IaC Explorer

The IaC Explorer in Firefly provides a comprehensive view of your Infrastructure-as-Code landscape across multiple IaC types. It allows you to analyze Terraform stacks, CloudFormation templates, Helm charts, and more IaC types in a unified interface. This centralized view is essential for platform engineers and DevOps teams to understand infrastructure composition, identify issues, and maintain governance across their IaC ecosystem.

Supported IaC types

  • Terraform stacks - Individual .tfstate files with their module composition.

  • OpenTofu stacks - Individual .tfstate files with their module composition.

  • CloudFormation stacks - AWS CloudFormation stacks.

  • Helm charts - Kubernetes Helm charts deployments.

  • Kustomize manifests - Kubernetes Kustomize manifests deployments.

  • ArgoCD applications - ArgoCD applications deployments.

Overview of IaC Explorer Tabs

The IaC Explorer is organized into several tabs, each focusing on different aspects of your infrastructure:

Applied Stacks

The main view showing all your deployed infrastructure stacks with their current status, including:

  • Stack name - The name of the stack.

  • IaC version - The version of the IaC type used to deploy the stack.

  • IaC coverage - The percentage of the stack that is covered by IaC and the status of the coverage.

  • Backend information - Where state files are stored (S3, Terraform Cloud, etc.).

  • Data sources - The data sources used to deploy the stack.

  • Last applied - The date and time the stack was last applied.

  • Blast radius indicator - Warning icon for stacks using outdated module versions.

  • Asset counts - Number of resources managed by each stack with link directly to the inventory page filtered by the stack. The inventory page shows the resources that are managed by the stack.

  • More information about the stack can be found in the Properties tab. View the stack content and additional details about the stack data sources and used resources that are not supported by Firefly.

Applied Stacks Use Cases

  • Infrastructure Oversight: Monitor all deployed stacks across your organization from a single dashboard.

  • Drift Detection: Identify stacks where live infrastructure differs from IaC definitions.

  • Change Impact Analysis: Use blast radius indicators to understand which stacks are affected by outdated modules.

  • Compliance Auditing: Track IaC coverage percentages to ensure infrastructure governance.

  • Troubleshooting: Quickly identify unsynced stacks that need attention after module updates.

  • Resource Planning: View asset counts and resource distribution across environments.

  • State Management: Monitor backend health and last application times for each stack.

Providers

Shows all Infrastructure-as-Code providers used across your environment:

  • Terraform and OpenTofu providers - AWS, Azure, Google Cloud, etc.

  • Registry URLs - Links to provider documentation and source.

  • Integration status - Whether providers are properly integrated.

  • State file counts - Number of state files using each provider with link directly to the stacks tab filtered by the provider.

Providers Use Cases

  • Integration Health: Monitor provider connectivity and integration status.

  • Architecture Planning: Understand multi-cloud footprint and provider distribution.

Backends

Displays state storage backends and their configurations:

  • Remote state locations - S3 buckets, Terraform Cloud, etc.

  • Backend name - The name of the backend.

  • Stack counts - Number of stacks using each backend with link directly to the stacks tab filtered by the backend.

  • Last scan - When backends were last synchronized.

  • Settings menu - Configure the backend settings:

    • Exclude state files - Exclude state files from being ingested by Firefly.

    • GCS encryption - Set the GCS encryption key on encrypted GCS backends.

Backends Use Cases

State Management Strategy: Monitor distribution of state files across backends.

Modules

Comprehensive view of all Terraform and OpenTofu modules in use:

  • Module name - The directory name of the module in the repository.

  • Module sources - Registry modules, Git repositories.

  • Version - Current versions.

  • Last contributor - The last contributor to the module.

  • Misconfigurations - Policy violations for the module.

  • Last updated - When the module was last updated.

  • Usage - How many stacks use each module with link directly to the stacks tab filtered by the module.

  • Blast radius indicator - Warning icon for modules used by outdated stacks that use older versions of the module.

Modules Use Cases

  • Version Management: Track module versions and identify outdated implementations.

  • Impact Analysis: Use blast radius indicators to understand which stacks are affected by module updates.

  • Security Scanning: Identify modules with known vulnerabilities or misconfigurations.

  • Code Reusability: Monitor module adoption rates and identify reusable patterns.

  • Change Management: Plan module updates and understand downstream impacts.

  • Quality Assurance: Review module sources and ensure approved registries are used.

Repositories

Shows all connected version control repositories:

  • VCS integration - GitHub, GitLab, Bitbucket, etc.

  • Repository name - The name of the repository.

  • Modules count - Number of modules in the repository with link directly to the modules tab filtered by the repository.

