Terraform¶
Valtix customers can use the Terraform Provider to: discover - onboard public cloud accounts, gain continuous asset visibility and detect indicators of compromise (IoC); deploy - Valtix Gateways to protect ingress, egress and east-west traffic; and defend - with multi-cloud (AWS, Azure, GCP, OCI) dynamic policies with continuously discovered cloud assets.
The Valtix Terraform Provider is a “Verified” provider available from the Terraform Registry. Customers can now use the Terraform Provider for Valtix to bake security into their operations, i.e. on-board their cloud accounts into Valtix, deploy Valtix Gateways and specify security policies to protect against ingress attacks from the Internet (WAF, IDS/IPS, Geo-IP), stop exfiltration on egress traffic (TLS decryption, IDS/IPS, AV, DLP, FQDN/URL filtering), and prevent east-west attacks between VPCs/VNets. The security policies can be specified based on cloud asset tags (e.g., “dev”, “test”, “prod”, “pci”, “web”, “app1” etc.)
For more information, refer to:
- Download the Terraform Provider for Valtix
- Documentation
- Examples in GitHub
- Valtix Blog on Terraform
Terraform Repository¶
| Use case | Description | Github Repository |
|---|---|---|
| AWS onboarding | This is for onboarding AWS account using Terraform. | Github Repo |
| AWS discovery CFT | This CFT deployment will include all necessary privileges needed to use Valtix's discovery feature. For full feature set, please use the in product CFT. | Github Repo |
| AWS discovery | This is for onboarding AWS account for discovery only mode using Terraform. | Github Repo |
| Azure onboarding | This is for onboarding Azure Subscription using Terraform. | Github Repo |
| GCP onboarding | This is for onboarding GCP project using Terraform. | Github Repo |
Exporting Configuration as Terraform Block¶
Customers can export security profiles into Terraform resource blocks from Valtix Controller. To export configuration into Terraform block, navigate and select the intended security profile and click on "Export" button. This will download a file that has the Terraform block for the selected object/security profile.
All objects and profiles support Terraform export with the exception of:
- Gateways
- Service VPCs/VNets
- Diagnostics