Codification

Firefly's Codification feature automatically converts existing cloud resources into Infrastructure-as-Code definitions. Generate Terraform, Pulumi, CloudFormation, and other IaC formats for resources created manually or lacking code management. This guide covers codification overview, supported formats, advanced features, and step-by-step usage.

Overview

Codification transforms cloud and SaaS resources, on any provider Firefly supports, into the code needed to manage them going forward. While primarily used for unmanaged assets (resources created via ClickOps or outside of IaC), you can codify any asset regardless of its current IaC coverage. Firefly's scanner discovers all resources across cloud providers, SaaS platforms, and other supported services and can generate infrastructure-as-code representations for any of them. The goal is achieving 100% IaC coverage by generating code for everything running across your entire infrastructure estate.

Firefly generates comprehensive resource code that captures dependencies and configurations. When codifying an AWS EC2 instance, Firefly identifies related resources like attached EBS volumes, network interfaces, and security groups, including them in the code or referencing them appropriately. Similarly, when codifying SaaS resources like GitHub repositories or DataDog dashboards, Firefly captures their configurations, permissions, and relationships. This holistic approach ensures generated IaC is viable and complete across all provider types.

Codification is particularly valuable during infrastructure cleanup, onboarding phases, cloud migration, or when migrating between different IaC formats. When inheriting an environment with console-created resources across multiple providers, use Firefly to scan and generate Terraform automatically instead of manually writing code for each resource. You can also use codification to convert existing IaC-managed resources to different formats. For example, converting CloudFormation templates to Terraform or Pulumi code, or converting provider-specific configurations to cross-platform IaC. During cloud migration projects, codification helps capture the current state of resources in the source cloud and generate equivalent IaC definitions for the target cloud provider. Review, adjust, and commit the generated code to transform your entire infrastructure into your preferred code-managed format.

Supported IaC Formats

Firefly supports codification to many Infrastructure-as-Code frameworks, allowing you to choose the format your team prefers:

  • Terraform/OpenTofu: Generate HCL code (Terraform/OpenTofu configurations) as .tf files representing your resources, including Terraform modules, module calls.

  • Terraform CDK: Generate CDK code in languages like TypeScript, Python and more to onboard resources into Terraform CDK stacks.

  • Terragrunt: Generate Terragrunt code to onboard resources into Terragrunt stacks.

  • CloudFormation: Generate AWS CloudFormation templates for AWS users relying on CloudFormation.

  • AWS CDK: Generate AWS CDK code in languages like TypeScript, Python and more for programmatic IaC options on AWS. Supports both CDK level 1 and level 2.

  • Crossplane: Output configurations for Crossplane, managing cloud resources as Kubernetes custom resources, including Crossplane Compositions.

  • Kubernetes Manifests: Create raw Kubernetes manifests for Kubernetes resources.

  • Helm Charts: Create Helm charts for Kubernetes resources.

  • CDK8s: Generate CDK8s code in languages like TypeScript, Python and more to onboard Kubernetes resources into CDK8s stacks.

  • Config Connector: Generate Google's Config Connector code for managing Google Cloud resources via Kubernetes CRDs.

  • ARM: Generate Azure Resource Manager templates (ARM) for Azure users relying on ARM templates.

  • Bicep: Generate Bicep code to onboard resources into Bicep stacks.

  • Ansible: Generate Ansible playbook to onboard resources into Ansible.

  • Pulumi: Output Pulumi code in supported languages like TypeScript, Python and more to onboard resources into Pulumi stacks.

Firefly meets you where you are, whether using Terraform, Pulumi, AWS CDK, or other frameworks, codification outputs appropriate files. Select your desired format when initiating codification. Each format has unique characteristics, Terraform uses specific naming conventions while Pulumi generates code in particular languages. Firefly abstracts these differences to provide ready-to-use definitions. After generation, integrate the code into your repositories or pipelines as needed.

Advanced Codification Features

Beyond basic resource code generation, Firefly's codification offers advanced features for clean, maintainable and reusable IaC:

Terraform/OpenTofu Dependency

Firefly detects relationship resources from the selected resource/s and codifies them together in one output. When you select an EC2 instance for codification, Firefly automatically identifies and includes related resources like VPC, subnet, security groups, and EBS volumes in the generated code. You can choose to either codify all resources (including those already managed by IaC) or use data blocks to reference existing resources that are already managed. This ensures the generated IaC is complete and deployable while respecting your existing infrastructure management approach.

Note: For Azure, Firefly have an option to codify all resources in the resource group of the selected resource.

Terraform/OpenTofu Module Creation

Convert resource groups into reusable Terraform/OpenTofu modules. Firefly intelligently packages selected resources and optionally with their dependencies, like VPCs with subnets and route tables, then generating a full module with all the resources and their dependencies including variables and outputs. This creates DRY (Don't Repeat Yourself) codified assets following modular IaC design best practices from the start.

Terraform/OpenTofu Module Call

Codify unmanaged assets with an existing module. If you have an existing Terraform module for S3 buckets that your team uses, and you codify a bucket with the selected module, Firefly generates a module call filled with the correct parameters to incorporate the bucket into your existing module usage, ensuring consistency.

