The journey: From cloud complexity to codified excellence

This global health research organization operates one of the most sophisticated cloud infrastructures in the nonprofit sector. With 17 AWS accounts, Azure environments, and over 300 GitHub repositories containing infrastructure code, they represent the complexity that comes with large-scale cloud operations and a 7-year IaC journey.

Despite this maturity, achieving complete visibility and 100% codification remained elusive, until Firefly transformed their approach to enterprise cloud infrastructure management.

Their goals?

  • To ensure that 100% of their infrastructure is managed as code, primarily using Terraform, across all their AWS and Azure accounts, and in turn, ensure prod is DR-ready
  • Ensure tagging compliance on all resources
  • Identify and set up notifications for unmanaged resources and codify those into Terraform

The organization’s lead Cloud Architect explains:

“Most importantly, we wanted all our resources in Terraform. The ideal scenario was to be fully codified and fully compliant, so we can potentially migrate resources and configurations for disaster recovery as needed, if we ever had to rebuild or spin the code back up. Firefly was the key to that.“

But to understand where they wanted to go and why, it’s important to understand where the team started, and what challenges frustrated them day in and day out.

How infrastructure blind spots and team skill gaps threatened cloud governance at scale

Even with IaC practices dating back to2017, the organization faced challenges that many enterprise organizations struggle with: incomplete codification, limited visibility, and the constant threat of configuration drift.

At first, the team implemented a restrictive approach, where console access was only granted with read-only access, and CLI access was the key to full permissions. The thought process behind it was to try and force everyone to use IaC. But that just created blind spots.

1. The visibility problem was systemic and widespread

  • Manual Clickops bypassed their established Terraform workflows
  • Incomplete configurations lingered, where critical components like role attachments were forgotten
  • Azure environments were managed by application teams with limited Terraform expertise
  • No unified view existed across their 17 AWS accounts and growing multi-cloud footprint

2. Team adoption barriers compounded the existing technical challenges

The organization needed to bridge the gap between their platform team's expertise and application teams' needs.

One Cloud Engineer at the global healthcare organization, explains:

"What we wanted to achieve with having more of our resources codified in Terraform was first, for visibility and control — but also to improve the collaboration across our teams. We needed one overall view of our estate for not only the cloud team, but also the infra team, the network team, etc. Teams who we didn’t originally plan for are now using Firefly, too."

3.They needed consistent tagging for cost allocation, and often had difficulty tracking and enforcing infrastructure standards

With Firefly, the team was able to implement CI workflows for:

  • Cost reporting integration
  • Guardrails for tagging compliance
  • Automated checks for infrastructure standards (like policies customized to search for live cloud resources that don't have the internally-required tags)

Now, Firefly provides an extra layer of governance checks and more information than the team would otherwise have about their cloud, and what it’s costing them. Tight guardrails let the team enforce tagging coverage or avoid policy violations before anything’s deployed. Plus, they have custom policies and alerts set up so they maintain that good posture.

Using Firefly to eliminate cloud blind spots, fight drift, and accelerate enterprise-wide IaC adoption

Why Firefly? From the initial discovery of the platform, the global healthcare organization’s cloud team fell in love at first demo. In their own words?

“What sets Firefly apart is the ability to quickly identify unmanaged resources you need to codify, and help codify them — plus to detect and remediate drift easily. That all used to be manual. And no other platform caught our eye on that front, because no one else could do it all.”

Doing it all, for this team, included:

  • Streamlined code generation that could happen with AI, and in just a few clicks
  • Workflow integration (by just copying and pasting, like from the Firefly console into your IDE of choice)
  • Proactive governance through intelligent monitoring (Think: ClickOps alerts and ClickOps Blame functionality)
  • A fully codified cloud as the backbone of disaster recovery enablement

What's next? Scaling success across the enterprise means expansion

With proven results driving confidence, this industry-leading organization is expanding their Firefly investment further, having requested a trial for 12 additional AWS accounts, and recognizing the platform's value for their infrastructure and their highly collaborative teams.

Their current expansion goals include:

  1. 100% infrastructure as code across all AWS and Azure environment
  2. Disaster recovery readiness through complete cloud codification
  3. Cost optimization through automated tagging compliance and governance
  4. Enterprise-wide adoption across all cloud-managing teams

Why invest further, and why now? Because the trust has been established, the power of the platform is clear, and the possibilities are endless.

"With Firefly, we’ve simplified and sped up deployment, and automated the codification of our cloud resources. Now, when we deploy new resources, we're not worried about missing pieces, because we know Firefly will catch them."

–Cloud Engineer at Leading Healthcare Research Organization