Skip to content

Managing Wallarm using Terraform

If you use Terraform to manage your infrastructures, that may be a comfortable option for you to use it for managing Wallarm. The Wallarm provider for Terraform allows doing so.

Requirements

  • Knowing the Terraform basics

  • Terraform 0.15.5 binary or higher

  • Wallarm account in the US Cloud or EU Cloud

  • Access to the account with the Administrator role in Wallarm Console in the US or EU Cloud

  • Access to https://us1.api.wallarm.com if working with US Wallarm Cloud or to https://api.wallarm.com if working with EU Wallarm Cloud. Please ensure the access is not blocked by a firewall

Installing provider

  1. Copy and paste into your Terraform configuration:

    terraform {
  required_version = ">= 0.15.5"

  required_providers {
    wallarm = {
      source = "wallarm/wallarm"
      version = "1.3.1"
    }
  }
}

provider "wallarm" {
  # Configuration options
}

  2. Run terraform init.

Connecting provider to your Wallarm account

To connect Wallarm Terraform provider to your Wallarm account in the US or EU Cloud, set API access credentials in your Terraform configuration:

provider "wallarm" {
  api_token = "<WALLARM_API_TOKEN>"
  api_host = "https://us1.api.wallarm.com"
  # Required only when multitenancy feature is used:
  # client_id = <CLIENT_ID>
}

provider "wallarm" {
  api_token = "<WALLARM_API_TOKEN>"
  api_host = "https://api.wallarm.com"
  # Required only when multitenancy feature is used:
  # client_id = <CLIENT_ID>
}

  • <WALLARM_API_TOKEN> allows to access API of your Wallarm account. How to get it →

  • <CLIENT_ID> is ID of tenant (client); required only when multitenancy feature is used. Take id (not uuid) as described here.

See details in the Wallarm provider documentation.

Managing Wallarm with provider

With the Wallarm provider, via Terraform you can manage:

Wallarm Terraform provider and CDN nodes

Currently CDN nodes cannot be managed via the Wallarm Terraform provider.

See how to perform the listed operations in the Wallarm provider documentation.

Usage example

Below is an example of Terraform configuration for Wallarm:

provider "wallarm" {
  api_token = "<WALLARM_API_TOKEN>"
  api_host = "https://us1.api.wallarm.com"
}

resource "wallarm_global_mode" "global_block" {
  waf_mode = "default"
}

resource "wallarm_application" "tf_app" {
  name = "Terraform Application 001"
  app_id = 42
}

resource "wallarm_rule_mode" "tiredful_api_mode" {
  mode =  "monitoring"

  action {
    point = {
      instance = 42
    }
  }

  action {
    type = "regex"
    point = {
      scheme = "https"
    }
  }
}

Save the configuration file, then perform terraform apply.

The configuration does the following:

  • Connects to the US Cloud → company account with the provided Wallarm API token.

  • resource "wallarm_global_mode" "global_block" → sets global filtration mode to Local settings (default) which means the filtration mode is controlled locally on each node.

  • resource "wallarm_application" "tf_app" → creates application named Terraform Application 001 with ID 42.

  • resource "wallarm_rule_mode" "tiredful_api_mode" → creates rule that sets traffic filtration mode to Monitoring for all the requests sent via HTTPS protocol to the application with ID 42.

Further information about Wallarm and Terraform

Terraform supports a number of integrations (providers) and ready-to-use configurations (modules) available to users via the public registry, populated by a number of vendors.

To this registry, Wallarm published:

  • The Wallarm provider for managing Wallarm via Terraform. Described in the current article.

  • The Wallarm module to deploy the node to AWS from the Terraform-compatible environment.

These two are independent tools used for different purposes. One is not required to use another.