Firefly Documentation Portal
  • Welcome to the Documentation Portal
  • Contacting Firefly support
  • User Guides
    • QuickStart Guide
      • Onboarding
      • Dashboard
      • FAQ
      • Glossary
        • IaC status
    • Exploring the Inventory
    • Compose: Generating new configuration
    • Navigating the IaC Explorer
    • Workflows
      • Guardrails
    • Integrations
      • Integrate your providers and tools
        • Integrate your data sources
          • Integrate PagerDuty
          • Integrate MongoDB Atlas
          • Integrate AWS
            • Integrate AWS using Terraform
            • Integrate AWS using CloudFormation
            • Upgrading AWS integration to event-driven
            • AWS Discovery Status
          • Integrate Google Cloud
            • Integrate Google Cloud using a service account key
            • Integrate Google Cloud using Terraform
            • Google Cloud Discovery Status
          • Integrate Kubernetes
          • Integrate Datadog
          • Integrate New Relic
          • Integrate Okta
          • Integrate GitHub service
          • Integrate Cloudflare
          • Integrate NS1
          • Integrate Microsoft Azure
            • Integrate Microsoft Azure using Terraform
            • Azure Discovery Status
          • Integrate HashiCorp Vault
        • Integrate your IaC remote states
          • Integrate Terraform Cloud
          • Integrate Terraform Enterprise
          • Integrate HashiCorp Consul
          • Integrate remote stacks in Google Cloud Storage
          • Integrate env0
        • Integrate your version control system
          • Integrate GitHub
          • Integrate GitLab
          • Integrate Bitbucket
            • Integrate Bitbucket Data Center
            • Integrate Bitbucket Cloud
          • Integrate AWS CodeCommit
          • Integrate Azure DevOps
        • Send Firefly notifications to your messaging tools
          • Send Firefly notifications to Slack
            • Send notifications to Slack using the Slack App
            • Sending notifications to Slack using a webhook
          • Send Firefly notifications to Microsoft Teams
          • Send Firefly notifications to Torq
          • Send Firefly notifications to webhooks
          • Send Firefly notifications to Opsgenie
          • Send Firefly notifications to PagerDuty
            • Integration Key
            • General Access REST API Key
          • Send Firefly notifications to Google Chat
        • Integrate project management tools
          • Integrate Jira
    • Governance
    • Event-Center
    • How-to Guides
      • Manage assets
        • Codify assets
          • Codify assets to Config Connector
          • Codify assets to Manifest
          • Codify assets to Helm
          • Codify assets to CDK8S
          • Codify assets to Terraform
          • Codify assets to Pulumi
          • Codify assets to CloudFormation
          • Codify assets to CDK
          • Codify assets to Crossplane
          • Codify assets to Ansible
        • Delete unmanaged assets
        • Fix drifts
        • Remove asset Terraform code
        • Excluded drifts
        • IaC-Ignored assets
      • Monitor events
      • Manage notifications
      • Manage user roles
    • Deep Dive articles
      • Disaster recovery
      • Drifts
      • Codification
      • Notifications
      • Governance
      • Event-driven
      • IaC-Ignored assets
  • Appendix
    • Migrating CloudFormation resources to Terraform
    • Terraform Cloud Run Tasks
    • Creating a key pair
    • SSO Configuration
    • Firefly API Documentation
    • Support Matrix
    • Data privacy and AI usage
  • Firefly MCP
Powered by GitBook
On this page
  • What type of permissions does Firefly need to scan my cloud?
  • How often does Firefly scan my cloud for assets?
  • Can I export specific information as a table from the Firefly platform?
  • I just created a new .tfstate file in a new bucket. Why don't I see it?
  • Does Firefly support asset rollback?
  • What is assetState?
  • Do you have an API that we can use for deleted, unmanaged resources from the new account or any account?
  • How much of cloud infrastructure is deployed using IaC?
  • I added a new account, but it doesn't seem to ingest new assets. How long will it usually take?
  • I'm exploring the Firefly platform, but I don't see a way to restrict user access via the connected accounts. How can I achieve that?
  • How can I invite a user in a way that they can view only a specific integration?
  • What happens if the same resource is codified in more than one Terraform file?
  • What permissions/IAM assets are needed to connect my account to Firefly to start the POC?
  • How does Firefly treat customer's data?
  • How can I access the documentation outside of the console?
  • I have a few AWS accounts, each with its own Git repository. How are my pull requests directed to the correct account?
  • Can I use the same accessKey and secretKey for multiple Helm installs?
  • How do I manage my Datadog monitor using Terraform?
  • How can I fetch all the unmanaged EC2 instances from a specific account? Is there an official API/Postman template for that?
  • Do you have Dark Mode and if so, how can I activate it?
  • How can I connect to GitHub? How do I make a pull request from the Firefly platform?

