Skip to content
Vidos Logo Vidos

Quickstart

Provision a Gateway, Authorizer, and Validator from a clean Terraform directory.

This quickstart uses environment variable authentication (VIDOS_API_KEY) and a published provider release (vidos-id/vidos).

Prerequisites

Section titled “Prerequisites”
  • Terraform CLI >= 1.6.0
  • A Vidos IAM API key secret with permission to create gateway/authorizer/validator resources

1) Create a new Terraform directory

Section titled “1) Create a new Terraform directory”
Terminal window
mkdir vidos-terraform-quickstart
cd vidos-terraform-quickstart

2) Export authentication

Section titled “2) Export authentication”
Terminal window
export VIDOS_API_KEY="<YOUR_VIDOS_IAM_API_SECRET>"

3) Add the Terraform configuration

Section titled “3) Add the Terraform configuration”

Create main.tf:

terraform {
  required_version = ">= 1.6.0"


  required_providers {
    vidos = {
      source  = "registry.terraform.io/vidos-id/vidos"
      version = "~> 0.1"
    }
  }
}


variable "vidos_region" {
  type        = string
  description = "Region for service management endpoints (for example: eu)."
  default     = "eu"
}


provider "vidos" {
  # Auth uses VIDOS_API_KEY (environment variable).
  region = var.vidos_region
}


locals {
  # Example PEM-encoded root certificates for validator trust anchors.
  # Replace these with real roots for your environment.
  valera_test_certificate = trimspace(<<-PEM
-----BEGIN CERTIFICATE-----
MIICGzCCAcCgAwIBAgIUb9GJdqQMdwXaoO61uxoBlg+jhbYwCgYIKoZIzj0EAwIw
LDELMAkGA1UEBhMCQVQxDjAMBgNVBAoMBUEtU0lUMQ0wCwYDVQQDDARJQUNBMB4X
DTI1MDQwNzA5NDQ1N1oXDTI2MDQwNzA5NDQ1N1owLDELMAkGA1UEBhMCQVQxDjAM
BgNVBAoMBUEtU0lUMQ0wCwYDVQQDDARJQUNBMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAElIXOzb+iF+zGutygdIVOBnC4R6OvhYo5TGWhrH0idmqs56IVwJWYzQYz
K4CbYePcxpMQY3lKBa5O0MAZe+EogKOBvzCBvDASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBBjAiBgNVHRIEGzAZhhdodHRwczovL3dhbGxldC5hLXNp
dC5hdDAyBgNVHR8EKzApMCegJaAjhiFodHRwczovL3dhbGxldC5hLXNpdC5hdC9j
cmwvMS5jcmwwHwYDVR0jBBgwFoAUDQF5K46YVgzLpfV5stoutBezK6QwHQYDVR0O
BBYEFA0BeSuOmFYMy6X1ebLaLrQXsyukMAoGCCqGSM49BAMCA0kAMEYCIQCz0i9G
A24ZOf3Wk+w8+09J6ARAHKLuBuepszBxVZdaZAIhAJlgzKBhHw8+Bwr+wLGQVjMC
5e9BWWaUga8ZP9dRYhHJ
-----END CERTIFICATE-----
  PEM
  )


  multipaz_certificate = trimspace(<<-PEM
-----BEGIN CERTIFICATE-----
MIICpjCCAi2gAwIBAgIQiiieDKBRbQvx4FJgTHQFbTAKBggqhkjOPQQDAzAuMR8w
HQYDVQQDDBZPV0YgTXVsdGlwYXogVEVTVCBJQUNBMQswCQYDVQQGDAJVUzAeFw0y
NDEyMDEwMDAwMDBaFw0zNDEyMDEwMDAwMDBaMC4xHzAdBgNVBAMMFk9XRiBNdWx0
aXBheiBURVNUIElBQ0ExCzAJBgNVBAAYMAlVUzB2MBAGByqGSM49AgEGBSuBBAAi
A2IABPkA8nu9JtjtJZT1zI1Y8VWc95uZOmqE/sIofi+/W+48qlJffbG3lJ6cWiw/
nJgdxyt7cJAO35lSUqGwXPvQg4ZId5sep/mKB+0XpWklk4VgXzMkY7H1Tg5KLByw
g52z1aOCAQ4wggEKMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEA
MEwGA1UdEgRFMEOGQWh0dHBzOi8vZ2l0aHViLmNvbS9vcGVud2FsbGV0LWZvdW5k
YXRpb24tbGFicy9pZGVudGl0eS1jcmVkZW50aWFsMFYGA1UdHwRPME0wS6BJoEeg
R4ZFaHR0cHM6Ly9naXRodWIuY29tL29wZW53YWxsZXQtZm91bmRhdGlvbi1sYWJz
L2lkZW50aXR5LWNyZWRlbnRpYWwvY3JsMB0GA1UdDgQWBBSrZRvgVsKQU/Hdf2zk
h75o3mDJ9TAfBgNVHSMEGDAWgBSrZRvgVsKQU/Hdf2zkh75o3mDJ9TAKBggqhkjO
PQQDAwNnADBkAjAtTLS7FfsbUe/SKlIhYgnDcD6fDgiUaUR4htNhFVHPA4d8OlUG
qmof76xieBjEc9MCMGKk27tss0KCk93qaRsZ7NuAGWMSun6mraePJ7PUpaYz2/6z
ztu51kYK6NftObq4fw==
-----END CERTIFICATE-----
  PEM
  )
}


resource "vidos_validator_instance" "main" {
  name = "terraform-quickstart-validator"


  inline_configuration = jsonencode({
    policies = {
      trustedIssuer = {
        skip = false
        trustedIssuerRootCertificates = [
          { type = "predefined", tag = "vidos" },
          { type = "pem", pem = local.valera_test_certificate },
          { type = "pem", pem = local.multipaz_certificate },
        ]
      }
    }
  })
}


resource "vidos_authorizer_instance" "main" {
  name = "terraform-quickstart-authorizer"


  inline_configuration = jsonencode({
    policies = {
      validate = {
        skip = false
        validator = {
          type       = "instance"
          resourceId = vidos_validator_instance.main.resource_id
          serviceRole = {
            owner      = "managed"
            resourceId = "validator_all_actions"
          }
        }
      }
    }
  })
}


resource "vidos_gateway_instance" "main" {
  name = "terraform-quickstart-gateway"


  inline_configuration = jsonencode({
    cors = {
      enabled      = true
      allowHeaders = ["*"]
      origin       = ["*"]
    }
    paths = {
      auth = {
        type       = "instance"
        service    = "authorizer"
        resourceId = vidos_authorizer_instance.main.resource_id
        serviceRole = {
          owner      = "managed"
          resourceId = "authorizer_all_actions"
        }
      }
      validate = {
        type       = "instance"
        service    = "validator"
        resourceId = vidos_validator_instance.main.resource_id
        serviceRole = {
          owner      = "managed"
          resourceId = "validator_all_actions"
        }
      }
    }
  })
}


output "gateway_endpoint" {
  description = "Gateway instance endpoint."
  value       = vidos_gateway_instance.main.endpoint
}

4) Apply

Section titled “4) Apply”
Terminal window
terraform init
terraform apply

5) Verify

Section titled “5) Verify”

After apply, Terraform prints gateway_endpoint. You should see two routes:

  • /auth/* forwards to the Authorizer instance
  • /validate/* forwards directly to the Validator instance

6) Clean up

Section titled “6) Clean up”
Terminal window
terraform destroy

Next steps

Section titled “Next steps”