Infrastructure as Code (IaC) Drift Detection: State Management Using Event Driven Architecture

20260 citationsJournal Articlegreen Open Access

Authors

Arun Harikrishnan · Hillenbrand (United States)

Abstract

Infrastructure as Code has become fundamental for modern cloud infrastructure management, enabling declarative resource provisioning through version-controlled configuration files. Traditional drift detection mechanisms rely on polling-based workflows that create significant temporal vulnerabilities where unauthorized modifications remain undetected for extended periods. These detection delays expose organizations to security risks, compliance violations, and operational instability across multi-cloud environments. This article introduces an innovative event-driven architecture for continuous Infrastructure as Code drift detection that eliminates polling-based limitations through real-time monitoring capabilities. The proposed framework implements a sophisticated dual-layer detection system combining continuous cloud audit log analysis with extended Berkeley Packet Filter-based system monitoring to provide comprehensive visibility into infrastructure modifications across both control plane and data plane components. The dual-layer architecture correlates events between cloud provider APIs and operating system-level configurations to achieve enhanced detection accuracy while reducing false positive rates through cross-validation mechanisms. Experimental evaluation across multi-cloud testbed environments demonstrates substantial improvements in Mean Time to Detection while maintaining minimal system overhead and seamless integration with existing DevOps workflows. The event-driven system successfully identifies unauthorized infrastructure changes, shadow IT activities, and compliance violations within seconds of occurrence rather than hours or days typical of traditional polling mechanisms. Real-world deployment scenarios validate the framework's effectiveness across diverse organizational contexts, including regulatory compliance monitoring, emergency configuration change detection, and automated remediation workflows. The article demonstrates how event-driven drift detection transforms Infrastructure as Code tools from periodic deployment mechanisms into continuous enforcement frameworks for infrastructure immutability, security governance, and operational compliance

Topics & Keywords

Software System Performance and Reliability Information and Cyber Security Software Engineering Research

UN Sustainable Development Goals

Industry, innovation and infrastructure

Publication Details

Published in: Zenodo (CERN European Organization for Nuclear Research)

DOI: 10.5281/zenodo.19105072

Field-Weighted Citation Impact: 0.00