Skip to content


  1. Terraform installed on a server will be used to run Terraform commands. Visit Terraform documentation on how to install Terraform
  2. GCP account with permission to create service accounts
  3. Ensure the following cloud service's API is enabled in the GCP project. Visit Valtix Getting Started page on how to enable these services.

    • Secret Manager API
    • Compute API
    • IAM API
    • Cloud Resource Manager API
  4. This lab example will be run inside the us-central1 region

  5. SSH key pair used for login to your compute instance

    • To generate SSH key for GCP compute instance, follow this documentation
  6. Add the SSH key pair to project metadata. Below gives an overview of the steps. For more details visit GCP documentation

    1. From the Google Cloud console, go to the Metadata page
    2. Click on Edit, then click on Add item. A text box opens.
    3. Add your public key generated in step 3 into the text box
    4. Click Save
  7. Create a Service Account. Please refer to GCP documentation for more details

    1. Note that this Service Account is used to create necessary component to onboard GCP projects onto Valtix Platform. As part of initial setup, this service account will create 2 additional service accounts, one for Valtix Controller and one for Valtix Gateway. Upon onboarding, most actions will be performed using Valtix Controller role.
    2. Below shows the steps to create the Service Account for the purpose of this tutorial

      1. Search for "Service Account" at the top search bar in Google Cloud console.
      3. Enter Service account details
      4. Grant the following roles to this service account

        • Service Account Admin
        • Security Admin
        • Compute Admin
      5. Save the service account credential file. This is needed for this workshop.

  8. Clone the GCP-workshop repository. Visit Github documentation on how to clone repository.

    • The repository will contain 2 folders: sample_app and valtix-tutorial
    • "sample_app" contains Terraform template to deploy sample app to be used in this workshop
    • "valtix-tutorial" contains the Terraform template to deploy Valtix security to protect the sample application.
  9. Deploy the sample application in the GCP account. This will be referred to as "spoke".

    1. Navigate to GCP-workshop/sample_app directory that was cloned in previous step
    2. This Terraform template deploys a compute instance in a subnet in the us-central1 region
    3. Copy your service account credential file into sample_app folder
    4. Modify the variables in terraform.tfvars file

      Parameter Description
      service_account This is the service account credentials that you downloaded in step 5. This should be a .json file.
      execution_server_ip This is the public IP address of the machine you will use to login to the compute instance from. If you are running everything on your laptop, this would be your laptop's public IP address
      gcp_project_id This value can be found in your service account credentials.
    5. Execute terraform init

    6. Execute terraform plan
    7. Execute terraform apply
  10. A login to Valtix Controller Portal. To obtain an account to Valtix Controller, sign up for our Free Tier

  11. Generate Valtix API key.

    1. Login to Valtix Controller Portal.
    2. If account setup screen pops up, click on "Skip, I will add it later" to skip the account onboarding. (This will be done through Terraform in this tutorial)
    3. Click on ADMINISTRATION tab on the top right
    4. Click on API Keys, then click on Create API Key button
    5. Enter a name and for Role, select admin_rw
    6. Save the API key. This will be used in tutorial to run operations in Terraform.
  12. Copy Service Account credentials and Valtix API key to GCP-workshop/gcp-tutorial folder