LogoLogo
  • Welcome to Firefly Documentation
  • Introduction
    • What is Firefly?
    • Who is Firefly for?
    • Why use Firefly?
    • Terminology (Glossary)
  • Key Features
    • Infrastructure-as-Code Automation
    • Cloud Asset Inventory
    • Drift Detection & Remediation
    • Policy-as-Code for Compliance & Governance
    • Cost Visibility & Optimization
    • AI Assistant
    • ChatOps Integration
  • Getting Started
    • Account Setup & Onboarding
    • Connecting Additional Integrations
    • UI Walkthrough & Navigation
    • First Steps in Firefly
  • Detailed Guides
    • Dashboard Overview
    • Cloud Asset Inventory
      • Remediating Drifts
      • Deleting Assets
      • Creating IaC-Ignore Rules
      • Creating Exclude-Drift Rules
    • Policy & Governance
      • Creating Policy-as-Code Governance Rules
      • Remediating Policy Violations
    • Workflows & Guardrails
      • Creating Workflows
      • Creating Guardrail Rules
    • Codification
    • Self-Service
    • IaC Explorer
    • Event Center
    • Backup and Disaster Recovery
    • Notifications
    • User Management
    • SSO Configuration
  • Integrations
    • Integrations Overview
    • Integrating Data Sources
      • AWS
      • Azure
      • Google Cloud
      • Kubernetes
      • Akamai
      • Datadog
      • New Relic
      • Okta
      • GitHub
      • Cloudflare
      • NS1
      • PagerDuty
      • MongoDB Atlas
      • HashiCorp Vault
    • Integrating IaC Remote State
      • Terraform Cloud
      • Google Cloud Storage
      • env0
      • HashiCorp Consul
      • Firefly States Redactor
    • Integrating Version Control
      • GitHub
      • GitLab
      • Azure DevOps
      • CodeCommit
      • Bitbucket
    • Integrating Notifications
      • Slack
      • Microsoft Teams
      • PagerDuty
      • Opsgenie
      • Torq
      • Webex
      • Google Chat
      • Webhook
    • Integrating Project Management
      • Jira
      • ServiceNow
    • Integrating Workflows with CI/CD
    • Integrating Backstage
    • Integrating MCP
  • Use Cases & Best Practices
    • Cloud Governance & Visibility
    • Cost Optimization Strategies
    • Compliance and Security Best Practices
    • Infrastructure Automation & Self-Service
    • Best Practices and Implementation Tips
  • Analytics & Reporting
    • Analytics Dashboard Overview
    • Using Analytics for Improvement
    • Exporting and Sharing Reports
    • Analytics Security and Privacy
  • Code Snippets & Examples
    • Terraform Snippet for an AWS EC2 Instance (Codified via Firefly)
    • Example Rego Policy (OPA) for a Custom Rule
    • GitHub Actions Workflow YAML for Firefly Integration
    • JSON Output Example: Exporting Inventory
  • Troubleshooting & FAQs
    • Common Issues and Solutions
    • FAQs
  • General Information
    • Firefly API
      • Authentication
      • Inventory
      • Codification
      • Workflows
      • Self-Service
      • Policy & Governance
      • IaC Explorer
      • Event Center
      • Backup & Disaster Recovery
      • Notifications
      • Integrations
      • Identity & Access Management
    • Security & Compliance
    • Pricing Tiers & Add-ons
    • Contacting Support
Powered by GitBook
On this page
  • Key aspects of Firefly's IaC Automation
  • Workflows and Guardrails
  • Auto-Generate IaC ("Codify")
  • Bring Unmanaged Resources Under Control
  • Best-Practice Templates
  • Git Integration
  • Self-Service Infrastructure

Was this helpful?

  1. Key Features

Infrastructure-as-Code Automation

Infrastructure-as-Code Automation in Firefly enables you to automate the creation and management of cloud resources via code. Instead of manually writing Terraform scripts or clicking around cloud consoles, Firefly can generate IaC for you and integrate with your code repositories and CI/CD pipelines. This capability accelerates IaC adoption and ensures your cloud deployments are repeatable and auditable.

Key aspects of Firefly's IaC Automation

Workflows and Guardrails

Firefly further enhances IaC automation with Workflows and Guardrails. Workflows automate the deployment lifecycle of your Terraform and OpenTofu configurations, from planning to application, integrating with your VCS. Guardrails ensure these deployments adhere to organizational policies by evaluating terraform plan outputs against predefined rules for cost, security, and compliance. Firefly offers runners for Terraform and OpenTofu, and an option to integrate with CI/CD tools as part of an existing pipeline. This combination allows for safe, automated, and compliant infrastructure management.

Auto-Generate IaC ("Codify")

Firefly can automatically generate Terraform, Pulumi, CloudFormation, Helm and other types of IaC for existing cloud resources. For example, if you have a manually-created S3 bucket or VM, Firefly will discover it and propose equivalent code to manage it. The tool handles dependencies as well – e.g. if an EC2 instance requires a VPC or Security Group, those will be included in the generated config.

Bring Unmanaged Resources Under Control

Firefly identifies resources that are not yet managed as code and lets you codify them with one click. This turns "shadow IT" infrastructure into code that is version-controlled and part of your standard provisioning process. You can choose to output a new Terraform file or merge into an existing one, making adoption flexible.

Best-Practice Templates

The generated IaC follows industry best practices (naming conventions, tagging, etc.), so you get clean, readable code. This saves countless hours for engineers and avoids mistakes – Firefly ensures the output is consistent and compliant with your standards out-of-the-box.

Git Integration

Firefly's automation hooks into your workflow. You can commit the generated code directly to your Git repository through Firefly, optionally via a Pull Request for review. This means your IaC changes enter your normal code review and pipeline (GitOps) process.

Self-Service Infrastructure

With these automation capabilities, platform teams can enable developers to request or provision infrastructure through Firefly's interface. Firefly will handle generating the necessary IaC, so less experienced users can get infrastructure they need without direct cloud access, speeding up delivery with proper guardrails in place.

For example, if an AWS S3 bucket was created manually in your account, Firefly can generate the Terraform code with the import block to manage that bucket going forward. A sample Terraform resource snippet generated by Firefly might look like this:

# Example Terraform code for an AWS S3 bucket, generated by Firefly
resource "aws_s3_bucket" "my_app_bucket" {
  bucket = "my-app-bucket"
  acl    = "private"
  tags = {
    Environment = "production"
    Owner       = "team-alpha"
  }
}

# Import the existing S3 bucket into Terraform
import {
  to = aws_s3_bucket.my_app_bucket
  id = "my-app-bucket"
}

In this snippet, Firefly has identified an existing S3 bucket and produced the Terraform configuration to manage it. The import block is a crucial part of this process - it tells Terraform to associate the existing S3 bucket in your cloud with the resource definition in your code. This is necessary because the bucket was created manually outside of Terraform, and we need to bring it under Terraform's management. You could save this code into your Terraform files, and from then on, any changes to the bucket should be made through code (ensuring consistency). Firefly can perform similar codification for resources in Azure, GCP, Kubernetes (Helm charts), etc., allowing you to manage all infrastructure in a unified way.

PreviousTerminology (Glossary)NextCloud Asset Inventory

Last updated 9 days ago

Was this helpful?