This article describes how to make an API call using the Terraform with FortiManager/FortiAnalyzer-Cloud.
FortiManager/FortiAnalyzer-Cloud.
To review the steps of creating an API user for FortiManager/FortiAnlyzer-Cloud, follow this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud.
The Terraform is using a file with an extension .tf.
After the file is created then use:
terraform init
terraform apply
An example file called test.tf is shown below:
terraform {
required_providers {
fortimanager = {
source = "fortinetdev/fortimanager"
version = "1.12.1"
}
}
}
# Configure the Provider for FortiManager
provider "fortimanager" {
hostname = "xxxx.fortimanager.forticloud.com"
username = "6BD4E324xxx"
password = "xxxxxx"
fmg_type = "forticloud"
insecure = "true"
scopetype = "adom"
adom = "root"
}
# Create a firewall vip object
resource "fortimanager_object_firewall_vip" "trname2" {
scopetype = "inherit"
adom = "root"
extintf = "any"
extip = "1.10.10.10-2.10.10.10"
mappedip = ["12.10.10.10-13.10.10.10"]
name = "viptest1"
}
Another option is to use variables for specific information for the provider part:
export "FORTIMANAGER_ACCESS_USERNAME"="admin"
export "FORTIMANAGER_ACCESS_PASSWORD"="admin"
Instead of username/password can be used the token as in this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud
export "FORTIMANAGER_ACCESS_TOKEN"="xxxxxx"
The same in the provider section of the .tf file can be written in the following way:
fmg_cloud_token = "xxxxxx"
The object created can be reviewed From FortiManager-Cloud:
Troubleshooting:
In some cases, the Terraform can give an error about a locked file. It is then possible to overcome it with:
terraform apply -lock=false
To gather debug information use the following variables:
export TF_LOG="DEBUG"
export TF_LOG_PATH="terraform.txt"
For more debug information use:
export TF_LOG="TRACE"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.