The Cloud Platform Blindspot: Understanding IaC Coverage

The world of cloud infrastructure is ever-evolving, and as Cloud Platform Engineers and DevOps professionals, we know that leveraging Infrastructure-as-Code (IaC) solutions like Terraform and CloudFormation is no longer just an option but a necessity. However, there's an underrated metric that most cloud providers don't give you: IaC Coverage.

What is IaC Coverage?

IaC Coverage is the percentage of the cloud resources that are managed through IaC out of the total number of cloud resources. For example, if I have 100 cloud resources, and 62 of them are managed by Terraform, my IaC coverage is 62%. It shows the ratio of cloud resources managed through IaC to those created manually, often via the cloud UI console (also known as "ClickOps"). The IaC coverage offers a precise snapshot of how automated and streamlined your cloud environment is.

The Problem of Partial Coverage

Cloud providers don't offer visibility into this metric. You could have 60% of your resources managed by Terraform, CloudFormation, and a few by Crossplane, but what about the remaining 40%? That lack of complete visibility poses risks and efficiency issues.

Getting near 100% IaC managed resources is a best practice for many reasons, including:

  • Scalability: 100% IaC means your infrastructure can scale without manual intervention.
  • Compliance and Security: Consistent configurations reduce risk.
  • Maintenance: It simplifies the ongoing maintenance of cloud resources.
  • Version Control: IaC allows for version-controllable infrastructure.
  • Disaster Recovery: If the entire infrastructure is codified, it’s possible to restore or replicate it to a new site/region. 
  • Consistency.

Why IaC Orchestrations Is Not Enough

While IaC tools like CloudFormation, Terraform, Pulumi, and others are excellent for provisioning infrastructure, they can’t measure the total IaC coverage in your cloud. On the other hand, CSPs like AWS, Azure, and GCP can list the entire cloud resources but don’t have IaC context, hence also missing this critical metric for cloud control.

The Firefly Solution

For those seeking an all-in-one solution for this challenge, Firefly can bridge this gap. Not only does it offer asset inventory that displays all resources and their configurations, but it also categorizes them based on their IaC status. Are they codified with Terraform or CloudFormation? Are they created by a K8s controller? Are they drifted or unmanaged? With Firefly, you gain complete visibility.

Accelerate IaC Adoption with Firefly

Firefly not only provides the metrics but also automatically codifies the unmanaged, ClickOps part of your cloud. With Firefly, you can confidently accelerate your IaC adoption and aim for 100% IaC Coverage, making your cloud infrastructure more robust, secure, and scalable.


It's time we shifted our focus to not just implementing IaC, but optimizing it for full coverage. Understanding the gaps in your IaC coverage can help you prioritize your IaC efforts and improve reliability of your cloud infrastructure through more comprehensive cloud governance.