# Fastly The Veza integration for Fastly enables the discovery of users, services, roles, and permissions within the Fastly content delivery network (CDN). Common use cases include: * **Access Reviews:** Certify Fastly user-role assignments, with support for mapping IdP identities to Fastly local accounts. * **Access Intelligence:** Create dashboards for visibility into user and service statuses, with rules to trigger alerts or actions when changes occur. * **Access Visibility:** Use Query Builder and Graph search to report on and visualize access to roles and services in Fastly. This document provides steps to enable the Fastly integration. See [Notes and Supported Entities](#notes-and-supported-entities) for more information about entities and attributes gathered by Veza. ### Configuring the Fastly Integration #### Generate a Fastly API Token To create an API token: 1. Log in to the [Fastly UI](https://manage.fastly.com/). 2. Navigate to **Account** > *Personal Profile* > [*API Tokens*](https://manage.fastly.com/account/personal/tokens). ![Managing Fastly API Tokens](/files/jE1qeDoV3A035qO9bzWh) 3. Click **Create Token**. 4. Enter your password to re-authenticate. 5. Fill out the "Create a Token" field. The token scope must be either `Read-only access` or `Global API access`. ![Creating a Fastly API Token](/files/oRG5mbrxX5Ujum4yzgGP) 6. Click *Create Token* to save the token. For detailed instructions, see [Using API Tokens](https://docs.fastly.com/en/guides/using-api-tokens). ### Configuring Fastly on the Veza Platform To enable the integration: 1. In Veza, go to the **Integrations** page. 2. Click *Add Integration*, search for Fastly, select it, and click **Next**. 3. Enter the required information. 4. Click *Create Integration* to save the configuration. | Field | Description | | ------------- | ---------------------------------------------------------- | | Insight Point | Choose the default data plane or a deployed Insight Point. | | Name | A friendly name to identify the integration. | | Token | The API token used to access the Fastly API. | ### Notes and Supported Entities The integration uses the OAA custom application template to model entities in Fastly: * **Fastly Customer:** Application * **Fastly Service:** Local Resources * **Fastly Users:** Local Users * **Fastly Role:** Local Roles * **Fastly Permissions:** Local Permissions #### Fastly Customer A Fastly customer account is the base object that owns users and services. #### Fastly User A platform user is associated with a unique email address and can be granted access to Fastly. Users are always linked to a parent customer account. | Fastly Field Name | Veza Field Name | Description | Property Type | | ------------------------- | ------------------------- | --------------------------------------------------------------- | ------------------------- | | `id` | `id` | User’s ID | LocalUser Property | | `name` | `name` | User’s Name | LocalUser Property | | `created_at` | `created_at` | Time when the user was created | LocalUser Property | | `deleted_at` | `is_active` | Indicates if the user is active | LocalUser Property | | `updated_at` | `updated_at` | Time when the user was last updated | LocalUser Custom Property | | `deleted_at` | `deleted_at` | Time when the user was deleted | LocalUser Custom Property | | `last_active_at` | `last_login_at` | Last active time of the user | LocalUser Property | | `limit_services` | `limit_services` | Indicates if the user has limited access to services | LocalUser Custom Property | | `two_factor_auth_enabled` | `two_factor_auth_enabled` | Indicates if two-factor authentication is enabled | LocalUser Custom Property | | `login` | `email` | The login associated with the user (typically an email address) | LocalUser Property | | `locked` | `locked` | Indicates if the account is locked for editing | LocalUser Custom Property | | `require_new_password` | `require_new_password` | Indicates if a new password is required at next login | LocalUser Custom Property | #### Fastly Service A service represents the configuration for a website, app, API, or any other service hosted on Fastly. Services can have multiple versions where backends, domains, and more are configured. | Fastly Field Name | Veza Field Name | Description | Property Type | | ------------------- | ------------------- | ------------------------------------------ | ------------------------ | | `id` | `id` | Service’s ID | Resource Property | | `name` | `name` | Service’s Name | Resource Property | | `created_at` | `created_at` | Time when the service was created | Resource Custom Property | | `updated_at` | `updated_at` | Time when the service was last updated | Resource Custom Property | | `deleted_at` | `deleted_at` | Time when the service was deleted | Resource Custom Property | | `type` | `type` | Type of service (`VCL` or `WSAM`) | Resource Custom Property | | `version` | `version` | Version of the service | Resource Custom Property | | `is_version_active` | `is_version_active` | Indicates if the service version is active | Resource Custom Property | | `paused` | `paused` | Indicates if the service is paused | Resource Custom Property | | `locked` | `locked` | Indicates if the service version is locked | Resource Custom Property | #### Fastly Roles All user roles in a Fastly account have access to all services. The `Engineer` role can have limited access to services with specific permissions granted by a Service Authorization API. Fastly includes predefined user roles: * **User:** Limited ability to view service configurations and stats; no access to billing. * **Billing:** Full access to view service configurations, invoices, billing history, and manage payment information. * **Superuser:** Full account access, including management of service configurations, billing, and TLS settings. * **Engineer:** Ability to create and manage services. Access can be limited on a per-service basis with the following permissions: * **Read-only:** View service configuration without making changes. * **Purge select:** View configuration and issue purge requests for specific parts of a service. * **Purge all:** View configuration and issue purge requests for the entire service. * **Full access:** Full access to service configuration and management. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/fastly.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.