Being a network security practitioner has never been more demanding. Networks are growing in scale and complexity, so managing security configurations manually has become slower, riskier, and increasingly difficult to maintain. Hand-keyed changes inevitably introduce mistakes, and without a centralized system, live environments easily fall out of sync with intended designs over time.
To solve these challenges, we are thrilled to announce the launch of the Strata Cloud Manager (SCM) Terraform Provider. This official HashiCorp-compatible plugin empowers you to manage your Palo Alto Networks environment using Infrastructure as Code (IaC). Instead of configuring resources through the SCM Interface, you define them declaratively in .tf files, and Terraform handles provisioning, updates, and deletions automatically.
Why use the SCM Terraform Provider?
- Deploy Configurations Faster: Replace tedious manual UI navigation with a streamlined, code-driven workflow, allowing you to push updates across your entire network instantly and simultaneously.
- Scale with Ease: The SCM Terraform Provider enables you to scale your environment efficiently without adding operational overhead. Using reusable resource blocks and external data sources, such as CSV files for bulk provisioning, you can automate deployments and maintain a consistent security posture across environments of any size.
- Establish a Single Source of Truth: Terraform treats your configuration files as the definitive source of truth, effectively eliminating configuration drift by automatically detecting discrepancies between your intended state and the live SCM environment.
- Version Control and Auditability: Because your infrastructure is defined as code, every single change can be tracked through version control software like Git. This grants teams full visibility, historical auditability, and the ability to instantly roll back if an issue occurs.
What Can You Manage?
The provider supports a comprehensive suite of SCM capabilities, including:
- Security Services: Enforce firewall rules, anti-spyware profiles, and URL filtering.
- Network Services: Configure core networking components like VPN tunnels, interfaces, NAT rules, and routing.
- Objects & Identity: Deploy reusable configuration elements like addresses and tags, as well as authentication profiles and LDAP servers.
How to Get Started?
- Create a Service Account: Generate your Client ID and Client Secret using the Identity & Access Management Page on SCM.
- Configure Provider Block: Go to the SCM Terraform Registry, copy the provided code snippet into your config.tf file, and populate the SCM provider block.
- Initialize Workspace: Finally, with your credentials in place, run terraform init. It will initialize your workspace, download the SCM provider, and prepare terraform to manage your security infrastructure.
- Start your Configuration: With your environment initialized, you can start creating your configuration. You can explore the SCM Terraform Provider Documentation on the Terraform Registry to find a complete list of our supported resources. You'll find detailed schemas mapping all required and optional fields, data sources for retrieving live network data, and ready-to-use code examples to accelerate your deployment.
