DriftArmor — IaC governance engineInstall

Ship Azure rightbefore you apply.

DriftArmor checks your Terraform plan JSON against secure AKS defaults — and shows the Microsoft docs you would have opened anyway.

The gap

Docs are long. Missed defaults are expensive.

Undersized observability, open API servers, and skipped RBAC show up later as incident hours — not as a line item on day one. DriftArmor puts the checklist in your terminal while the plan is still a plan.

How it works

One input. A citation checklist. Clear exit codes.

  1. 01

    Export the plan

    terraform show -json from your AKS-centered root.

  2. 02

    Run driftarmor check

    Checkov policies evaluate the plan; we map results to product rules.

  3. 03

    Fix with citations

    Pass, fail, warn, or manual — each row links a Learn URL.

Install

Local CLI. No SaaS required.

Clone the repo, install editable, point at a plan file.

git clone https://github.com/kodias/driftarmor-cli.git
cd driftarmor-cli
python3 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
terraform show -json tfplan > plan.json
driftarmor check --plan plan.json