Firefly Website

Managing Policies & Insights

Policies that improve the configuration of your assets to increase performance, usefulness, and security. Use Firefly's built-in insights or create your own.

Insights are policies created by the Open Policy Agent (OPA) Rego language. Rego is a declarative language used to define rules and constraints for policy evaluation. OPA provides the platform to write complex policies to identify anomalies, misconfigurations, and poor practices. Firefly uses OPA to identify insights on your assets.

Built-in insights (By Firefly)

After integrating your data source(s), Firefly scans your assets and discovers built-in insights and categorizes them into three types:

  • Optimization: Reduce costs and eliminate waste

  • Reliability: Increase reliability, throughput, performance, and eliminate the risk of downtime

  • Misconfiguration: Reduce the attack surface and increase security

Custom insights

Policies you create using the Rego language to monitor and improve the configuration of your assets.

Creating custom insights

  1. Select Insights > Add Custom.

  2. Enter a descriptive name in the Name field.

  3. Select a category or create a new one.

    • If using AI, select only one data source and asset type.

  4. Select the data source(s).

  5. Select the asset type(s).

  6. Enter a description in the Describe your rule field. For example:

    • instance of type in t family

    • instance has instance_state stopped

    • Auto Scaling Groups with a single AZ

    • elastic ip that have empty association_id

  • (Optional) Select Generate using AI.

  • Select an asset and use the INPUT SCHEMA to construct your rule in the Firefly Rego Playground.

    • The configuration in the Rego Playground must contain the Firefly keyword: firefly { }.This keyword determines whether the asset matches the rule.

    • In the expression, input represents an asset. To access an asset attribute, write input.the attribute name. For example:

      • input.instance_type == "t2.micro"

    • The Rego language supports Regex expressions and conditionals.

    • The code in the Rego Playground must contain conditions that result in a Boolean value. These conditions determine whether the asset matches the rule.

  1. To view the assets that match your rule from the Rego code you created, select Evaluate.

    • SELECT ASSET: scope of assets according to your selection in the Insight Details.

    • INPUT SCHEMA: configuration of the rule you created.

    • MATCHING RESULTS: assets that match your rule.

  2. Select Create when the MATCHING RESULTS section displays the assets you want included in your rule.

Troubleshooting

If the assets that are supposed to match the rule you created are not displayed in the MATCHING RESULTS section:

  • To improve your rule, examine the code from the INPUT SCHEMA . Verify that all attributes match the schema described in the INPUT SCHEMA.

  • Copy one of the input assets, and use the Rego Playground to troubleshoot until your code is correct.

If the rule you created does not contain any MATCHING RESULTS:

Change the scope of the data source and asset you selected in the Insight Details above.

If when I select Evaluate I receive the following error message, Could not test the Rego expression, make sure the syntax is valid.

Try selecting a different asset or adjusting the rule in the Rego Playground.

Insights table

View the details below for assets that match the insight you selected:

TitleDescription

Data source

Integrated cloud or SaaS provider

Type

Type of service or object provided

Name

Name the provider gives to the asset

Location

Region (AWS), Namespace (K8s)

IaC Status

How the actual asset compares to the IaC state file of the asset

Properties

Characteristics of the asset as currently configured

Flags

Asset properties identified by Firefly

Created on

When the asset was created

Jump to Console

Opens the AWS console to view your resource

Receiving notifications

Receive a notification when an asset matches a specific Insight.

Procedure

  1. On the Insight card, select the edit icon.

  2. At the bottom of the window, under Notifications, select to where to send a notification when a new asset matches the Insight.

  3. Select Update.

Implementing recommendations

Firefly generates the necessary code to implement enhancements to your AWS assets as suggested by Firefly. Run this code in your AWS CLI, and the desired modifications are carried out automatically.

Procedure

  1. Select Recommendation.

  2. Copy and run the commands in your AWS CLI.

PreviousManaging notificationsNextManaging cloud policies

Last updated