Terraform/OpenTofu Cross-Cloud Migration

Once infrastructure is represented in code, migrate or replicate it to other cloud providers. Firefly aids cross-cloud migration by generating equivalent Terraform/OpenTofu IaC for different cloud providers. For example, when codifying an AWS EC2 instance, Firefly can generate the equivalent Azure VM or Google Cloud Compute Instance Terraform/OpenTofu configuration. This cross-cloud translation automatically maps resource types, properties, and configurations between providers while maintaining the same infrastructure intent.

Crossplane Compositions

Convert resource groups into reusable Crossplane Compositions. Firefly intelligently packages selected resources, then generates a full Crossplane Composition with all the resources including CompositeResourceDefinitions (XRDs) and Composition configurations. This creates DRY (Don't Repeat Yourself) codified assets following modular Crossplane design best practices from the start.

These advanced features make codification an intelligent system producing high-quality IaC aligned with your best practices, not just a one-off script generator.

Using Codification: Step-by-Step Guide

Follow these steps to effectively codify your infrastructure:

1. Identify Resources to Codify

Navigate to the Inventory page in the Firefly app to find unmanaged assets. Filter by "Unmanaged" to see resources not currently managed by IaC. Select one or more resources you want to manage as code going forward.

Note: You can codify resources that are already managed by IaC.

2. Start the Codification Process

Select assets and click the "Codify" button. Choose your target IaC format (Terraform, Pulumi, etc.).

3. Configure Output Options

Depending on your chosen format, select the codification type you want to use. For example, if you want to codify a resource group into a Terraform module, select "Create Module".

4. Generate IaC Code

Firefly will automatically generate the code and you can review the resulting code in the UI preview, checking resource names, parameters, and module structures. You can use the UI to edit the code before finalizing. Additionaly, you can use the AI chat to edit the code with Firefly's Thinkerbell AI assistant.

Note: Sensitive data will not be included in the code. Edit the code to include the sensitive data as you see fit.

For Terraform/OpenTofu, Firefly automatically generates import blocks and commands alongside the resource definitions. These import statements allow you to bring existing resources under Terraform management without recreating them, ensuring zero downtime during the transition to IaC.

5. Review Dependencies and Modules

If codification created multiple files, review the project structure. Ensure all necessary pieces are present. Files can be added/deleted/edited in the UI as you see fit.

6. Export or Push the Code

Choose how to use the generated code:

  • Download or copy to clipboard for manual integration.

  • Create a Pull Request directly from the UI to your VCS repository.

7. Implement the Code in Your Workflow

Merge the Pull Request or add code to your IaC repository. For Terraform/OpenTofu codification, Firefly provides both import commands and blocks, these import statements bring existing resources into your Terraform state without recreating them:

  • Import Blocks (Recommended): Modern Terraform versions support import blocks directly in your configuration files. Firefly generates these blocks automatically, allowing you to run terraform plan and terraform apply to import resources seamlessly.

  • Import Commands: For older Terraform versions or manual workflows, Firefly provides the necessary terraform import commands to execute before applying your configuration.

After importing, run your standard IaC deployment process (terraform plan/apply, CloudFormation deployment, etc.). Since resources already exist and are now properly imported, Terraform will recognize them with correct IDs and settings, showing no changes needed on the first plan after import.

8. Verify and Mark as Managed

After successful deployment, check Firefly's Inventory again. Previously unmanaged resources should now appear as Codified. Firefly detects when resources are represented in IaC state files, effectively transitioning them to code management.

Note: In Firefly, it might take a few minutes to hours to detect the resources as IaC status change to "Codified".

9. Repeat and Refine

Continue codifying other resources in batches by environment or resource type. As you gain more codified assets, your IaC coverage percentage increases and your cloud becomes more standardized. Leverage advanced features to modularize further or refactor generated code to suit your style.

10. Leverage Automation (Optional)

Use Firefly's API for recurring changes. Set up automated workflows to codify new unmanaged assets and open PRs for review, ensuring your environment stays current in code. For more information, see API Integration.

11. IDE Integration (Optional)

Use Firefly's MCP server with your IDE to enhance your development workflow. The Model Context Protocol (MCP) server allows you to interact with Firefly directly from your code editor, enabling you to:

  • Query cloud resources: Ask questions about your infrastructure directly in your IDE.

  • Generate IaC code: Create Terraform, Pulumi, or other IaC configurations without leaving your editor.

This integration streamlines the codification process by bringing Firefly's capabilities directly into your familiar development environment, making it easier to maintain consistency between your code and cloud infrastructure. For more information, see MCP Integration.

Conclusion

Following these steps creates a smooth process for transforming "ClickOps" resources into code, resulting in maintainable, version-controlled infrastructure with reduced configuration drift and all IaC benefits (peer reviews, testing, rollback, etc.). Firefly accelerates your journey to full Infrastructure-as-Code, accomplishing in minutes what might otherwise take weeks of manual coding.

PreviousCreating Guardrail RulesNextSelf-Service

Last updated

Was this helpful?