Azure DevOps

Overview

Firefly integrates with Azure DevOps to connect your infrastructure code repositories with your cloud resources. This integration enables powerful features like tracing cloud resources back to their defining code ("Jump to Code") and automatically creating Pull Requests for newly codified resources and drift remediation.

Prerequisites

  • An Azure DevOps account with access to your infrastructure repositories

  • Appropriate permissions to create Personal Access Tokens

  • Repositories containing Terraform, CloudFormation, or other IaC files you want to connect to Firefly

  • Code Search installed for each organization (to facilitate scanning)

Setup Procedure

  1. Login to your Azure DevOps organization and follow their instructions to create a new PAT a. Select All accessible organizations b. In Scopes, select Custom defined and Read & manage c. Copy the token

  2. To facilitate the scanning of your organization, install Code Search for each organization

  3. In Firefly, select Settings > Integrations

  4. Select Add New > Azure DevOps (under version control integrations)

  5. Enter a descriptive name into the Nickname field

  6. Paste the token into the Access Token field

  7. Select Next

Features Enabled

  • Jump to Code: Trace resources in your cloud inventory back to the Azure DevOps file and specific line that defines them

  • Automated Pull Requests: When Firefly codifies an unmanaged resource, it can commit the new infrastructure code as a Pull Request

  • IaC Tracking: Firefly maintains awareness of which resources are defined in code and which are not

  • Drift Remediation: Firefly can detect drift between the code and the actual resources and create a Pull Request to fix it

Best Practices

  • Consider creating a dedicated Azure DevOps user or bot account for Firefly to make tracking its contributions easier

  • Ensure the access token has appropriate permissions to create Pull Requests

  • Regularly review Pull Requests created by Firefly

  • Install Code Search for each organization to improve repository scanning capabilities

Troubleshooting

  1. For authentication issues:

    • Verify Azure DevOps credentials and permissions

    • Check if the token has expired or been revoked

    • Ensure the PAT has the correct scopes selected

  2. For repository access issues:

    • Verify the integration has access to the required repositories

    • Check organization and project permissions if applicable

    • Review Firefly integration logs

Last updated

Was this helpful?