Terminology (Glossary)

This section provides a comprehensive list of all key terms used in Firefly. Understanding these terms will help you navigate the platform and make the most of its features.

General Terms

Asset

A cloud resource that Firefly discovers in your environment, such as an AWS EC2 instance, an Azure VM, or a Kubernetes cluster. Assets can be unmanaged, codified, drifted, or ghost assets, depending on their relationship with Infrastructure-as-Code (IaC).

Unmanaged Asset

A cloud resource that was created manually (via ClickOps) and is not currently managed by any Infrastructure-as-Code (IaC) tool. Unmanaged assets can be codified to bring them under IaC management.

Codified Asset

A cloud resource that is fully managed using Infrastructure-as-Code. Firefly detects that the resource has an associated Terraform/Pulumi/CloudFormation definition.

Drifted Asset

A resource that was initially created and managed via IaC but has since been manually modified. Drift means the current cloud configuration does not match the original definition in code.

Ghost Asset

A resource that exists only in the IaC state file but no longer exists in the cloud. This happens when an IaC-managed resource is deleted outside of the IaC workflow, leaving a stale record in the Terraform state file.

Pending Asset

This status is temporary. The asset is still in the process of being analyzed, and Firefly has not yet determined its IaC status. In other words, the asset is in a waiting state until Firefly finishes scanning and classifying it.

Undetermined Asset

Firefly was unable to determine the asset's IaC status. This can happen if Firefly has partial information about the asset but cannot fully match it to an IaC state or definition. For example, Firefly might detect the resource in an IaC file but not be able to find it via cloud scanning (or vice versa), making its status unclear. An undetermined asset could potentially be codified, drifted, or unmanaged – but the platform isn't certain due to missing data or an unsupported resource type.

IaC-Ignored Asset

The asset has been manually marked to be ignored in Firefly's IaC tracking. Assets with this status were unmanaged but a user created an IaC-Ignore rule to exclude them from IaC coverage. They will not count toward "unmanaged" asset counts or appear in codification suggestions. (Common examples are default cloud resources that you decide to ignore in the platform.)

Child Asset

A resource that is part of a larger codified module or stack but isn't independently codified on its own. In Firefly, a "child" asset is managed by its parent resource's IaC definition. For example, an AWS EBS volume that is automatically created as part of an EC2 instance is considered a child asset – it's managed through the EC2's configuration, not directly by separate IaC code. Child assets don't need their own IaC because they are created and managed by the parent's IaC.

ClickOps & Event Tracking

ClickOps

Refers to the manual creation or modification of cloud resources using a cloud provider's web console. Firefly detects ClickOps changes and flags them as unmanaged or drifted assets.

CLI/SDK Event

Refers to the creation or modification of cloud resources using a cloud provider's CLI, SDK, or API.

Mutation Event

Any detected change to an infrastructure resource, whether manual (ClickOps, CLI, or SDK) or automated (via CI/CD, Terraform, or API). Mutation events provide a detailed log of configuration changes, including what was modified and by whom.

Event Center

A Firefly feature that provides a timeline-based view of all mutation, ClickOps, and CLI/SDK events, allowing users to track changes, detect unauthorized modifications, and audit infrastructure changes. Learn more in Event Center.

Ownership Attribution

Firefly tracks who made a change to an asset through multiple sources: cloud logs (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs) for IAM users, roles, or service accounts; and Git blame information for changes made through IaC.

Infrastructure-as-Code (IaC)

IaC (Infrastructure-as-Code)

A methodology for managing cloud infrastructure using code-based configurations (e.g., Terraform, Pulumi, CloudFormation) instead of manual processes. Firefly integrates with multiple IaC frameworks to help users achieve better governance and automation. Learn more in Infrastructure-as-Code Automation.

IaC Coverage

A metric that indicates the percentage of assets managed by Infrastructure-as-Code. A higher IaC coverage means fewer ClickOps/manual changes.

IaC Explorer

A Firefly feature that provides visibility into IaC stacks, Terraform modules, and providers used across your cloud environment. It helps users understand how infrastructure is structured in code. Learn more in IaC Explorer.

Terraform State File (.tfstate)

A JSON file that stores the current state of Terraform-managed infrastructure. Firefly reads state files to determine which resources are codified and which are unmanaged or ghost assets.

