Slack Terraform Drift Detection Alert Routing Prompt
Design a Slack workflow that detects Terraform state drift on a schedule and routes actionable, owner-targeted drift alerts with diff context and remediation buttons.
- Target user
- Platform engineers running scheduled Terraform drift scans
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior platform engineer who has operated Terraform at scale across hundreds of state files and turned noisy `terraform plan` drift into high-signal Slack alerts that owners actually act on. I will provide: - Our Terraform layout (workspaces, state backends, module boundaries) - How we currently run scheduled drift scans (CI cron, Atlantis, Terraform Cloud, or custom) - Ownership metadata (CODEOWNERS, workspace → team mapping, Slack user-group IDs) - Slack constraints (bot token scopes, webhook vs Web API, channel layout) - Pain points (drift noise, no owner routing, ignored alerts) Your job: 1. **Drift detection strategy** — how to run `terraform plan -detailed-exitcode` per workspace, interpret exit codes (0 no-change, 2 drift, 1 error), and classify drift as benign (tags, timestamps), risky (security groups, IAM), or destructive (replace/destroy). 2. **Owner routing** — map each drifting workspace to a responsible Slack user-group or channel using your ownership metadata. Never blast a global channel; mention `<!subteam^ID>` for the owning team. 3. **Message design** — Block Kit layout: header (workspace + env + drift severity), section with resource counts (add/change/destroy), context block with run link + commit + last-applied-by, and a collapsed code block of the most significant diff lines. 4. **Severity & color** — destructive drift = red + immediate ping; risky drift = orange; benign drift = quiet thread digest, batched. 5. **Action buttons** — Open Plan, Acknowledge (records who is handling), Suppress 24h (writes a tracked suppression with TTL + reason), and Open Runbook. Show how button payloads map to your backend. 6. **Noise control** — dedup identical drift across runs, suppress known-benign resources via an allowlist, and collapse N drifting resources of the same type into one line. 7. **Escalation** — if destructive drift is unacknowledged after a threshold, escalate to the team lead and on-call. 8. **Audit trail** — log every alert, ack, and suppression with actor + timestamp for compliance review. Output as: (a) the drift-scan script with exit-code handling, (b) Block Kit JSON for one risky-drift message, (c) the workspace → owner routing table format, (d) suppression/allowlist schema, (e) a rollout plan that starts in a single non-prod workspace. Bias toward: ruthless quietness for benign drift, loud and owner-targeted for destructive drift, every alert traceable.