Managing Wallarm using Terraform¶
If you use Terraform to manage your infrastructures, that may be a comfortable option for you to use it for managing Wallarm. The Wallarm provider for Terraform allows doing so.
Prerequisites¶
-
Knowing the Terraform basics
-
Terraform 0.15.5 binary or higher
-
Access to the account with the Administrator role in Wallarm Console in the US or EU Cloud
-
Access to
https://us1.api.wallarm.com
if working with US Wallarm Cloud or tohttps://api.wallarm.com
if working with EU Wallarm Cloud. Please ensure the access is not blocked by a firewall
Installing provider¶
-
Copy and paste into your Terraform configuration:
-
Run
terraform init
.
Connecting provider to your Wallarm account¶
To connect Wallarm Terraform provider to your Wallarm account in the US or EU Cloud, set API access credentials in your Terraform configuration:
-
<UUID>
and<SECRET_KEY>
are credentials to access API of your Wallarm account. How to get them → -
<CLIENT_ID>
is ID of tenant (client); required only when multitenancy feature is used. Takeid
(notuuid
) as described here.
See details in the Wallarm provider documentation.
Managing Wallarm with provider¶
With the Wallarm provider, via Terraform you can manage:
-
Nodes in your account
-
Global filtration mode
-
Scanner scope
Wallarm Terraform provider and CDN nodes
Currently CDN nodes cannot be managed via the Wallarm Terraform provider.
See how to perform the listed operations in the Wallarm provider documentation.
Usage example¶
Below is an example of Terraform configuration for Wallarm:
provider "wallarm" {
api_uuid = "<UUID>"
api_secret = "<SECRET_KEY>"
api_host = "https://us1.api.wallarm.com"
}
resource "wallarm_global_mode" "global_block" {
waf_mode = "default"
}
resource "wallarm_application" "tf_app" {
name = "Terraform Application 001"
app_id = 42
}
resource "wallarm_rule_mode" "tiredful_api_mode" {
mode = "monitoring"
action {
point = {
instance = 42
}
}
action {
type = "regex"
point = {
scheme = "https"
}
}
}
Save the configuration file, then perform terraform apply
.
The configuration does the following:
-
Connects to the US Cloud → company account with the
<UUID>
and<SECRET_KEY>
API credentials. -
resource "wallarm_global_mode" "global_block"
→ sets global filtration mode toLocal settings (default)
which means the filtration mode is controlled locally on each node. -
resource "wallarm_application" "tf_app"
→ creates application namedTerraform Application 001
with ID42
. -
resource "wallarm_rule_mode" "tiredful_api_mode"
→ creates rule that sets traffic filtration mode toMonitoring
for all the requests sent via HTTPS protocol to the application with ID42
.