Generating Akamai API Credentials

Before we can use Terraform with Akamai, we need to set up API credentials. These credentials will allow Terraform to interact with Akamai's Property Manager and Security services.

Steps to Create Akamai API Credentials

1. Log in to the Akamai Control Center (opens in a new tab).
2. Navigate to "Identity & Access" → "API Users & Keys".
3. Click on "Create API Client".
4. Under "Select API client type" make sure "Myself" is selected on the left, and you choose the "Advanced" option
5. Fill in the form:
   • Name: Choose a descriptive name (e.g., "Terraform-Akamai")
   • Description: Briefly describe the purpose (e.g., "API client for Terraform automation")
   • Make sure IP Allowlist is unchecked
   • Check the box for "Let this client manage multiple accounts"
   • Uncheck the box for "Let this client create credentials for another API client"
   • Check the Select APIs option, and in the popup select at least these two APIs:
     • Property Manager API (PAPI) : read/write
     • Application Security (not the internal version, if this is available): read/write
   • Under groups, leave the default ("Same groups as |username|") selected
6. Click "Create API Client".
7. In the next screen click "Download API Client"

Understanding Your Akamai API Credentials

You'll receive four pieces of information:

1. Client Token
2. Client Secret
3. Access Token
4. Base URL

All of these are required to authenticate your API requests to Akamai.

Using Akamai Credentials with Terraform

When you're working with more than one account, move between them using an account switch key with an API client enabled to manage multiple accounts. If you're not working with more than one account disregard the AKAMAI_ACCOUNT_KEY and account_key below.

To use these credentials with Terraform, you can set them as environment variables:

Mac / Linux

export AKAMAI_CLIENT_SECRET="your_client_secret"
export AKAMAI_HOST="your_base_url"
export AKAMAI_ACCESS_TOKEN="your_access_token"
export AKAMAI_CLIENT_TOKEN="your_client_token"
export AKAMAI_ACCOUNT_KEY="your_account_id"

Windows

$env:AKAMAI_CLIENT_SECRET = "your_client_secret"
$env:AKAMAI_HOST = "your_base_url"
$env:AKAMAI_ACCESS_TOKEN = "your_access_token"
$env:AKAMAI_CLIENT_TOKEN = "your_client_token"
$env:AKAMAI_ACCOUNT_KEY = "your_account_id"

Alternatively, you can use an .edgerc file, which is a common way to store Akamai credentials:

1. Create a file named .edgerc in your home directory.
2. Add the following content, changing the section header to something other than default if you are adding an additional section:

[default]
client_secret = your_client_secret
host = your_base_url
access_token = your_access_token
client_token = your_client_token
account_key = you_account_id

The .edgerc method will be used for the examples and exercises in this course.

Note: If you use account-switching, it is common practice to have multiple sections in your .edgerc file where the 4 core elements (host, access_token, client_token and client_secret) are the same, but the account_key differs. This allows you to simply override the config_section variable in your terraform to switch between accounts.

Best Practices for Akamai API Credential Security

1. Never share your API credentials or commit them to your Git repository.
2. Use environment variables or the .edgerc file to manage your credentials securely.
3. Regularly rotate your API credentials, especially if you suspect they might have been compromised.
4. Only grant the necessary permissions to your API client.

Next Steps

With your Akamai API credentials set up, you're ready to start using Terraform to manage Akamai resources. In the next section, we'll begin configuring Terraform to work with Akamai Property Manager and Security services.