FAQ

How can we help you?

What type of permissions does Firefly need to scan my cloud?

To facilitate cloud scanning, Firefly requests a read-only permission set known as a security audit. This permission allows Firefly to scan the configuration of cloud resources, without accessing or retrieving their actual data. For example, Firefly can identify the presence of a storage bucket but does not have the capability to read or obtain information about the objects contained within it.

To locate IaC state files, particularly Terraform .tfstate files, Firefly requests read-only permissions [S3:GetObject] to access AWS S3 Buckets that store these .tfstate files.

How often does Firefly scan my cloud for assets?

Firefly is event-driven for AWS, Azure, and Google Cloud integrations. We track CloudTrail and equivalent events to determine changes in near real-time. In addition, we re-scan all accounts once a day. For SaaS Integrations, we scan for assets every 8 hours.

Can I export specific information as a table from the Firefly platform?

Yes, exports from the Inventory table are available in both CSV and JSON formats. Select the format from the Options menu on the right side above the table. The Inventory export will include up to 10,000 assets, according to the applied filters.

I just created a new .tfstate file in a new bucket. Why don't I see it?

Firefly scans all S3 buckets to locate any files ending with .tfstate. If your new stack is not displayed, complete these steps to scan for new state files:

  1. Go to the left pane > Settings > Integrations.

  2. Select the integration.

  3. Select the arrow next to Scan S3 Buckets for Terraform Stacks.

Does Firefly support asset rollback?

Yes. The feature Codify Revision allows you to roll back any asset to a previous revision.

What is assetState?

It is the state of a specific asset:

  1. Codified

  2. Unmanaged

  3. Drifted

  4. Ghost

Do you have an API that we can use for deleted, unmanaged resources from the new account or any account?

To view the APIs we support, view our API documentation.

How much of cloud infrastructure is deployed using IaC?

You can view this information in the IaC Coverage metric in the Inventory.

I added a new account, but it doesn't seem to ingest new assets. How long will it usually take?

Firefly scans your cloud assets every 8 hours. For AWS, we use CloudTrail logs to enable a near real-time event-driven integration.

I'm exploring the Firefly platform, but I don't see a way to restrict user access via the connected accounts. How can I achieve that?

See Manage user roles.

How can I invite a user in a way that they can view only a specific integration?

A full RBAC (Role Based Access Control) capability is not yet available. Contact us for more details.

What happens if the same resource is codified in more than one Terraform file?

We flag this as an Insight, and you can view it in the Flag column of the Inventory.

What permissions/IAM assets are needed to connect my account to Firefly to start the POC?

We require a read-only IAM role with a non-intrusive set of permissions. (You will see this in the integration process).

How does Firefly treat customer's data?

Firefly uses a SOC 2 Type 2 compliant platform. For more information, go to https://security.gofirefly.io/. We remove all sensitive information in-memory and never store your information in our databases.

How can I access the documentation outside of the console?

Go to https://www.firefly.ai and select Resources > Documentation.

I have a few AWS accounts, each with its own Git repository. How are my pull requests directed to the correct account?

When creating a pull request, select the VCS integration and repository. You also have the option to add a target branch and file path.

Can I use the same accessKey and secretKey for multiple Helm installs?

It's your choice. Firefly allows you to use the same keys for multiple Helm installs. If you prefer to use new keys each time, use the Firefly wizard to generate new keys.

How do I manage my Datadog monitor using Terraform?

You can easily integrate your Datadog account. Select your resource from Inventory. Select Codify, and run the generated import command on that code to complete the process.

How can I fetch all the unmanaged EC2 instances from a specific account? Is there an official API/Postman template for that?

Yes, see our API documentation.

Do you have Dark Mode and if so, how can I activate it?

How can I connect to GitHub? How do I make a pull request from the Firefly platform?

See Integrating GitHub.

Last updated