Drift Setup
ComplyForm monitors your infrastructure for compliance drift — changes that degrade your compliance posture after initial assessment.
Monitoring Modes
Section titled “Monitoring Modes”| Scheduled | Event-Driven | |
|---|---|---|
| Latency | Minutes to hours (poll interval) | Seconds (near real-time) |
| Setup | One CLI command | Cloud-native event pipeline + CLI |
| Tier | All tiers | Team+ |
| Cost | Included | Cloud event service costs apply |
| Best for | Dev/staging, low-change environments | Production, audit-sensitive workloads |
Scheduled mode runs complyform scan on a cron interval you define. Event-driven mode reacts to infrastructure changes as they happen.
Architecture
Section titled “Architecture”Event-driven drift monitoring follows this flow:
Cloud resource change → Cloud event service (CAI / EventBridge / Event Grid) → HTTPS webhook POST to api.complyform.dev/v1/drift/event → ComplyForm re-assesses affected resources → Alert (email / webhook / dashboard)Each cloud provider has a native event service that forwards resource changes to the ComplyForm API. The API validates the event signature, identifies the affected project and framework controls, re-runs the relevant assessments, and fires alerts if the compliance posture has changed.
Getting Started
Section titled “Getting Started”Choose your cloud provider to set up the event pipeline:
For scheduled-only monitoring, skip the cloud setup and go directly to the Drift Monitoring guide.
Alert Configuration
Section titled “Alert Configuration”Configure drift alerts for your project:
complyform dashboard project configure \ --drift-alerts=enabled \ --alert-threshold=medium \ --alert-email=security@example.com \ --alert-webhook=https://hooks.slack.com/services/T00/B00/xxx--alert-threshold controls the minimum severity that triggers a notification. Set it to critical for high-signal alerting or low to catch every change.
Webhook Security
Section titled “Webhook Security”Every drift event POST includes an X-Complyform-Signature header containing an HMAC-SHA256 digest of the request body, signed with your per-project webhook secret. The secret is generated during complyform dashboard project drift enable and displayed once. Store it securely — you will need it when configuring your cloud event subscription.
ComplyForm verifies inbound events against this signature before processing. Requests with missing or invalid signatures are rejected with 401 Unauthorized.
Next Steps
Section titled “Next Steps”- GCP Drift Setup — Cloud Asset Inventory real-time feeds
- AWS Drift Setup — EventBridge with Config change events
- Azure Drift Setup — Event Grid system topics
- Drift Monitoring Guide — dashboards, alert tuning, and triage workflows