AWACS.AI / Products / Training / Course 2
Planned

Policy & Drift Detection in One Day

Same methodology as Course 1 applied to Azure Policy rollout, OPA enforcement at plan time, and overnight drift detection. Graduate from audit to enforce with evidence. Catch portal clickops before they become audit findings.

$2,000 per seat • 5 seats max per cohort • 1 day, hands-on
Contact Me ↓ ← All Training
The Short Version

Keep What You Built Compliant

You deployed the environments in Course 1. Now you need to keep them compliant.

This course teaches the same validation-first methodology applied to three layers of policy enforcement: OPA catching violations at plan time before anything deploys, Azure Policy enforcing standards at the resource level, and drift detection catching manual changes overnight. You graduate from audit mode to enforce mode with an evidence trail that justifies every policy decision.

By end of day you have working policy enforcement, drift detection with GitHub Issue integration, and the methodology to implement compliance requirements without becoming a governance specialist.

Prerequisite

Course 1 (AI-Orchestrated Infrastructure Deployment) or equivalent experience deploying Azure landing zones with Terraform and familiarity with validation-first methodology.

Day 1: Policy + Drift

What the Day Looks Like

Morning (4 hours)

OPA Policy Deep Dive Run conftest locally against plan output. See cost, security, tagging, and VM SKU policies catch violations before anything touches Azure. Policy enforcement starts at the plan, not at the resource.
Azure Policy Implementation Translate MCSB/CIS benchmark controls into Azure Policy assignments using AI. Deploy with audit-first approach. You see what's noncompliant without blocking anything yet.
Policy Validation Write expected results for policy behavior. Verify enforcement modes, allowed values, and scope per environment. Same methodology as Course 1 applied to governance.
Audit to Enforce Walk through the evidence trail that justifies switching from audit to deny. Conversation-gated: AI won't flip to enforce without passing validation. The trust boundary applies to governance too.

Afternoon (4 hours)

Drift Detection Setup Configure nightly drift detection workflow. Understand terraform plan -detailed-exitcode and what exit codes mean. Automate the check, not just the deploy.
Trigger Drift Manually change something in the Azure portal. Run drift detection. See a GitHub Issue created automatically with the plan diff and remediation instructions. This is what catches portal clickops.
Drift Remediation Use Claude to analyze the drift, determine if it's intentional or accidental, and either remediate or accept it. Not all drift is bad. The method teaches you to decide.
Wrap-Up Full picture: OPA at plan time, Azure Policy at deploy time, drift detection overnight. Three layers working together. How they integrate with Course 1's deployment methodology. Q&A.
Outcomes

What You Walk Away With

Three-Layer Enforcement

  • OPA policies catching violations before deployment
  • Azure Policy assignments enforcing standards at the resource level
  • Drift detection catching unauthorized changes overnight

The Evidence Trail

  • Audit-to-enforce graduation documentation
  • Policy validation reports per environment
  • Drift detection results with automated GitHub Issue creation

The Files

  • OPA policy definitions (cost, security, tagging, SKU constraints)
  • Azure Policy assignment configurations
  • Drift detection workflow configurations
  • Remediation templates
Audience

Who This Is For

Course 1 Graduates

You deployed the environments. Now you need to keep them compliant after deployment.

Infrastructure Teams

You're implementing compliance requirements and need enforcement, not just documentation.

Engineering Managers

You keep finding manual portal changes that break your Terraform state.

Audit-Bound Teams

Preparing for SOC 2 or internal audits and need evidence that policy enforcement is active and drift is monitored.

Investment

Pricing

Course 2: Planned
$2,000
per seat • 5 seats maximum per cohort
  • Full 1-day hands-on workshop
  • All policy and drift detection configuration files
  • Evidence trail templates
  • GitHub Issue integration setup
  • 30-day post-training email support
Planned: Launching after Course 1 cohorts deliver and refine
Interest List

Want to Know When Course 2 Launches?

This course is planned, not yet available. Reach out if you want to be first to know when it launches.

dustin@awacs.ai Book a Strategy Call
← Back to All Training