Common Issues and Solutions
Note: Check the Firefly Status Page for Firefly's current status.
This guide covers the most frequently encountered issues and their solutions when working with Firefly.
Resource Management Issues
Ghost Assets
Q: How do I resolve a "ghost drift" asset showing in Firefly?
A ghost drift asset occurs when Firefly detects a mismatch between your Infrastructure as Code (IaC) and actual cloud resources.
What causes ghost drift assets:
Resource exists in IaC but not in the cloud.
Resource was manually deleted without updating IaC.
Resolution steps:
Remove it from your IaC configuration. Available in Firefly, check the delete asset action guide.
For Terraform: Use
terraform state rm <resource>
or delete from code and runterraform apply
.Firefly will stop listing it as ghost once the IaC reference is removed.
Prevention tips:
Always use proper IaC destroy commands instead of manual deletions.
Use Firefly's drift detection feature to detect and resolve ghost assets.
Implement proper change management processes.
Undetermined Resources
Q: Some of my cloud resources show as Undetermined in Firefly. What does this mean?
Firefly does not fully support certain cloud resources, especially niche offerings.
What to expect:
Resources appear in Inventory with limited information.
Policies not be evaluated on these resources.
Classification as managed/unmanaged is not available.
Solutions:
Continue managing these resources via IaC.
Contact Firefly support to request support for specific resource types.
Integration Issues
Missing Assets After Integration
Q: I just integrated a cloud account, but I don't see any assets in Firefly.
Troubleshooting steps:
Check integration status:
Navigate to Settings > Integrations and select the data source.
Verify the Scanning Status is in the last few hours.
Look for error messages and resolve any credential issues. For more information, contact Firefly support.
Wait for initial scan:
Initial scans can take several hours for large environments
Check if a scan is currently in progress
Trigger manual scan:
Go to Settings > Integrations and select the data source.
In the integration menu, click on the Scan Assets option.
Verify permissions:
AWS: Ensure IAM role has ReadOnlyAccess or equivalent.
Azure: Verify service principal has Reader role.
GCP: Check service account has appropriate viewer permissions.
For any other data source, check the relevant token permissions. For more information, check the Integration Guide.
Event-Driven Upgrade
Q: Firefly shows Event-Driven disabled for my cloud integration. What is this?
Event-driven mode provides real-time updates instead of periodic scanning.
Benefits:
Near-instant drift detection (minutes vs. up to 24 hours).
More accurate resource state tracking.
Faster policy violation alerts.
How to upgrade:
Check the Integration Guide for the specific cloud provider.
Contact Firefly support for further assistance.
Note: If you cannot upgrade due to cost or complexity concerns, daily polling will continue to work.
Notification and Alert Issues
Troubleshooting Missing Notifications
Q: My Firefly notifications aren't coming through (Slack/Email/etc). How do I debug?
Step-by-step debugging:
Verify notification rules:
Go to the Notifications page.
Check that rules are active (toggle on).
Confirm events have occurred that match your criteria.
Test the integration:
Go to Settings > Integrations and select the notification integration.
Click on the Test button to send a test notification.
Common fixes:
Check the Integration Guide for the specific notification integration.
Contact Firefly support for further assistance.
Workflows and Guardrails Issues
Blocked Terraform Plans by Guardrails
Q: A Terraform plan is being blocked by a guardrail in Firefly, but I believe the change is okay.
Resolution options:
Override (if available):
Go to Workflows > Workspaces and select the blocked run.
Use the Override option (requires appropriate permissions).
Adjust the change:
Review the policy violation message.
Modify your Terraform code to comply.
Common fixes: add required tags, enable encryption, adjust resource sizes.
Update the policy:
Go to Workflows > Guardrails and select the guardrail.
Click on the Edit button.
Update the policy to your needs.
Click on the Save button.
Pro tip: Use violation remediation to quickly fix compliance issues rather than bypassing guardrails.
Endpoint Availability
Q: What happens to my run if Firefly's endpoint is unavailable?
Behavior during outages:
CI/CD pipeline execution continues normally.
Infrastructure changes are applied as usual.
Deployment updates and logs won't appear in Firefly dashboard.
Status tracking resumes once endpoint is accessible.
Recommendations:
Configure
fireflyci
to not block pipelines on Firefly errors.Monitor Firefly's status page for service updates.
Slow or Stuck Workflows
Q: My Firefly workflow is running slowly or appears stuck.
Common causes and solutions:
Large plan files:
Break down large Terraform configurations.
Use targeted applies when possible.
Network connectivity:
Check firewall rules for Firefly endpoints.
Verify DNS resolution.
Test connectivity from CI/CD environment.
Resource contention:
Check for concurrent workflows.
Review resource limits in CI/CD system.
Workflow configuration:
Verify workflow triggers are correct.
Review timeout settings.
For more information, check the Workflows CI/CD integration guide.
General Troubleshooting Tips
Getting Help
Check Firefly Status:
Visit Firefly's status page for known issues.
Check maintenance windows and scheduled updates.
Gather Information:
Screenshot error messages.
Collect relevant logs from CI/CD systems.
Note timing of issues (when they started).
Contact Support:
Use the in-app support chat.
Email support with detailed context.
Include account information and affected resources.
For more information, check the contacting support guide.
Last updated
Was this helpful?