end and keep your code and cloud in sync? Schedule a demo today.

Help us build
The open source Terraform alternative
Join us on GitHub
in this post
This is some text inside of a div block.

Related Content

Now Available: Ready-to-Use Policies – Guardrails You Can Activate Instantly
Blog
video

Now Available: Ready-to-Use Policies – Guardrails You Can Activate Instantly

env zero introduces ready-to-use infrastructure policies: prebuilt guardrails for secure, compliant, and cost-efficient environments. Instead of writing policies from scratch, you can instantly enforce standards like blocking public S3 buckets, limiting costly EC2 instances, and tightening IAM permissions—all directly within env zero.
Read more
Introducing the env zero MCP Server: Infrastructure in Your IDE, AI-Ready
Blog
video

Introducing the env zero MCP Server: Infrastructure in Your IDE, AI-Ready

With the env zero MCP Server, you can now inspect, debug, and codify infrastructure directly from your IDE while staying within guardrails.
Read more
Expanding AI in env0: PR and Error Summaries
Blog
video

Expanding AI in env0: PR and Error Summaries

env0 adds AI-powered summaries for PRs and errors, making it faster to review changes and troubleshoot failures in IaC workflows.
Read more