Skip to main content

Illumio Segmentation for the Cloud User Guide

  • Illumio Segmentation for the Cloud User Guide
  • Get Started
  • Onboarding GCP
  • Onboard a GCP Subscription using a Terraform Illumio Onboarding Application

Onboard a GCP Subscription using a Terraform Illumio Onboarding Application

Learn how to onboard a GCP subscription using Terraform.

Prerequisite:

  • You must be authenticated and logged in to Google Cloud before you edit your Terraform script.

To onboard your GCP subscription with your newly created application, modify your Terraform script to resemble the following script on GitHub.

Modify and run your Terraform script to onboard your GCP subscription
Enter your Saved Variables

The gcp_project_dev module uses the following variable that you have saved to a text file. Modify your script so that it contains your saved variable values.

  • gcp_project

Enter Your Variable Values Generated during Service Account Creation

The module also uses the following service account variables that you need to get from Illumio Segmentation for the Cloud when you create a service account:

  • illumio_cloudsecure_client_id

  • illumio_cloudsecure_client_secret

Create a service account in Illumio Segmentation for the Cloud and get the variable values:

  1. Navigate to https://console.illum.io/ and sign in. See Set up your Illumio Account.

  2. Browse to to Cloud > Settings >  Service Accounts.

  3. Click Add, then enter a name and description, and click Save.

    The service account appears in your list with the name and client ID displayed. Copy the client ID.

  4. Click on the service account to open its details page.

  5. Under Secrets, click Add, then enter a name and click Save.

    The service account appears in your list with the name and client ID displayed. Copy the client ID.

  6. Modify your script so that it contains your copied variable values.

Run your Terraform script

  1. Modify your Terraform script to specify read or read and write permissions.

  2. Run your Terraform script.

    The Terraform modules uses these credentials to set up IAM roles and service account impersonation in GCP. This application in turn gives your recently created application the permissions required for Illumio Segmentation for the Cloud to onboard your GCP subscription. The module checks for the permissions mode (read/read andwrite) to provision appropriate permissions.

What to do after onboarding GCP with Terraform

When finished, the Onboarding page opens and displays a new row for that account.

For the next steps after onboarding an account, see Onboarding GCP and After onboarding your accounts.