Was this helpful?

  1. User Guides
  2. QuickStart Guide

FAQ

How can we help you?

What type of permissions does Firefly need to scan my cloud?

To facilitate cloud scanning, Firefly requests a read-only permission set known as a security audit. This permission allows Firefly to scan the configuration of cloud resources, without accessing or retrieving their actual data. For example, Firefly can identify the presence of a storage bucket but does not have the capability to read or obtain information about the objects contained within it.

To locate IaC state files, particularly Terraform .tfstate files, Firefly requests read-only permissions [S3:GetObject] to access AWS S3 Buckets that store these .tfstate files.

How often does Firefly scan my cloud for assets?

Firefly is event-driven for AWS, Azure, and Google Cloud integrations. We track CloudTrail and equivalent events to determine changes in near real-time. In addition, we re-scan all accounts once a day. For SaaS Integrations, we scan for assets every 8 hours.

Can I export specific information as a table from the Firefly platform?

Yes, exports from the Inventory table are available in both CSV and JSON formats. Select the format from the Options menu on the right side above the table. The Inventory export will include up to 10,000 assets, according to the applied filters.

I just created a new .tfstate file in a new bucket. Why don't I see it?

Firefly scans all S3 buckets to locate any files ending with .tfstate. If your new stack is not displayed, complete these steps to scan for new state files:

  1. Go to the left pane > Settings > Integrations.

  2. Select the integration.

  3. Select the arrow next to Scan S3 Buckets for Terraform Stacks.

Does Firefly support asset rollback?

Yes. The feature Codify Revision allows you to roll back any asset to a previous revision.

What is assetState?

It is the state of a specific asset:

  1. Codified

  2. Unmanaged

  3. Drifted

  4. Ghost

Do you have an API that we can use for deleted, unmanaged resources from the new account or any account?

To view the APIs we support, view our API documentation.

How much of cloud infrastructure is deployed using IaC?

You can view this information in the IaC Coverage metric in the Inventory.

I added a new account, but it doesn't seem to ingest new assets. How long will it usually take?

Firefly scans your cloud assets every 8 hours. For AWS, we use CloudTrail logs to enable a near real-time event-driven integration.

I'm exploring the Firefly platform, but I don't see a way to restrict user access via the connected accounts. How can I achieve that?

See Manage user roles.

How can I invite a user in a way that they can view only a specific integration?

A full RBAC (Role Based Access Control) capability is not yet available. Contact us for more details.

What happens if the same resource is codified in more than one Terraform file?

We flag this as an Insight, and you can view it in the Flag column of the Inventory.

What permissions/IAM assets are needed to connect my account to Firefly to start the POC?

We require a read-only IAM role with a non-intrusive set of permissions. (You will see this in the integration process).

How does Firefly treat customer's data?

Firefly uses a SOC 2 Type 2 compliant platform. For more information, go to https://security.gofirefly.io/. We remove all sensitive information in-memory and never store your information in our databases.

How can I access the documentation outside of the console?

Go to https://www.firefly.ai and select Resources > Documentation.

I have a few AWS accounts, each with its own Git repository. How are my pull requests directed to the correct account?

When creating a pull request, select the VCS integration and repository. You also have the option to add a target branch and file path.

Can I use the same accessKey and secretKey for multiple Helm installs?

It's your choice. Firefly allows you to use the same keys for multiple Helm installs. If you prefer to use new keys each time, use the Firefly wizard to generate new keys.

How do I manage my Datadog monitor using Terraform?

You can easily integrate your Datadog account. Select your resource from Inventory. Select Codify, and run the generated import command on that code to complete the process.

How can I fetch all the unmanaged EC2 instances from a specific account? Is there an official API/Postman template for that?

Yes, see our API documentation.

Do you have Dark Mode and if so, how can I activate it?

How can I connect to GitHub? How do I make a pull request from the Firefly platform?

See Integrating GitHub.

PreviousDashboardNextGlossary

Last updated 8 months ago

Was this helpful?

We do! To activate Dark Mode, select the moon icon in the top right corner.