Before You Deploy: Check Config Drift AND Infrastructure Cost
Every DevOps engineer has been there: you deploy what looks like a safe change, and suddenly production is broken. Sometimes it is a config value that drifted between environments. Sometimes it is an infrastructure change with unexpected cost. Usually it is both.
In this guide, you will learn how to combine ConfigDrift and DeployDiff into a single pre-deploy gate that catches both categories of failure before they reach production.
pip install git+https://github.com/Coding-Dev-Tools/configdrift.git and pip install git+https://github.com/Coding-Dev-Tools/deploydiff.git.What You Need
- ConfigDrift - compares configs across environments, flags missing keys, deprecated values, and mismatches
- DeployDiff - reads Terraform plan JSON, CloudFormation change sets, or Pulumi previews and shows resource-level diffs with cost estimates
- A CI/CD pipeline (GitHub Actions shown below, but works with any)
The Problem They Solve Together
Configuration drift and infrastructure cost surprises are two sides of the same coin. A single PR might:
- Change a Terraform variable that has different defaults across environments (drift)
- Add a new resource that costs $200/month unexpectedly (cost surprise)
- Deprecate a config key that staging still depends on (drift + deploy conflict)
Running ConfigDrift and DeployDiff as separate tools catches these. Running them together in one pipeline means no deploy goes out without both checks passing.
Step 1: Set Up ConfigDrift
Compare environments
ConfigDrift compares configuration files across environments. Start by identifying what drifts between staging and production:
This outputs a JSON report showing every key that differs, is missing, or is deprecated. Common culprits: database URLs, API endpoints, feature flags, and logging levels.
Step 2: Set Up DeployDiff
Estimate infrastructure cost
DeployDiff reads your Terraform plan and estimates cost impact:
terraform show -json plan.tfplan > plan.json
deploydiff cost plan.json
This shows resource-level diff with monthly cost deltas and rollback commands - all before you apply.
Step 3: Combine in a CI Gate
The real power comes from running both in your CI/CD pipeline. Here is a GitHub Actions workflow that gates every PR:
name: Pre-Deploy Gate
on: [pull_request]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install tools
run: |
pip install git+https://github.com/Coding-Dev-Tools/configdrift.git
pip install git+https://github.com/Coding-Dev-Tools/deploydiff.git
- name: Check config drift
run: |
configdrift diff --env staging --env prod --fail-on-drift
continue-on-error: false
- name: Preview infrastructure cost
run: |
terraform plan -out=plan.tfplan
terraform show -json plan.tfplan > plan.json
deploydiff cost plan.json --fail-over 50
continue-on-error: false
- name: Post summary
if: always()
run: |
echo "## Pre-Deploy Results" >> $GITHUB_STEP_SUMMARY
echo "- ConfigDrift: drift check complete" >> $GITHUB_STEP_SUMMARY
echo "- DeployDiff: cost estimate complete" >> $GITHUB_STEP_SUMMARY
--fail-over 50 to deploydiff cost to automatically fail any PR adding more than $50/month in infrastructure cost.Why Run Them Together?
ConfigDrift and DeployDiff cover complementary failure modes:
| Check | What It Catches | Tool |
|---|---|---|
| Config drift | Env mismatches, missing keys, deprecated values | ConfigDrift |
| Cost impact | Resource additions, sizing changes, monthly cost deltas | DeployDiff |
| Rollback readiness | Auto-generated rollback commands before deploy | DeployDiff |
| Env consistency | Staging/prod parity for all config values | ConfigDrift |
Together they give you confidence that every deploy is cost-aware and configuration-consistent.
Next Steps
- Install ConfigDrift and DeployDiff from GitHub
- Add the pre-deploy gate workflow to your repo
- Read the ConfigDrift tutorial and DeployDiff tutorial for deeper dives
- Browse all 11 tools in the DevForge suite