Zscaler Private Access (ZPA): Installation & Configuration

Installation

The Pulumi ZPA provider is available as a package in all Pulumi languages:

• JavaScript/TypeScript: @bdzscaler/pulumi-zpa
• Python: zscaler_pulumi_zpa
• Go: github.com/zscaler/pulumi-zpa/sdk/go/zpa
• .NET: zscaler.PulumiPackage.Zpa

Provider Binary

The ZPA provider binary is a third party binary. It can be installed using the pulumi plugin command.

pulumi plugin install resource zpa <version> --server github://api.github.com/zscaler

Replace the version string with your desired version.

Setup

To provision resources with the Pulumi ZPA provider, you need to have ZPA credentials. Zscaler maintains documentation on how to create API keys here

Set environment variables

Once you have provisioned these credentials, you can set environment variables to provision resources in ZPA:

$ export ZPA_CLIENT_ID=<ZPA_CLIENT_ID>
$ export ZPA_CLIENT_SECRET=<ZPA_CLIENT_SECRET>
$ export ZPA_CUSTOMER_ID=<ZPA_CUSTOMER_ID>
$ export ZPA_CLOUD=<ZPA_CLOUD>

$ export ZPA_CLIENT_ID=<ZPA_CLIENT_ID>
$ export ZPA_CLIENT_SECRET=<ZPA_CLIENT_SECRET>
$ export ZPA_CUSTOMER_ID=<ZPA_CUSTOMER_ID>
$ export ZPA_CLOUD=<ZPA_CLOUD>

> $env:ZPA_CLIENT_ID = "<ZPA_CLIENT_ID>"
> $env:ZPA_CLIENT_SECRET = "<ZPA_CLIENT_SECRET>"
> $env:ZPA_CUSTOMER_ID = "<ZPA_CUSTOMER_ID>"
> $env:ZPA_CLOUD = "<ZPA_CLOUD>"

Configuration Options

Use pulumi config set zpa:<option> or pass options to the constructor of new zpa.Provider.

~> NOTE The environment variable ZPA_CLOUD is only required if your are provisioning any of the below environments listed below:

• BETA
• GOV
• GOVUS
• PREVIEW
• ZPATWO