You are grossly exaggerating. I'll grant you that IaC is a far cry from what people wanted to accomplish through all the tooling.

But making it harder? Are you kidding me? Try to provision a VM with all the security locks and some software install. It may take a bit of time to do it once via Ansible, but the second time around it boils down to shifting around some packages / changing inventory.

Compare doing it fully manually every time, go spin up the VM, ssh into it and so on.

For sure, immutable infrastructure is a pipe dream as long as people can make manual changes. Drift? It sounds like it's a sort of thing that just happens naturally but in reality is people doing down and dirty changes.

Software itself can help only so much.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store