Managing Wallarm using Terraform¶
If you use Terraform to manage your infrastructures, that may be a comfortable option for you to use it for managing Wallarm. The Wallarm provider for Terraform allows doing so.
Requirements¶
-
Knowing the Terraform basics
-
Terraform 0.15.5 binary or higher
-
Access to the account with the Administrator role in Wallarm Console in the US or EU Cloud
-
Access to
https://us1.api.wallarm.com
if working with US Wallarm Cloud or tohttps://api.wallarm.com
if working with EU Wallarm Cloud. Please ensure the access is not blocked by a firewall
Installing provider¶
-
Copy and paste into your Terraform configuration:
-
Run
terraform init
.
Connecting provider to your Wallarm account¶
To connect Wallarm Terraform provider to your Wallarm account in the US or EU Cloud, set API access credentials in your Terraform configuration:
-
<WALLARM_API_TOKEN>
allows to access API of your Wallarm account. How to get it → -
<CLIENT_ID>
is ID of tenant (client); required only when multitenancy feature is used. Takeid
(notuuid
) as described here.
See details in the Wallarm provider documentation.
Managing Wallarm with provider¶
With the Wallarm provider, via Terraform you can manage:
-
Nodes in your account
-
Global filtration mode
-
Scanner scope
Wallarm Terraform provider and CDN nodes
Currently CDN nodes cannot be managed via the Wallarm Terraform provider.
See how to perform the listed operations in the Wallarm provider documentation.
Usage example¶
Below is an example of Terraform configuration for Wallarm:
provider "wallarm" {
api_token = "<WALLARM_API_TOKEN>"
api_host = "https://us1.api.wallarm.com"
}
resource "wallarm_global_mode" "global_block" {
waf_mode = "default"
}
resource "wallarm_application" "tf_app" {
name = "Terraform Application 001"
app_id = 42
}
resource "wallarm_rule_mode" "tiredful_api_mode" {
mode = "monitoring"
action {
point = {
instance = 42
}
}
action {
type = "regex"
point = {
scheme = "https"
}
}
}
Save the configuration file, then perform terraform apply
.
The configuration does the following:
-
Connects to the US Cloud → company account with the provided Wallarm API token.
-
resource "wallarm_global_mode" "global_block"
→ sets global filtration mode toLocal settings (default)
which means the filtration mode is controlled locally on each node. -
resource "wallarm_application" "tf_app"
→ creates application namedTerraform Application 001
with ID42
. -
resource "wallarm_rule_mode" "tiredful_api_mode"
→ creates rule that sets traffic filtration mode toMonitoring
for all the requests sent via HTTPS protocol to the application with ID42
.
Further information about Wallarm and Terraform¶
Terraform supports a number of integrations (providers) and ready-to-use configurations (modules) available to users via the public registry, populated by a number of vendors.
To this registry, Wallarm published:
-
The Wallarm provider for managing Wallarm via Terraform. Described in the current article.
-
The Wallarm module to deploy the node to AWS from the Terraform-compatible environment.
These two are independent tools used for different purposes. One is not required to use another.