Workflows
Streamline Terraform deployments in your CI/CD pipelines.
Firefly Workflows is a powerful tool used to deploy Terraform within your CI/CD pipelines. Our documentation provides comprehensive guidance on creating and customizing workflows, in addition to integrating with existing pipelines.
Determining which type of workflow to integrate
The decision between creating a new workflow or integrating into an existing one depends on the specific requirements and structure of your project and CI/CD environment.
Managed workflows
Create a new workflow in Firefly when you need to establish a dedicated deployment process for a specific project or task. Ideal for:
Simplifying the setup and management of CI/CD pipelines
Automating Terraform deployments
Integrate into existing CI pipelines
This method is only for visualization and monitoring of your current deployment processes, improving efficiency and visibility without causing disruption to your existing workflow setup.
Creating Firefly workflows
To automate the deployment of your Terraform code, use our wizard to create a workflow within your CI/CD pipeline.
Each workflow corresponds to a workspace and facilitates the deployment of new resources or modifications to existing ones within your IaC stack.
For each workspace, we run
terraform plan
andapply
when making changes to your resources.Each row under Workspace represents a pull request in Git that contains your changes to the Terraform pipeline.
Creating a pull request automatically runs
terraform plan
.Merging a pull request automatically runs
terraform apply
.To edit attributes and/or modify variables, select the edit icon.
Procedure
Select Workflows > + Add New Workflow.
Select your IaC provisioning engine > Next.
Select Generate new IaC pipeline or Integrate into an existing pipeline > Next.
In the Workspace Name field, enter the name of the workspace you want to create.
Under VCS integration, select the VCS (Git) integration where you want to create the workflow.
Select the Code repository where the workspace Terraform code is located.
Select the Default branch of the repository. Merging into this branch will apply the changed workspace (e.g., main).
(Optional) Enter the Working directory of the workspace. If it's empty, the working directory will run from the root folder.
Select Next.
Enter the Terraform version used to deploy your Workspace.
(Optional) In the TFvars file path field, enter the workspace tfvars file path relative to the working directory path.
(Optional) In the Terraform environment name field, enter the Terraform workspace name of your workspace. If using the same backend for multiple environments, you can set a Terraform workspace that changes the backend path to the environment name.
(Optional) Enter non-sensitive Terraform variables.
(Optional) Enter sensitive Terraform variables.
Select Next.
(Optional) In the Self-hosted runner labels field, enter the relevant labels to run the CI/CD pipeline on self-hosted runners.
(Optional) When using the AWS profile as the AWS provider authentication, enter the AWS profile configuration .
(Optional) When using environment variables as the provider authentication, enter the Provider credentials.
Select Next > Done. Your workflow has been created.
Integrating into an existing CI pipeline
To integrate your existing Terraform deployment pipelines, use Firefly's docker.
To create a custom workflow, you must be authenticated with Firefly. To authenticate your account, procure an access key and secret key from Firefly.
Use one of the methods below to send your data to Firefly:
Pass the keys as arguments (
--access-key
and--secret-key
)Pass the keys as environment variables (
FIREFLY_ACESS_KEY
andFIREFLY_SECRET_KEY
)
Procedure
Select Create key pair.
Store the access key and secret key in your secret manager that is accessible to your CI/CD tool.
In your pipeline, add the Firefly access key and secret key as Environment Variables as
FIREFLY_ACCESS_KEY
andFIREFLY_SECRET_KEY
.Modify your
terraform plan
to include file output toplan_log.json
andplan.json
. Example:terraform plan -json -out=tf.plan > plan_log.json && terraform show -json tf.plan > plan.json
Add a new pipeline step: Firefly CI Post Plan, which runs between
terraform plan
andterraform apply
. The step should execute the docker run command below:docker run --rm -e FIREFLY_ACCESS_KEY -e FIREFLY_ACCESS_KEY -v $(pwd):/app/cicd public.ecr.aws/firefly/fireflyci:v0.2.5 post-plan -l /app/cicd/plan_log.json -f /app/cicd/plan.json -w <WORKSPACE_NAME>
-w
Workspace name displayed in Firefly, unique to this workflow for each Terraform workspace
Modify your
terraform apply
to include file output toapply_log.json
. Example:terraform apply -auto-approve -json > apply_log.json
Add a new pipeline step: Firefly CI Post Apply, which runs after
terraform apply
.This should execute the docker run command below:
docker run --rm -e FIREFLY_ACCESS_KEY -e FIREFLY_ACCESS_KEY -v $(pwd):/app/cicd public.ecr.aws/firefly/fireflyci:v0.2.5 post-apply -f /app/cicd/apply_log.json -w <WORKSPACE_NAME>
-w
Workspace name displayed in Firefly, unique to this workflow for each Terraform workspace. Use the same value you provided in step #5
Table
Each Workspace represents one IaC stack and one Firefly Workflow.
Each Workspace deploys a few assets connected to each other. They can be in multiple providers or in one provider.
To view Workspace details, select the caret.
Column | Description |
---|---|
Started at | When the Terraform plan or apply was started |
Build ID | CI/CD pipeline run ID with link |
Title | CI/CD run title |
Commit ID | Commit used to run the CI/CD pipeline |
Branch | Branch used to run the CI/CD pipeline |
Summary | Resource actions (e.g. |
Policy Violations | Summary of the violations in your Terraform plan |
Cost Est | Estimated cost adjustment in your Terraform plan or apply |
Owner | Owner of the |
Status | Whether the |
Support Matrix
Type of Workflow | CI tools | IaC type | Integration method |
---|---|---|---|
Managed by Firefly | GitHub actions | Terraform | Firefly workflow wizard |
Integrated with an existing Workflow | Any | OpenTofu, Terraform | Self-service |
FAQ
Last updated