Infinity Next's Terraform Provider for managing CloudGuard AppSec and other Infinity Next security application using Terraform. You could read the documentation of Infinity Next here.
- Terraform v0.13+
- inext CLI - used to publish and enforce your changes made by Terraform.
-
Go to https://portal.checkpoint.com, navigate to Global Settings -> API Keys
-
Create a new API key and select Infinity Policy as the service, with Admin role, we recommend that you specify a meaningful comment for the key so you could identify them later and avoid mistakes.
-
Store the Client ID and Secret Key in a secure location, and note there's no way to view the secret key afterward.
There are 2 options to set the credentials to be used by the provider:
-
Set the credentials in environment variables
INEXT_CLIENT_ID
andINEXT_ACCESS_KEY
-
Set the credentials explicity or through input variables, in the
.tf
file that defines theprovider
block using the fieldsclient_id
andaccess_key
Note that credentials are per region, which can be configured with the region
field of the provider's definition. It defaults to "eu" and currently it accepts either "eu" or "us".
All changes that are made when running terraform apply
are done under a session of the configured API key.
At Infinity Next, each session must be published to be able to enforce your configured policies on your assets. Think of it as commiting your changes to be able to make a release.
Due to Terraform's lack of concept of session management/commiting changes at the end of an applied configuration, it's required from the user of this provider to publish and enforce the applied configuration by himself.
This repository includes a CLI utility for this exact use case, which includes 2 commands: publish
and enforce
.
Download and install the CLI found in the latest release
You could run inext help
and get all available options and commands.
The CLI requires the same credentials used to configure the provider, there are 3 options to pass these credentials to the CLI:
-
Set the environment variables:
INEXT_REGION
,INEXT_CLIENT_ID
andINEXT_ACCESS_KEY
and runinext <command>
, this is more comfortable for usage right afterterraform apply
since it uses the same environment variables. -
Set credentials using flags
--client-id
(shorthand-c
) and--access-key
(shorthand-k
)inext publish -c $INEXT_CLIENT_ID -k $INEXT_ACCESS_KEY -r us
-
Create a yaml file at
~/.inext.yaml
with the following content:client-id: <INEXT_CLIENT_ID> access-key: <INEXT_ACCESS_KEY> region: eu
Run
inext <command>
and the CLI would be configured using~/.inext.yaml
by default, can be set usinginext --config <config-path> <command>
terraform init
terraform apply
inext publish && inext enforce
Then navigate to the Cloud Tab and enable the Tech Preview toggle at the bottom right. You should now see your applied objects, each in its own tab.
- Go 1.18+
To build the provider run:
go build
To build the build the CLI run:
cd cmd
go build -o inext
cp inext /usr/local/bin