LogoLogo
  • Welcome to Firefly Documentation
  • Introduction
    • What is Firefly?
    • Who is Firefly for?
    • Why use Firefly?
    • Terminology (Glossary)
  • Key Features
    • Infrastructure-as-Code Automation
    • Cloud Asset Inventory
    • Drift Detection & Remediation
    • Policy-as-Code for Compliance & Governance
    • Cost Visibility & Optimization
    • AI Assistant
    • ChatOps Integration
  • Getting Started
    • Account Setup & Onboarding
    • Connecting Cloud Accounts
    • UI Walkthrough & Navigation
    • First Steps in Firefly
  • Detailed Guides
    • Dashboard Overview
    • Cloud Asset Inventory
      • Remediating Drifts
      • Deleting Assets
      • Creating IaC-Ignore Rules
      • Creating Exclude-Drift Rules
    • Policy & Governance
      • Creating Policy-as-Code Governance Rules
      • Remediating Policy Violations
    • Workflows & Guardrails
      • Creating Workflows
      • Creating Guardrail Rules
    • Codification
    • Self-Service
    • IaC Explorer
    • Event Center
    • Backup and Disaster Recovery
    • Notifications
    • User Management
    • SSO Configuration
  • Integrations
    • Integrations Overview
    • Integrating Data Sources
      • AWS
      • Azure
      • Google Cloud
      • Kubernetes
      • Akamai
      • Datadog
      • New Relic
      • Okta
      • GitHub
      • Cloudflare
      • NS1
      • PagerDuty
      • MongoDB Atlas
      • HashiCorp Vault
    • Integrating IaC Remote State
      • Terraform Cloud
      • Google Cloud Storage
      • env0
      • HashiCorp Consul
      • Firefly States Redactor
    • Integrating Version Control
      • GitHub
      • GitLab
      • Azure DevOps
      • CodeCommit
      • Bitbucket
    • Integrating Notifications
      • Slack
      • Microsoft Teams
      • PagerDuty
      • Opsgenie
      • Torq
      • Webex
      • Google Chat
      • Webhook
    • Integrating Project Management
      • Jira
      • ServiceNow
    • Integrating Workflows with CI/CD
    • Integrating Backstage
    • Integrating MCP
  • Use Cases & Best Practices
    • Cloud Governance & Visibility
    • Cost Optimization Strategies
    • Compliance and Security Best Practices
    • Infrastructure Automation & Self-Service
    • Best Practices and Implementation Tips
  • Analytics & Reporting
    • Analytics Dashboard Overview
    • Using Analytics for Improvement
    • Exporting and Sharing Reports
    • Analytics Security and Privacy
  • Code Snippets & Examples
    • Terraform Snippet for an AWS EC2 Instance (Codified via Firefly)
    • Example Rego Policy (OPA) for a Custom Rule
    • GitHub Actions Workflow YAML for Firefly Integration
    • JSON Output Example: Exporting Inventory
  • Troubleshooting & FAQs
    • Common Issues and Solutions
    • FAQs
  • General Information
    • Firefly API
      • Authentication
      • Inventory
      • Codification
      • Workflows
      • Self-Service
      • Policy & Governance
      • IaC Explorer
      • Event Center
      • Backup & Disaster Recovery
      • Notifications
      • Integrations
      • Identity & Access Management
    • Security & Compliance
    • Pricing Tiers & Add-ons
    • Contacting Support
Powered by GitBook
On this page
  • Key capabilities for drift management:
  • Real-time Drift Alerts
  • Drift Insight & Visualization
  • Remediation Suggestions
  • One-Click or Automated Fixes
  • Drift Guardrails
  • How remediation works in practice

Was this helpful?

  1. Key Features

Drift Detection & Remediation

Drift Detection is one of Firefly's core strengths. Drift occurs when the actual state of a resource in the cloud diverges from the desired state defined in your IaC configuration. For example, a team member might manually open a port in a firewall, or change an instance type through the console, creating a mismatch between code and reality. Firefly continuously monitors for such drifts across your infrastructure and alerts you as soon as they happen (Firefly Cloud Infrastructure Automation Reviews 2025: Details, Pricing, & Features | G2).

Key capabilities for drift management:

Real-time Drift Alerts

Firefly detects configuration drift in real-time (via event-driven hooks and periodic scans). The moment a resource's live configuration deviates from what's in the IaC definition, Firefly flags a drift. You can receive instant notifications through your preferred channels (Slack, Microsoft Teams, PagerDuty, etc.) thanks to Firefly's ChatOps integration (Firefly Cloud Infrastructure Automation Reviews 2025: Details, Pricing, & Features | G2). This proactive alerting lets you address issues before they escalate.

Drift Insight & Visualization

In the Firefly console, drifted resources are clearly indicated (often with a "drifted" status and highlight). For each drift, Firefly shows the difference between the actual state and the IaC state (Firefly Cloud Infrastructure Automation Reviews 2025: Details, Pricing, & Features | G2). For example, it might display that a security group rule is open in AWS (actual) whereas your Terraform expects it closed. This side-by-side diff or summary makes it easy to understand what changed.

Remediation Suggestions

Firefly doesn't stop at telling you what drifted – it helps you fix it. Firefly generates context-specific remediation steps or code to resolve the drift (Remediation | Firefly). In many cases, it will produce the exact Infrastructure-as-Code changes needed to bring the system back in sync. These could be Terraform code adjustments or CLI commands. For instance, if an EC2 instance type was changed manually, Firefly could suggest the Terraform code update (or a terraform plan to change it back).

One-Click or Automated Fixes

With Firefly's remediation feature, you can apply fixes with minimal effort. After reviewing the suggested fix, you might choose to auto-apply it. Firefly can open a Pull Request to your Git repo with the necessary code changes to match the live state (or vice versa) (Remediation | Firefly). This keeps the remediation under version control. Alternatively, for immediate issues, you might copy a CLI command from Firefly to quickly revert a change. Either way, Firefly's guided remediation turns hours of manual editing into a single-click resolution.

Drift Guardrails

You can configure policies to automatically lock or prevent changes that would cause drift. For example, as part of governance, you might use cloud provider mechanisms or Firefly's insights to ensure that certain critical resources can only be changed via Terraform, reducing the likelihood of drift in the first place. Firefly essentially acts as a safety net, catching any out-of-band changes.

How remediation works in practice

Suppose your Terraform config declares an S3 bucket to block public access, but someone accidentally disabled that setting in AWS. Firefly will detect this drift (public access block = false in AWS vs true in code) and alert you. In the Firefly UI, you'd see the bucket marked as drifted with details of the mismatch. Firefly's would then generate a fix – in this case, the fix might be a snippet of Terraform enabling the public access block, or instructions to toggle it back on in AWS. You could then have Firefly commit that Terraform change to Git, and run your pipeline to apply it. Within minutes, the drift is resolved and your code and cloud are back in sync, without manually writing any code or logging into the console.

Drift Detection and Remediation ensure that your infrastructure state is always consistent with your source of truth. This reduces outages (by catching unintended changes) and maintains compliance. It's like having an automated guardian that not only warns you of issues but also helps you auto-heal your cloud configuration whenever it drifts off course.

PreviousCloud Asset InventoryNextPolicy-as-Code for Compliance & Governance

Last updated 1 month ago

Was this helpful?