> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anyshift.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Change Management

> Track infrastructure changes over time. Ask Annie what changed, when, and understand what happened before incidents occurred.

## Overview

Annie maintains a **temporal record** of your entire infrastructure, enabling you to ask questions about the state of any resource at any point in time. This "time travel" capability is essential for:

* **Incident Investigation:** *"What changed before the outage?"*
* **Change Validation:** *"Did my Terraform apply work correctly?"*
* **Compliance & Auditing:** *"When was this security group modified?"*
* **Rollback Analysis:** *"What was the previous configuration?"*

<Note>
  **Default Retention: 7 Days**

  Annie retains infrastructure history for 7 days by default. You can ask about any resource's state as it existed at any point in the last week.
</Note>

## What You Can Ask Annie

### Track Recent Changes

Ask Annie what changed in your infrastructure:

<AccordionGroup>
  <Accordion icon="clock" title="What changed recently?">
    * *"What changed in production in the last 24 hours?"*
    * *"Show me infrastructure changes from yesterday"*
    * *"What was modified in AWS this week?"*
    * *"List all security group changes since Monday"*
  </Accordion>

  <Accordion icon="database" title="Resource-specific history">
    * *"Show me the history of this RDS instance"*
    * *"What happened to my prod-database in the last 3 days?"*
    * *"When was this security group last modified?"*
    * *"Who changed the IAM role permissions?"*
  </Accordion>

  <Accordion icon="camera" title="Point-in-time state">
    * *"What did our production VPC look like yesterday at 2pm?"*
    * *"Show me the security group rules before the incident"*
    * *"What resources existed in staging last week?"*
  </Accordion>
</AccordionGroup>

## Real-World Examples

<AccordionGroup>
  <Accordion icon="fire" title="Incident Investigation">
    Production database experiencing connection issues starting at 2:00 PM.

    *"What changed in production between 1pm and 3pm today?"*

    > I found 3 changes in that window:
    >
    > * **1:45 PM**: Security group `sg-prod-db` was modified - an inbound rule for subnet 10.0.1.0/24 was removed
    > * **1:52 PM**: The prod-api service lost connectivity to the database
    > * **2:00 PM**: PagerDuty alert fired
    >
    > **Root cause**: The security group change at 1:45 PM removed access from the application subnet.
  </Accordion>

  <Accordion icon="clipboard-check" title="Compliance Audit">
    Auditor asks when encryption settings were changed on a sensitive S3 bucket.

    *"Show me the history of the sensitive-data-bucket"*

    > Here's the change history for sensitive-data-bucket:
    >
    > * **June 15, 2023**: Bucket created with SSE-S3 encryption
    > * **September 1, 2023**: Encryption changed to SSE-KMS with key arn:aws:kms:...
    > * **December 15, 2023**: Key rotation policy enabled
    >
    > The bucket has been encrypted since creation.
  </Accordion>

  <Accordion icon="rocket" title="Post-Deployment Validation">
    You just ran `terraform apply` and want to verify the changes.

    *"What changed in the last 30 minutes?"*

    > I found 5 resources updated in the last 30 minutes:
    >
    > * EC2 instance `prod-api-1`: instance type changed from t3.medium to t3.large
    > * EC2 instance `prod-api-2`: instance type changed from t3.medium to t3.large
    > * Auto Scaling Group `prod-api-asg`: desired capacity changed from 2 to 4
    > * Target Group `prod-api-tg`: 2 new targets registered
    > * CloudWatch Alarm `prod-api-cpu`: threshold changed from 70% to 80%
    >
    > All changes match your Terraform configuration.
  </Accordion>

  <Accordion icon="code-compare" title="Understanding Drift">
    You suspect someone made manual changes in the AWS console.

    *"What resources were modified outside of Terraform this week?"*

    > I found 2 resources with manual changes not in your Terraform code:
    >
    > * Security group `sg-dev-debug`: Port 22 opened to 0.0.0.0/0 via AWS console on Tuesday
    > * IAM role `dev-admin-role`: New policy attached manually on Wednesday
    >
    > Would you like me to show you the specific changes?

    See [Drift Detection](/pages/iac/drift_detection) for more on finding the gap between declared and actual infrastructure.
  </Accordion>
</AccordionGroup>

## Best Practices

<CardGroup cols={2}>
  <Card title="Start with the Incident Time" icon="clock">
    When investigating issues, ask about changes around the time symptoms first appeared.
  </Card>

  <Card title="Narrow to Specific Resources" icon="crosshairs">
    If you know which resource is problematic, ask about its specific history.
  </Card>

  <Card title="Compare Before and After" icon="code-compare">
    Ask Annie to show you what a resource looked like before a specific event.
  </Card>

  <Card title="Track Terraform vs Manual" icon="code-branch">
    Ask Annie to identify changes made outside of your Infrastructure as Code.
  </Card>
</CardGroup>

## Get Started

<CardGroup cols={2}>
  <Card title="Create Account" icon="user-plus" href="https://app.anyshift.io/">
    Sign up for Anyshift
  </Card>

  <Card title="Request Demo" icon="phone" href="https://calendly.com/roxane-fischer/30-zoom-meeting?back=1">
    See Time Travel in action
  </Card>
</CardGroup>
