Skip to content


  1. Terraform installed on an execution server. This execution server will be used to run Terraform commands. Visit Terraform documentation on how to install Terraform
  2. GCP account with access to create service account.
  3. Ensure the following cloud service's API is enabled in the GCP project. Visit Valtix Getting Started page on how to enable these services.

    • Secret Manager API
    • Compute API
    • IAM API
    • Cloud Resource Manager API
  4. This lab is assumed to run on region us-central1

  5. SSH key pair. This will be used to login to your compute instance

    • To generate SSH key for GCP compute instance, follow this documentation
  6. Create a Service Account. Below gives the steps to create Service Account for the purpose of this workshop. Please refer to GCP documentation for more details

    • Search for Service Account at the top search bar in Google Cloud console.
    • Enter Service account details.
    • Grant owner role to this service account.
    • Save the service account credential file. This is needed for this workshop.
  7. Add SSH key pair to project metadata. Below gives an overview of the steps. For more details visit GCP documentation

    • From the Google Cloud console, go to the Metadata page
    • Click Edit
    • Click Add item. A text box opens.
    • Add your public key generated in step 3 in the text box
    • Click Save
  8. Clone the GCP-workshop repository. Visit Github documentation on how to clone repository.

    • The respository will contain 2 folders: sample_app and valtix-tutorial
    • "sample_app" contains Terraform template to deploy sample app to be used in this workshop
    • "valtix-tutorial" contains the Terraform template to deploy valtix security to protect the sample application.
  9. Deploy sample application in GCP account. This will be referred to as spoke.

    • Naviate to GCP-workshop/sample_app directory that was cloned in previous step.
    • This Terraform template deploys a compute instance in a subnet in us-central1 region.
    • Copy your service account credential file into sample_app folder
    • Modify the variables in terraform.tfvars file

      Parameter Description
      service_account This is the service account credentials that you downloaded in step 5. This should be a .json file.
      execution_server_ip This is the public IP of the server you will use to login to the compute instance. If you are running everything on your laptop, this would be your laptop public IP (home IP)
      gcp_project_id This value can be found in your service account credentials.
    • Execute terraform init

    • Execute terraform plan
    • Execute terraform apply
  10. A login to Valtix Controller Portal. To obtain an account to Valtix Controller, sign up for our Free Tier

  11. Generate Valtix API key.

    • Login to Valtix Controller Portal.
    • If account setup screen pops up, click on "Skip, I will add it later" to skip the account onboarding. (This will be done through Terraform in this tutorial)
    • Click on ADMINISTRATION tab on the top right
    • Click on API Keys.
    • Click on Create API Key button.
    • Enter a name and for Role, select admin_rw.
    • Save the API key. This will be used in tutorial to run operations in Terraform.
  12. Copy Service Account credentials and Valtix API key to GCP-workshop/gcp-tutorial folder.