Blast Radius

The scope of impact when making a change in Terraform or another IaC tool. Firefly's Blast Radius Analysis helps assess how updates to Terraform modules might affect large parts of an infrastructure.

Codification

The process of converting unmanaged cloud resources into Infrastructure-as-Code. Firefly automatically generates Terraform/Pulumi/CloudFormation code to bring unmanaged resources under IaC control. Learn more in Codification.

Advanced Codification

A Firefly capability that allows for modularized codification by generating IaC modules instead of flat configurations. It supports module creation, module calls, dependency handling, and cloud migrations between AWS, Azure, and GCP.

Module Creation

Instead of generating a one-time resource definition, Firefly can structure codified assets into reusable Terraform modules, ensuring better maintainability.

Module Call Codification

Firefly recognizes existing Terraform modules in your repositories and able to codify discovered resources with them, improving standardization and reusability.

Drift Remediation

Firefly's ability to detect and automatically fix drifted resources by either reapplying the IaC definition or regenerating the correct Terraform code for manual review. Learn more in Drift Detection & Remediation.

Governance & Compliance

Policy Packs

Predefined security and compliance rules that Firefly applies to IaC configurations and cloud assets. Policies can enforce tagging conventions, network security settings, and best practices. Learn more in Policy & Governance.

Cost Optimization Insights

Firefly analyzes your cloud infrastructure for unused or overprovisioned resources, helping reduce cloud spending. Learn more in Cost Visibility & Optimization.

Workflows & Guardrails

Workflows

Automated processes within Firefly that help enforce governance and security. Workflows can apply policy checks, remediation actions, and compliance rules across your cloud environments. Learn more in Workflows & Guardrails.

Guardrails

A Firefly feature that enforces cloud cost, security, and compliance at the provisioning stage by preventing misconfigured infrastructure from being deployed. Learn more in Creating Guardrail Rules.

Projects

A project is an organizational unit in Firefly for grouping and managing related resources like workspaces, variable sets, and self-hosted runners. It acts as a boundary for access control, allowing teams to manage their infrastructure independently.

Variable Set

A variable set is a reusable collection of variables that can be shared across workspaces and projects. This allows for consistent configuration and secrets management, with a clear hierarchy of precedence.

Workspace

A workspace is the primary execution environment for IaC operations in Firefly. It holds all the necessary configurations for a given set of infrastructure, including VCS settings, variables, and runner details. Workspaces can be organized within Projects or be global.

Runners

Execute Terraform/OpenTofu operations (plan/apply) within Firefly. There are two types:

• SaaS Runners: Fully managed by Firefly and run in Firefly's cloud environment.

• Self-Hosted Runners: Customer-managed agents that run within the customer's own infrastructure for secure access to internal resources.

FireflyCI

The binary used for Firefly CI/CD integration that is used to enforce IaC policies during pipeline runs in a third-party CI/CD tool. An alternative for the Firefly Runners.

Integrations

Data Source Integrations

Firefly connects with AWS, Azure, GCP, Kubernetes, and SaaS platforms (Datadog, GitHub, etc.) to fetch real-time configuration data. Learn more in Integrating Data Sources.

Version Control Integrations

Firefly integrates with your GitHub, GitLab, Bitbucket, and other VCS providers to index IaC repositories data and to enable GitOps workflows. Learn more in Integrating Version Control.

CI/CD Integration

Firefly integrates with GitHub Actions, GitLab CI, and other CI/CD tools to enforce IaC policies during pipeline runs (via FireflyCI). Learn more in Integrating Workflows with CI/CD.

Notification Integrations

Firefly can integrate with Slack, Microsoft Teams, and other notification platforms to send alerts and updates. Learn more in Integrating Notifications.

IaC Remote State Integrations

Firefly integrates with Terraform Cloud, Terraform Enterprise, and other IaC backends to fetch IaC remote state data. Learn more in Integrating IaC Remote State.

Project Management Integrations

Firefly can integrate with project management platforms such as Jira to generate tickets for unmanaged assets, policy violations and more. Learn more in Integrating Project Management.

This glossary ensures you understand all Firefly terminology used throughout the platform. By becoming familiar with these terms, you'll be able to fully utilize Firefly's governance, compliance, and automation capabilities.