Why a Cloud Asset Management Platform?

With ever expanding cloud environments, having visiblity for and control of cloud assets is not a trivial task to perform manually. A series of offerings exist to automate this problem, providing functionality to at least:

• Detect infrastructure drifts from IaC configuration
• Codify cloud resources currently not managed by Terraform
• Identify cloud costs
• Surface potential security risks

Let’s evaluate the pros and cons of available offerings and see which is right for you.

Firefly

Firefly is a SaaS, infrastructre as code (IaC)-based asset management platform that specializes in cloud-codification, drift detection, AI generated-policy applications and more.

Pros:

• Supports not just Terraform, but many other IaC tools like Cloud Formation, Pulumi, K8s manifests, etc.
• Deepest set of integrations for codifying SaaS providers, integrated with different version control systems.
• As fast as possible, SaaS start-up time for integrating your environment into their platform.
• Highly responsive and feature-rich user interface for visualizing the state of cloud resources.
• Support for policy-as code application and AI-based policy-as-code generation.

Cons:

• Requires giving SaaS solution read-only cloud access as well as access to IaC state files
• Pricey. Full cloud coverage for a larger organization will quickly eclipse $3,000 / month
• No self-hosted option
• Developer must use new, separate tools to view the cloud status on a day to day basis

ControlMonkey

ControlMonkey is a SaaS, Terraform-based cloud management platform that provides a GitOps CI/CD workflow for Terraform deployments, cloud-codification, drift detection, and more.

Pros:

• Integrates a Terraform deployment pipeline into the cloud asset management component of the platform
• Highly responsive and feature-rich user interface for visualizing the state of cloud resources.
• Supports auditing of cloud resources for SOC2 compliance.

Cons:

• Requires giving SaaS-version of the solution read-only cloud access as well as access to IaC state files
• Pricey. Full cloud coverage for a larger organization that wants self-hosted runners will quickly eclipse $4,000 / month
• Only supports AWS as a cloud provider, and Terraform as an IaC tool
• Developer must use new, separate tools to view the cloud status on a day to day basis

cloud-concierge

cloud-concierge is an open source tool that scans your cloud environment and performs drift detection, cloud codification, security scanning and cost estimation on your entire cloud. It delivers identified results as a Pull Request within the user’s Version Control System. It can be managed at scale and supports cloud asset visualization within the dragondrop.cloud management platform.

Pros:

• Open source project under the Apache 2.0 license. Can be run locally in ~5 min, within a CI/CD pipeline, or anywhere else that supports containers.
• Best security posture; all-tiers of the managed offering, including the free tier, use self-hosted runners and anonymized cloud posture data sharing with the web-application.
• Only solution to support AWS, GCP, and Azure.
• Developers interact with the tool regularly where they already are working: their version control system.
• Similar drift detection, cloud codification, and visualization capabilities provided at ~1/10th the cost of alternatives.

Cons:

• Managed offering provides a more sparse asset visualization platform than alternatives due to a more-isolated cloud-scanning agent
• Slightly longer onboarding to managed offering vs alternatives (~15 min vs. ~5 min)
• Only supports Terraform as an IaC tool.
• Does integrate and provide codification for other third-party SaaS tools

Tale of the Tape

If you need support for more IaC tools besides Terraform, than Firefly is the clear winner.

If all in on Terraform, however, the choice may be more nuanced. From both a security, cloud-concierge comes out on top, being an open source container that is self-hosted even in the managed offering that accompanies the OSS version. From a pricing perspective, the managed platform for cloud-concierge comes at roughly ~1/th the cost of ControlMonkey and Firefly, despite having similar features.

Of course, for those desiring the most feature rich web-app and a fully SaaS onboarding experience, and who don’t mind the higher price tag, Firefly is likely the better option over ControlMonkey; it simply has a much deeper set of integrations.

—

dragondrop.cloud’s mission is to automate developer best practices while working with Infrastructure as Code. Our flagship OSS product, cloud-concierge, allows developers to codify their cloud, detect drift, estimate cloud costs and security risks, and more — while delivering the results via a Pull Request. For enterprises running cloud-concierge at scale, we provide a management platform. To learn more, schedule a demo or get started today!

Learn More About Terraform