Terraform Azure RM Set Diff Analyzer

An AI skill that analyzes differences between Terraform Azure Resource Manager configuration sets, comparing planned versus actual infrastructure state to identify drift, unexpected changes, and potential deployment risks before applying Terraform plans.

What Is This?

Overview

This skill compares Terraform AzureRM resource configurations across different states, environments, or plan outputs. It parses Terraform plan files and state snapshots to identify what will change, what has drifted from the declared configuration, and which changes carry risk. The analysis covers resource additions, modifications, deletions, and attribute level differences with clear explanations of the impact each change will have on your Azure infrastructure. For example, a modification to an azurerm_virtual_network address space will be flagged differently than a tag update, reflecting the actual disruption risk each carries.

Who Should Use This

Essential for DevOps engineers managing Azure infrastructure with Terraform, platform teams reviewing deployment plans, and SREs investigating configuration drift. Particularly valuable for teams managing multiple environments where configuration consistency is critical, and for organizations subject to change management processes that require documented evidence of what will be modified before deployment proceeds.

Why Use It?

Problems It Solves

Terraform plan output can be overwhelming, especially for large infrastructure changes spanning dozens of resources. Critical changes get buried in verbose output, and the impact of attribute modifications is not always obvious. Configuration drift between environments goes undetected until it causes incidents. This skill surfaces the important changes and explains their impact in plain language, reducing the cognitive load on engineers reviewing complex plans.

Core Highlights

• Plan Analysis parses terraform plan output to highlight critical changes
• Drift Detection compares actual state against declared configuration
• Risk Assessment categorizes changes by potential impact level
• Environment Comparison identifies differences between staging and production configs
• Attribute Tracking shows exact field level changes for modified resources

How to Use It?

Basic Usage

Run the analyzer against a Terraform plan to get a structured diff summary.

terraform plan -out=tfplan
terraform show -json tfplan > plan.json

analyze-tf-diff --plan plan.json

#
#

Real-World Examples

Multi Environment Drift Detection

A platform team discovered that their staging and production Azure environments had diverged over three months of manual hotfixes. The analyzer compared both state files and identified 23 configuration differences, including security group rules that existed in production but were missing from the Terraform code.

{
  "drift_report": {
    "environment": "production",
    "total_resources": 87,
    "drifted": 23,
    "critical": [
      {
        "resource": "azurerm_network_security_group.web",
        "attribute": "security_rule",
        "declared": 5,
        "actual": 8,
        "note": "3 rules added manually, not in Terraform code"
      }
    ]
  }
}

Advanced Tips

Integrate the analyzer into your CI pipeline to automatically flag high risk changes in pull requests that modify Terraform files. Use environment comparison reports before promotions to ensure staging matches production configuration. Archive analysis results for audit trails. Consider setting pipeline gates that block merges when the analyzer detects critical risk changes, requiring explicit team sign-off before the pull request can proceed.

When to Use It?

Use Cases

• Pre Deployment Review understand impact before running terraform apply
• Drift Detection find resources that changed outside Terraform management
• Environment Parity verify staging and production configurations match
• Cost Analysis identify changes that will increase Azure spending
• Compliance Auditing document infrastructure changes for regulatory requirements

Related Topics

When analyzing Terraform diffs, these prompts activate the skill:

• "Analyze this Terraform plan for risks"
• "Compare my staging and production Terraform state"
• "Find drift in my Azure infrastructure"
• "What will change if I apply this Terraform plan"

Important Notes

Requirements

• Terraform CLI installed with AzureRM provider configured
• Access to Terraform state files or plan output in JSON format
• Azure credentials for querying actual infrastructure state
• Works with Terraform 1.0 and later versions

Usage Recommendations

Do:

• Run analysis before every apply to catch unexpected changes
• Review high risk changes with the team before deploying
• Schedule regular drift checks to catch manual modifications early
• Archive analysis reports for change management audit trails

Don't:

• Ignore drift warnings as manual changes will cause future plan conflicts
• Apply plans without reviewing the analyzer output first
• Skip environment comparisons before promoting infrastructure changes
• Rely solely on automated analysis for security sensitive resource changes

Limitations

• Cannot analyze resources managed outside Terraform's state
• Drift detection requires access to both state file and live Azure resources
• Very large infrastructure sets may produce lengthy reports requiring filtering
• Some Azure resource attributes are computed and may show as drifted when they are expected