Technical Tip: Using Terraform with FortiManager and FortiAnalyzer Cloud
Description
This article describes how to make an API call using the Terraform with FortiManager/FortiAnalyzer-Cloud.
Scope
FortiManager/FortiAnalyzer-Cloud.
Solution
To review the steps of creating an API user for FortiManager/FortiAnalyzer-Cloud, follow this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud.
Terraform uses a file with an extension .tf.
After the file is created, then use:
terraform init
terraform apply
An example file called test.tf is shown below:
terraform { required_providers { fortimanager = { source = "fortinetdev/fortimanager" version = "1.12.1" } } } # Configure the Provider for FortiManager provider "fortimanager" { hostname = "xxxxxxxxx.forticloud.com" username = "6BD4Exxxx" password = "xxxxxxxxx" fmg_type = "forticloud" insecure = "true" scopetype = "adom" adom = "root" } # Create a firewall vip object resource "fortimanager_object_firewall_vip" "trname2" { scopetype = "inherit" adom = "root" extintf = "any" extip = "1.10.10.10-2.10.10.10" mappedip = ["12.10.10.10-13.10.10.10"] name = "viptest1" }
Another option is to use variables for specific information for the provider part:
export "FORTIMANAGER_ACCESS_USERNAME"="admin"
export "FORTIMANAGER_ACCESS_PASSWORD"="admin"
Instead of username/password can be used the token as in this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud.
export "FORTIMANAGER_ACCESS_TOKEN"="xxxxxx"
The same in the provider section of the .tf file can be written in the following way:
fmg_cloud_token = "xxxxxx"
The object created can be reviewed from FortiManager-Cloud:
Troubleshooting:
In some cases, Terraform can give an error about a locked file. It is then possible to overcome it with:
terraform apply -lock=false
To gather debug information, use the following variables:
export TF_LOG="DEBUG"
export TF_LOG_PATH="terraform.txt"
For more debug information, use:
export TF_LOG="TRACE"