Authsignal’s Terraform provider can be used to set-up and manage action configurations and rules. Detailed information about the available resources can be found on the Terraform registry. If this is your first time using Terraform we recommend having a read of the official get started guide for AWS to learn the fundamentals.

1. Obtain a Management API key

You will need to generate an API key for the Management API to use with the Terraform provider. This key is different from the key used for the Server API. The key can be generated in the admin portal.

2. Create initial Terraform configuration

The following 3 variables are needed for the provider to run and can be found on the admin portal page linked above. These can be written directly into your Terraform files but we recommend configuring them as environment variables, especially for production environments. Please note the addition of /v1/management on the end of the API host URI.

terraform {
  required_providers {
    authsignal = {
      source = "authsignal/authsignal"
      version = "1.0.0"
    }
  }
}

provider "authsignal" {
  host       = "https://api.authsignal.com/v1/management" # AUTHSIGNAL_HOST
  tenant_id  = "aaaa-bbbb-cccc-dddd"                      # AUTHSIGNAL_TENANT_ID
  api_secret = "<management api secret key>"              # AUTHSIGNAL_API_SECRET
}

Run terraform init to validate the configuration. From here you can start configuring resources, please refer to the Terraform registry to see what resources are available and the related syntax.

3. Export Rule JSON from the Admin portal (optional)

We recommend configuring some rules in the admin portal by hand and then exporting them into your Terraform configuration, rather than writing out the rules from scratch.

After configuring a rule in the portal, you can export rule’s JSON by doing the following:

  1. Click ‘Edit’

  1. Click ‘Export’

You will need to edit the exported JSON slightly to conform to valid Terraform syntax. Please see the Terraform registry’s docs for rules for the correct structure and field names.

4. Import already-existing resources into your Terraform configuration (optional)

Rather than deleting your existing rules in the portal and then adding them back through Terraform, you are able to import rules directly into your Terraform state. You will need to write the corresponding Terraform for your action configurations and rules and then import them one by one. This can be done via the terraform import command which is documented here. The address syntax can be found under each resource’s documentation on the Terraform registry.

Importing an action configuration

You will need to find your action code in the admin portal, it can be found here:

Then write the corresponding Terraform for your action configuration:

resource "authsignal_action_configuration" "my_action" {
  action_code                = "My-Action"
  default_user_action_result = "ALLOW"
}

You can then import the rule using the following command:
terraform import authsignal_action_configuration.my_action My-Action

Importing a rule

You will need to find your rule’s unique identifier in the admin portal, it can be found in the URL when editing a rule:

Then write the corresponding Terraform for your rule:

resource "authsignal_rule" "my_rule" {
  action_code = authsignal_action_configuration.my_action
  name        = "My-Rule"
  is_active   = true
  priority    = 0
  type        = "CHALLENGE"
  conditions = jsonencode({
    "and" : [
      {
        "==" : [
          {
            "var" : "ip.isAnonymous"
          },
          true
        ]
      }
    ]
  })
}

You can then import the rule using the following command:
terraform import authsignal_rule.my_rule "My-Action/ccad3b11-14dc-4509-895a-dacac4983ed3"

Importing a theme

To use a authsignal_theme resource you will need to import the current theme settings using terraform import. All Authsignal tenants come with some default theme settings.

Write the corresponding Terraform for your theme:

resource "authsignal_theme" "my_theme" {
  name          = "My Tenant"
  logo_url      = "<url to an image>"
  favicon_url   = "<url to an image>"
  watermark_url = "<url to an image>"
  primary_color = "#ABCD12"
  borders = {
    button_border_radius    = 1
    button_border_width     = 2
    card_border_radius      = 3
    card_border_width       = 4
    input_border_radius     = 5
    input_border_width      = 6
    container_border_radius = 7
  }
  colors = {
    button_primary_text         = "#ABCD12"
    button_primary_border       = "#ABCD12"
    button_secondary_text       = "#ABCD12"
    button_secondary_background = "#ABCD12"
    button_secondary_border     = "#ABCD12"
    card_background             = "#ABCD12"
    card_border                 = "#ABCD12"
    input_background            = "#ABCD12"
    input_border                = "#ABCD12"
    link                        = "#ABCD12"
    heading_text                = "#ABCD12"
    body_text                   = "#ABCD12"
    container_background        = "#ABCD12"
    container_border            = "#ABCD12"
    divider                     = "#ABCD12"
    icon                        = "#ABCD12"
    loader                      = "#ABCD12"
    positive                    = "#ABCD12"
    critical                    = "#ABCD12"
    information                 = "#ABCD12"
    hover                       = "#ABCD12"
    focus                       = "#ABCD12"
  }
  page_background = {
    background_color     = "#ABCD12"
    background_image_url = "<url to an image>"
  }
  container = {
    content_alignment = "left"
    padding           = 1
    logo_alignment    = "center"
    logo_position     = "inside"
    logo_height       = 2
    position          = "outside"
  }
}

You can then import the existing theme with the following command. Please note the use of an empty string as the resource ID. A tenant can only have 1 theme resource, which is imported from the "" ID:
terraform import authsignal_theme.my_theme ""