Skip to content


Valtix customers can use the Terraform Provider to: discover - onboard public cloud accounts, gain continuous asset visibility and detect indicators of compromise (IoC); deploy - Valtix Gateways to protect ingress, egress and east-west traffic; and defend - with multi-cloud (AWS, Azure, GCP, OCI) dynamic policies with continuously discovered cloud assets.

The Valtix Terraform Provider is a “Verified” provider available from the Terraform Registry. Customers can now use the Terraform Provider for Valtix to bake security into their operations, i.e. on-board their cloud accounts into Valtix, deploy Valtix Gateways and specify security policies to protect against ingress attacks from the Internet (WAF, IDS/IPS, Geo-IP), stop exfiltration on egress traffic (TLS decryption, IDS/IPS, AV, DLP, FQDN/URL filtering), and prevent east-west attacks between VPCs/VNets. The security policies can be specified based on cloud asset tags (e.g., “dev”, “test”, “prod”, “pci”, “web”, “app1” etc.)

For more information, refer to:

Terraform Repository

Use case Description Github Repository
AWS onboarding This is for onboarding AWS account using Terraform. Github Repo
AWS discovery CFT This CFT deployment will include all necessary privileges needed to use Valtix's discovery feature. For full feature set, please use the in product CFT. Github Repo
AWS discovery This is for onboarding AWS account for discovery only mode using Terraform. Github Repo
Azure onboarding This is for onboarding Azure Subscription using Terraform. Github Repo
GCP onboarding This is for onboarding GCP project using Terraform. Github Repo

Exporting Configuration as Terraform Block

Customers can export security profiles into Terraform resource blocks from Valtix Controller. To export configuration into Terraform block, navigate and select the intended security profile and click on "Export" button. This will download a file that has the Terraform block for the selected object/security profile.

All objects and profiles support Terraform export with the exception of:

  • Gateways
  • Service VPCs/VNets
  • Diagnostics