LogoLogo
  • Welcome to Firefly Documentation
  • Introduction
    • What is Firefly?
    • Who is Firefly for?
    • Why use Firefly?
    • Terminology (Glossary)
  • Key Features
    • Infrastructure-as-Code Automation
    • Cloud Asset Inventory
    • Drift Detection & Remediation
    • Policy-as-Code for Compliance & Governance
    • Cost Visibility & Optimization
    • AI Assistant
    • ChatOps Integration
  • Getting Started
    • Account Setup & Onboarding
    • Connecting Cloud Accounts
    • UI Walkthrough & Navigation
    • First Steps in Firefly
  • Detailed Guides
    • Dashboard Overview
    • Cloud Asset Inventory
      • Remediating Drifts
      • Deleting Assets
      • Creating IaC-Ignore Rules
      • Creating Exclude-Drift Rules
    • Policy & Governance
      • Creating Policy-as-Code Governance Rules
      • Remediating Policy Violations
    • Workflows & Guardrails
      • Creating Workflows
      • Creating Guardrail Rules
    • Codification
    • Self-Service
    • IaC Explorer
    • Event Center
    • Backup and Disaster Recovery
    • Notifications
    • User Management
    • SSO Configuration
  • Integrations
    • Integrations Overview
    • Integrating Data Sources
      • AWS
      • Azure
      • Google Cloud
      • Kubernetes
      • Akamai
      • Datadog
      • New Relic
      • Okta
      • GitHub
      • Cloudflare
      • NS1
      • PagerDuty
      • MongoDB Atlas
      • HashiCorp Vault
    • Integrating IaC Remote State
      • Terraform Cloud
      • Google Cloud Storage
      • env0
      • HashiCorp Consul
      • Firefly States Redactor
    • Integrating Version Control
      • GitHub
      • GitLab
      • Azure DevOps
      • CodeCommit
      • Bitbucket
    • Integrating Notifications
      • Slack
      • Microsoft Teams
      • PagerDuty
      • Opsgenie
      • Torq
      • Webex
      • Google Chat
      • Webhook
    • Integrating Project Management
      • Jira
      • ServiceNow
    • Integrating Workflows with CI/CD
    • Integrating Backstage
    • Integrating MCP
  • Use Cases & Best Practices
    • Cloud Governance & Visibility
    • Cost Optimization Strategies
    • Compliance and Security Best Practices
    • Infrastructure Automation & Self-Service
    • Best Practices and Implementation Tips
  • Analytics & Reporting
    • Analytics Dashboard Overview
    • Using Analytics for Improvement
    • Exporting and Sharing Reports
    • Analytics Security and Privacy
  • Code Snippets & Examples
    • Terraform Snippet for an AWS EC2 Instance (Codified via Firefly)
    • Example Rego Policy (OPA) for a Custom Rule
    • GitHub Actions Workflow YAML for Firefly Integration
    • JSON Output Example: Exporting Inventory
  • Troubleshooting & FAQs
    • Common Issues and Solutions
    • FAQs
  • General Information
    • Firefly API
      • Authentication
      • Inventory
      • Codification
      • Workflows
      • Self-Service
      • Policy & Governance
      • IaC Explorer
      • Event Center
      • Backup & Disaster Recovery
      • Notifications
      • Integrations
      • Identity & Access Management
    • Security & Compliance
    • Pricing Tiers & Add-ons
    • Contacting Support
Powered by GitBook
On this page
  • Key capabilities of Firefly's governance and compliance features:
  • Unified Policy Engine
  • Pre-Built Compliance Rules
  • Custom Policy-as-Code
  • Continuous Compliance Monitoring
  • Violation Alerts & Remediation
  • Categorization and Reporting

Was this helpful?

  1. Key Features

Policy-as-Code for Compliance & Governance

Firefly | Manage Your Cloud with Infrastructure-as-Code includes a powerful Policy-as-Code engine that allows you to define and enforce governance rules across your cloud environment. Policy-as-Code means that policies (security rules, compliance requirements, cost controls, etc.) are expressed in code or configuration files, rather than in ad-hoc manual checks. This approach ensures consistent, automated enforcement of best practices and standards. In Firefly, policies can cover a wide range of checks – from requiring certain tags on every resource, to ensuring no S3 bucket is public, to enforcing cost limits on certain resources.

Key capabilities of Firefly's governance and compliance features:

Unified Policy Engine

Firefly provides a single policy enforcement framework that works across all your clouds and IaC tools (AWS Marketplace: Firefly - Cloud Asset Management). Instead of dealing with separate policy systems for AWS, Azure, GCP, and Kubernetes, you can define policies once and apply them everywhere. Firefly integrates with cloud APIs and scanning tools to evaluate your infrastructure against these rules continuously.

Pre-Built Compliance Rules

Out of the box, Firefly comes with a library of common policies and standards. These include templates for industry compliance frameworks like PCI-DSS, SOC 2, HIPAA, and others (Understanding Policy as Code and How to Implement It in Cloud Environments | Firefly). For example, there are pre-built rules to ensure encryption is enabled on databases, that no databases are publicly accessible, that all resources have an owner tag, etc. Using these built-in policies, you can quickly achieve baseline compliance without writing everything from scratch (Understanding Policy as Code and How to Implement It in Cloud Environments | Firefly). Firefly keeps these updated as standards evolve.

Custom Policy-as-Code

You can also write custom policies specific to your organization. Firefly supports defining policies in code – typically using formats like JSON or YAML, or even using the Open Policy Agent's Rego language for complex logic (Understanding Policy as Code and How to Implement It in Cloud Environments | Firefly). This means you can encode any rule (no matter how specific) into Firefly's engine. For instance, you might require that all EC2 volumes are encrypted with a particular KMS key, or that certain naming conventions are followed. These policy definitions are stored in Git (version controlled) just like application code, ensuring transparency and collaboration in developing governance rules.

Continuous Compliance Monitoring

Firefly continuously scans your asset inventory against all active policies. If a resource violates a policy, it's immediately flagged. The dashboard will show a compliance score or summary (e.g., "95% of resources compliant, 5% with violations") and list out each violation. You can drill down to see which rule was broken and which resource is non-compliant. This real-time monitoring means you are always audit-ready – no more periodic manual audits.

Violation Alerts & Remediation

Just like with drift, Firefly can alert you when a policy violation is detected (via email or ChatOps). Moreover, many policy violations can be fixed with automation. Firefly's AI assistant can suggest remediation steps for policy violations too (Remediation | Firefly). For example, if a VM is found with an open SSH port against policy, Firefly might suggest a Terraform snippet to close it, or a command to update the security group. You can then apply the fix through Firefly's workflow. This closes the loop from detection to remediation, greatly shortening the time to compliance.

Categorization and Reporting

Firefly organizes policy checks into intuitive categories like security, cost, reliability, tagging, etc. (Understanding Policy as Code and How to Implement It in Cloud Environments | Firefly). This helps you focus efforts (maybe start with critical security fixes, then improve tagging hygiene). The platform provides compliance reports that can be exported or shared – useful for governance meetings or audits, to demonstrate adherence or track improvements over time.

To illustrate a custom policy, here's a simple example of a Policy-as-Code rule written in Rego (the policy language for Open Policy Agent) that could be used in Firefly. This policy ensures every EC2 instance has an "Environment" tag and flags those that do not:

PreviousDrift Detection & RemediationNextCost Visibility & Optimization

Last updated 1 month ago

Was this helpful?