What is Controlinfra?
Controlinfra is an AI-powered infrastructure drift detection and remediation platform designed for DevOps teams managing Terraform-based infrastructure.
The Problem: Infrastructure Drift
When you manage cloud infrastructure with Terraform, your code defines what resources should exist and how they should be configured. However, over time, the actual state of your infrastructure can diverge from your Terraform code—this is called infrastructure drift.
Common Causes of Drift
- Manual changes made directly in cloud consoles (AWS, Azure, GCP)
- Emergency fixes applied outside of normal deployment processes
- Auto-scaling events that modify resource configurations
- Third-party tools that update infrastructure independently
- Team members making quick fixes without updating Terraform
Why Drift is Dangerous
| Issue | Impact |
|---|---|
| Security | Untracked security group changes may expose resources |
| Compliance | Configuration changes may violate regulatory requirements |
| Reliability | Terraform deployments may fail due to state conflicts |
| Cost | Orphaned resources continue to incur charges |
| Visibility | Teams lose track of actual infrastructure state |
The Solution: Controlinfra
Controlinfra automates the detection, analysis, and remediation of infrastructure drift:
1. Automated Detection
Connect your GitHub repositories containing Terraform code, and Controlinfra will:
- Clone your repository securely
- Initialize Terraform with your backend configuration
- Run
terraform planto detect differences - Parse and categorize all detected drift
2. AI-Powered Analysis
Using Claude (Anthropic) or GPT-4 (OpenAI), Controlinfra provides:
- Root Cause Analysis: Understand why drift occurred
- Impact Assessment: Know which systems are affected
- Blast Radius: See the scope of potential issues
- Severity Classification: Prioritize what to fix first
- Prevention Tips: Learn how to avoid future drift
3. Automated Remediation
For each detected drift, Controlinfra can:
- Generate Terraform code to fix the issue
- Create pull requests automatically
- Provide step-by-step resolution guidance
Key Concepts
Repositories
A repository in Controlinfra represents a GitHub repository containing Terraform code. You can connect multiple repositories and configure each with specific:
- AWS credentials
- Terraform backend settings
- Variable files
- Working directories (workspaces)
Workspaces
A single repository can contain multiple Terraform configurations in different directories. Controlinfra calls these workspaces. For example:
my-terraform-repo/
├── infrastructure/
│ └── main.tf # Workspace: infrastructure/
├── networking/
│ └── main.tf # Workspace: networking/
└── databases/
└── main.tf # Workspace: databases/Scans
A scan is a complete analysis of one workspace. Each scan goes through these stages:
- Clone - Download the repository
- Init - Initialize Terraform
- Plan - Run terraform plan
- Detect - Parse plan output for drift
- Analyze - AI analysis of each drift
- Complete - Results ready for review
Drifts
A drift represents a single resource that differs between your Terraform code and actual infrastructure. Each drift includes:
- Resource type and name
- Change type (create, update, delete)
- Severity level (low, medium, high, critical)
- AI analysis (if configured)
- Fix code (if generated)
BYOK: Bring Your Own Key
Controlinfra uses a Bring Your Own Key (BYOK) model for AI analysis. This means:
- You provide your own Anthropic or OpenAI API key
- AI requests are made using your key
- You have full control over AI costs
- No vendor lock-in on AI providers
Supported providers:
- Anthropic Claude (Claude Sonnet 4)
- OpenAI (GPT-4o)
Self-Hosted Runners
For organizations with strict security requirements, Controlinfra supports self-hosted runners:
- Run scans in your own infrastructure
- Keep AWS credentials within your network
- Meet compliance requirements
- Full control over the execution environment
Next Steps
Ready to get started? Continue to:
- Getting Started - Create your account and connect GitHub
- Quick Start - Run your first scan in 5 minutes
- Features Overview - Explore all capabilities