Gateway + Authorizer

Provision an Authorizer and a Gateway that routes /auth/* to the Authorizer.

This example uses environment variable authentication (VIDOS_API_KEY) and the managed service role authorizer_all_actions for gateway -> authorizer service-to-service auth.

Prerequisites

• Terraform CLI >= 1.6.0
• A Vidos IAM API key secret with permission to create authorizer and gateway resources

Inputs

• VIDOS_API_KEY (required): Vidos IAM API secret

Create the configuration

From a clean directory, create main.tf:

terraform {
  required_version = ">= 1.6.0"

  required_providers {
    vidos = {
      source  = "registry.terraform.io/vidos-id/vidos"
      version = "~> 0.1"
    }
  }
}

resource "vidos_authorizer_configuration" "example" {
  name = "terraform-example-authorizer-config"

  values = jsonencode({})
}

resource "vidos_authorizer_instance" "main" {
  name = "terraform-example-authorizer-instance"

  configuration_resource_id = vidos_authorizer_configuration.example.resource_id
}

resource "vidos_gateway_instance" "example" {
  name = "terraform-example-gateway-instance"

  inline_configuration = jsonencode({
    cors = {
      enabled      = true
      allowHeaders = ["*"]
      origin       = ["*"]
    }
    paths = {
      auth = {
        type       = "instance"
        service    = "authorizer"
        resourceId = vidos_authorizer_instance.main.resource_id
        serviceRole = {
          owner      = "managed"
          resourceId = "authorizer_all_actions"
        }
      }
    }
  })
}

output "gateway_endpoint" {
  description = "Gateway instance endpoint."
  value       = vidos_gateway_instance.example.endpoint
}

Run it

export VIDOS_API_KEY="<YOUR_VIDOS_IAM_API_SECRET>"

terraform init
terraform apply

Verify

• Confirm gateway_endpoint is present in outputs.
• Requests to <gateway_endpoint>/auth/* are routed to the Authorizer instance.

Clean up

terraform destroy

Related

• Quickstart
• Authentication and regions