# Infrastructure-as-Code Orchestration

Infrastructure-as-Code Orchestration in Firefly provides automated management and governance for your Terraform, OpenTofu, and Terragrunt deployments. While [Infrastructure-as-Code Automation](https://docs.firefly.ai/key-features/infrastructure-as-code-automation) handles the generation and codification of IaC, orchestration manages the entire deployment lifecycle with workflows and policy enforcement.

## Key Capabilities of IaC Orchestration

### Automated Workflows

Firefly Workflows automate your IaC deployment process by connecting to your Git repositories and executing `plan` on pull requests and `apply` on merge. Each workflow is tied to a workspace that includes your IaC code, variables, execution environment, and deployment history. This eliminates manual deployment steps and ensures consistent, repeatable infrastructure changes.

### Policy Enforcement with Guardrails

Firefly Guardrails provide automated policy enforcement by evaluating `plan` outputs against predefined rules. These rules can control costs, enforce security policies, manage resource permissions, and ensure compliance standards. Guardrails integrate with [Policy-as-Code](https://docs.firefly.ai/key-features/policy-as-code) capabilities to block non-compliant deployments before they reach your infrastructure.

### Flexible Deployment Options

Firefly supports multiple deployment models:

* **Firefly-Managed**: Turnkey solution with secure, managed runners.
* **Self-Hosted Runners**: Execute within your network boundaries.
* **CI/CD Integration**: Enhance existing pipelines with visualization and governance.

### Organizational Structure

Projects provide organizational boundaries with role-based access control, while Variable Sets enable centralized configuration management. This hierarchical structure supports complex multi-team environments with proper isolation and variable inheritance.

## Benefits

* **Automated Deployments**: Reduce manual effort and eliminate human errors.
* **Policy Compliance**: Ensure all changes meet organizational standards before deployment.
* **Audit Trail**: Complete visibility into deployment history and decisions.
* **Team Collaboration**: Integrate with existing VCS and chat workflows.
* **Risk Mitigation**: Prevent security breaches and cost overruns through automated checks.

For detailed implementation guides, refer to the [Workflows documentation](https://docs.firefly.ai/detailed-guides/workflows).