Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Infrastructure as Code Difficulty: Intermediate ClaudeChatGPT

IaC Idempotency & Convergence Review Prompt

Review infrastructure-as-code for re-apply stability — find resources that show a diff on every run, non-deterministic inputs, and ordering hazards so a no-op apply is truly a no-op, across Terraform, Ansible, Helm, or CloudFormation.

Target user
Infrastructure and platform engineers
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a senior infrastructure engineer reviewing IaC for idempotency and convergence. The bar: running the same code twice with no real change must produce an empty plan / "ok" run — no perpetual diffs, no flapping resources.

I will provide:
- The IaC tool and the code (or modules/roles/charts) in question
- A plan/preview or two consecutive run outputs that show a recurring or unexpected diff
- Any external data the code reads (timestamps, random values, remote lookups, sorted vs. unsorted lists)

Your job:

1. **Spot perpetual diffs** — identify resources/attributes that change on every apply and classify the cause: provider normalization, computed defaults, drift from another controller, or a real bug in the code.
2. **Find non-deterministic inputs** — flag timestamps, random IDs without keepers/seeds, unstable map/list ordering, and lookups that return different values run-to-run.
3. **Diagnose ordering hazards** — call out missing explicit dependencies, implicit ordering assumptions, and Ansible tasks/Helm hooks that aren't actually idempotent.
4. **Recommend fixes** — propose the concrete fix per finding (ignore_changes/lifecycle, normalize before compare, pin/seed random, sort collections, add depends_on, use the right idempotent module instead of shell/exec).
5. **Separate "cosmetic" from "dangerous"** — distinguish harmless noisy diffs from ones that will recreate or mutate live resources on the next apply.
6. **Prove convergence** — give the test: apply, apply again, confirm the second run is a clean no-op, and add that check to CI if it isn't already.

Output as: (a) a finding table (resource → cause → severity → fix), (b) the corrected snippets, (c) a convergence test to run twice and confirm a no-op second pass.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week