DEVOPS
Scheduled Terraform Drift Scan with Owner-Routed Slack Alerts
Runs a scheduled terraform plan against your infrastructure, detects any resources that drifted from the committed state.
How it runs
The automated pipeline, trigger to output.
- TriggerSchedule fires (nightly/hourly)
- ActionRun terraform plan -detailed-exitcodeShell
- LogicBranch on exit code: 2 = drift, 0 = clean
- ActionParse drifted resources and owner tagsShell
- LogicMap owner tag to Slack target
- OutputPost per-owner drift diff to SlackSlack
What it does
On a fixed schedule it executes `terraform plan` in detect-only mode across your live infrastructure, parses the plan for any resource that no longer matches committed state, and notifies the owning team in Slack with a per-resource diff. Clean plans pass silently so the channel only sees real drift.
When to use it
Use it when console hotfixes, auto-scaling, or third-party automation quietly mutate cloud resources and your committed Terraform falls out of sync. A nightly or hourly sweep surfaces drift before the next apply clobbers or restores it unexpectedly.
How it works
- 1A scheduled trigger fires at your chosen cadence (e.g. nightly).
- 2A shell action runs `terraform plan -detailed-exitcode -no-color` and captures the output and exit code.
- 3A logic step checks the exit code: code 2 means drift detected, code 0 means clean and the run ends.
- 4An action parses the plan into a list of changed resources, each tagged with its module owner.
- 5A logic step maps each owner tag to a Slack channel or user handle.
- 6An output step posts a threaded Slack message per owner with the resource address, attribute diff, and a link to the plan log.
Set it up
What you configure once, before turning it on.
- 1Connect ShellRun sandboxed commands inside the workspace.
- 2Connect SlackChannels, DMs, threads, mentions.
- 3Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 4Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 5Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More DevOps workflows
Block costly Hugging Face Space hardware upgrades in PR review
When a pull request changes a Space's hardware config, it estimates the new monthly cost and posts a GitHub PR comment that flags upgrades crossing a budget ceiling.
Auto-spin a Zoom war-room when PagerDuty hits SEV-1
When a PagerDuty incident escalates to a critical severity, this workflow creates a dedicated Zoom meeting and posts the bridge link to the incident's Slack channel so responders…
Page on-call when a Hugging Face Space build is stuck or errored
Polls Hugging Face Space runtime status on a schedule and opens a PagerDuty incident when a Space sits in a build or error state past a deadline, with a Slack heads-up.
Slack-approved pause for idle Hugging Face Spaces
On a daily scan it finds idle paid Spaces and posts an interactive Slack approval; on approve it pauses the Space and logs the decision to a GitHub issue audit trail.
Hugging Face Spaces idle-runtime sweep with auto-pause
On a schedule, scans all Hugging Face Spaces for ones running idle past a threshold, pauses them to stop billing, and posts a Slack summary with the estimated monthly savings.
Open a Zoom war-room from a Datadog multi-alert storm
When a Datadog monitor crosses a critical threshold, this workflow dedupes against active incidents, and only for a genuinely new outage it creates a Zoom bridge.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.