What does Figgy deploy?#
Figgy is a lot more than just a CLI, it's part of a larger config management ecosystem that must be deployed across your AWS accounts. Since you should never take provisioning resources in your AWS accounts lightly, we will discuss exactly what to expect when deploying Figgy into your environment.
Below is a diagram of the entire Figgy Ecosystem. You will see OKTA, Google, and AWS as Identity Providers in this diagram; however, depending on your configuration, two of those will not exist for your deployment.
Your ecosystem depends on how you configure Figgy. Every Figgy deployment will require the following resources to be provisioned in each integrated AWS account. As always, you can and should look over the Terraform code in our public repository to see what to expect. You can find it here: Figgy Infrastructure Code
Resources required for Figgy operation:#
- 6 AWS Lambdas
- 3 AWS DynamoDB Tables
- AWS Cloudwatch Log Groups
- AWS IAM Roles & Polices required by the above Lambdas
- Figgy-specific ParameterStore parameters stored under the
Other resources based on your configuration options:
- AWS IAM Roles
- AWS IAM Policies
- AWS KMS Keys
For Google & OKTA SSO Configurations:
- 1 trusted Identity Provider - you will need to provide the IDP metadata
For OKTA Integrations:
- 1 (Optional) AWS IAM User
For the following, you can provide these resources or the Figgy can do it:
- 1 AWS S3 Bucket for Figgy Lambdas to be deployed to
- AWS Cloudtrail must be enabled - Cloudtrail events are the backbone of Figgy's event pipeline
Figgy is designed to protect your sensitive applications and secrets. All Figgy resources are provisioned with a focus on minimum privilege.
Figgy optional anonymous usage data collection#
In order to provide the best Figgy experience, users can optionally enable anonymous usage data collection. This is entirely optional and can be defaulted to off.
The data collected is the following:
- Current installed Figgy Version
- Command types run: [get, put, delete, sync, etc], and the # of times each command has been run.
- A random GUUID associated with your user. No personal data is collected.
The data is cached in a file at this location:
~/.figgy/cache/other/usage-metrics-cache.json. Feel free to take a look.
The data is reported to
You can find the code for usage tracking here: Anonymouse Usage Tracking