  • Resources count - Number of resources in the repository with link directly to the inventory page filtered by the repository.

  • Last scan - When the repository was last scanned.

Repositories Use Cases

  • Source Control Oversight: Monitor all repositories containing infrastructure code.

  • Content Analysis: Understand the distribution of modules and resources across repositories.

Navigating Applied Stacks

When you open the IaC Explorer page, you'll see a list of your integrated IaC stacks (for example, each Terraform .tfstate file that Firefly has ingested from your environment). Each stack represents a deployed infrastructure state. By selecting a stack, the Explorer will display its contents in an organized manner. The view will show the root module of the Terraform stack and any child modules that are being used.

In the Explorer interface, you can expand the hierarchy. For instance, the root of the stack might have several module calls (Terraform modules invoked by your configuration). You can click the + or expansion arrow next to a module call to drill down. This will show you the resources and sub-modules inside that module. The Explorer essentially lets you traverse the module tree of your Terraform configuration.

Advanced Filtering and Search

The IaC Explorer includes powerful filtering capabilities to help you focus on specific infrastructure components:

Filter Options

  • IaC Status - Filter by managed, unmanaged, ghost, or modified resources.

  • Data Source - Filter by specific cloud providers or integrations.

  • Data Source Status - Show only integrated or pending integrations.

  • Backend - Filter by state storage location.

  • Asset Type - Focus on specific resource types (EC2 instances, S3 buckets, etc.).

  • Repository - Filter by source code repository.

  • TF Versions - Filter by Terraform version compatibility.

  • Providers - Filter by specific provider types (AWS, Azure, etc.).

  • Modules - Filter by module usage.

  • Sync Status - Filter to show only Unsynced stacks in the Applied Stacks tab.

  • Application Status - Filter to show only Partially Applied modules in the Modules tab.

Search Functionality

Use the search bar to quickly find specific stacks or modules by name. The search supports partial matching and works across all tabs.

Sync Status and Blast Radius Management

The IaC Explorer provides advanced capabilities to track module synchronization and understand the impact of changes across your infrastructure through sync status indicators with blast radius analysis.

When modules in your integrated Git repositories are updated but the corresponding state files haven't been updated to reflect these changes, Firefly helps you identify and address these discrepancies:

Stack-Level Sync Status

  • Unsynced Status: Stacks are marked as Unsynced in the Applied Stacks tab when their state files haven't been updated after module changes.

  • Visual Indicators: Clear status icons and labels help you quickly identify problematic stacks.

  • Hover Details: Hovering over the Unsynced status reveals Which modules are not up-to-date in the state.

  • Navigation Links: Clicking on the Unsynced status redirects you to the Modules tab, filtered to show only the outdated modules used by that stack.

Module-Level Application Status

  • Partially Applied Status: Modules are marked as Partially Applied in the Modules tab when they've been updated but not all dependent stacks have been updated.

  • Impact Visibility: Shows which state files are using outdated versions of the module.

  • Hover Details: Hovering over the Partially Applied status displays Names of state files that haven't been updated.

  • Cross-Navigation: Clicking on the Partially Applied status redirects you to the Applied Stacks tab, filtered to show only the unsynced stacks using that module.

Best Practices for Sync and Blast Radius Management

Regular Monitoring

  • Daily Reviews: Check for unsynced stacks as part of daily operations.

  • Weekly Planning: Use blast radius analysis for weekly change planning sessions.

  • Pre-deployment Checks: Always review sync status before major deployments.

Change Management Process

  1. Impact Assessment: Use blast radius indicators to understand change scope.

  2. Staged Rollouts: Apply module updates gradually based on blast radius information.

  3. Validation: Monitor sync status to ensure all intended changes are applied.

This comprehensive sync status and blast radius functionality ensures that your infrastructure changes are well-coordinated, properly applied, and their impacts are clearly understood across your entire IaC ecosystem.

Export and Reporting

The IaC Explorer provides export functionality for reporting and analysis, download filtered data as CSV or JSON.

Best Practices for Using IaC Explorer

Regular Monitoring

  • Weekly reviews - Check for new drift or outdated modules.

  • Filter by status - Focus on drifted stacks.

  • Track integration health - Ensure all backends are properly connected.

Governance and Compliance

  • Module standardization - Identify stacks using non-approved modules.

  • Security scanning - Review misconfigurations and vulnerabilities in modules.

Conclusion

The IaC Explorer serves as your central command center for Infrastructure-as-Code management, providing the visibility and tools needed to maintain a well-governed, secure, and efficient infrastructure ecosystem across multiple technologies and cloud providers.

PreviousSelf-ServiceNextEvent Center

Last updated

Was this helpful?