Skip to content

Managing Wallarm using Terraform

If you use Terraform to manage your infrastructures, that may be a comfortable option for you to use it for managing Wallarm. The Wallarm provider for Terraform allows doing so.

Prerequisites

  • Knowing the Terraform basics

  • Terraform 0.15.5 binary or higher

  • Wallarm account in the US Cloud or EU Cloud

  • Access to the account with the Administrator role in Wallarm Console in the US or EU Cloud

  • Access to https://us1.api.wallarm.com if working with US Wallarm Cloud or to https://api.wallarm.com if working with EU Wallarm Cloud. Please ensure the access is not blocked by a firewall

Installing provider

  1. Copy and paste into your Terraform configuration:

    terraform {
  required_version = ">= 0.15.5"

  required_providers {
    wallarm = {
      source = "wallarm/wallarm"
      version = "1.0.0"
    }
  }
}

provider "wallarm" {
  # Configuration options
}

  2. Run terraform init.

Connecting provider to your Wallarm account

To connect Wallarm Terraform provider to your Wallarm account in the US or EU Cloud, set API access credentials in your Terraform configuration:

provider "wallarm" {
  api_uuid = "<UUID>"
  api_secret = "<SECRET_KEY>"
  api_host = "https://us1.api.wallarm.com"
  # Required only when multitenancy feature is used:
  # client_id = <CLIENT_ID>
}

provider "wallarm" {
  api_uuid = "<UUID>"
  api_secret = "<SECRET_KEY>"
  api_host = "https://api.wallarm.com"
  # Required only when multitenancy feature is used:
  # client_id = <CLIENT_ID>
}

  • <UUID> and <SECRET_KEY> are credentials to access API of your Wallarm account. How to get them →

  • <CLIENT_ID> is ID of tenant (client); required only when multitenancy feature is used. Take id (not uuid) as described here.

See details in the Wallarm provider documentation.

Managing Wallarm with provider

With the Wallarm provider, via Terraform you can manage:

Wallarm Terraform provider and CDN nodes

Currently CDN nodes cannot be managed via the Wallarm Terraform provider.

See how to perform the listed operations in the Wallarm provider documentation.

Usage example

Below is an example of Terraform configuration for Wallarm:

provider "wallarm" {
  api_uuid = "<UUID>"
  api_secret = "<SECRET_KEY>"
  api_host = "https://us1.api.wallarm.com"
}

resource "wallarm_global_mode" "global_block" {
  waf_mode = "default"
}

resource "wallarm_application" "tf_app" {
  name = "Terraform Application 001"
  app_id = 42
}

resource "wallarm_rule_mode" "tiredful_api_mode" {
  mode =  "monitoring"

  action {
    point = {
      instance = 42
    }
  }

  action {
    type = "regex"
    point = {
      scheme = "https"
    }
  }
}

Save the configuration file, then perform terraform apply.

The configuration does the following:

  • Connects to the US Cloud → company account with the <UUID> and <SECRET_KEY> API credentials.

  • resource "wallarm_global_mode" "global_block" → sets global filtration mode to Local settings (default) which means the filtration mode is controlled locally on each node.

  • resource "wallarm_application" "tf_app" → creates application named Terraform Application 001 with ID 42.

  • resource "wallarm_rule_mode" "tiredful_api_mode" → creates rule that sets traffic filtration mode to Monitoring for all the requests sent via HTTPS protocol to the application with ID 42.