Cloud�are Provider The Cloud�are provider is used to interact with resources supported by Cloud�are. The provider needs to be con�gured with the proper credentials before it can be used. Use the navigation to the left to read about the available resources. Example Usage provider "cloudflare" { version = = "~> 2.0" email = = "${var.cloudflare_email}" api_key = = "${var.cloudflare_api_key}" } resource "cloudflare_record" "www" { } resource "cloudflare_page_rule" "www" { } Argument Reference The following arguments are supported: email - (Optional) The email associated with the account. This can also be speci�ed with the CLOUDFLARE_EMAIL shell environment variable. api_key - (Optional) The Cloud�are API key. This can also be speci�ed with the CLOUDFLARE_API_KEY shell environment variable. api_token - (Optional) The Cloud�are API Token. This can also be speci�ed with the CLOUDFLARE_API_TOKEN shell environment variable. This is an alternative to email + api_key . If both are speci�ed, api_token will be used over email + api_key �elds. rps - (Optional) RPS limit to apply when making calls to the API. Default: 4. This can also be speci�ed with the CLOUDFLARE_RPS shell environment variable. retries - (Optional) Maximum number of retries to perform when an API request fails. Default: 3. This can also be speci�ed with the CLOUDFLARE_RETRIES shell environment variable. min_backoff - (Optional) Minimum backo� period in seconds after failed API calls. Default: 1. This can also be speci�ed with the CLOUDFLARE_MIN_BACKOFF shell environment variable.
max_backoff - (Optional) Maximum backo� period in seconds after failed API calls Default: 30. This can also be speci�ed with the CLOUDFLARE_MAX_BACKOFF shell environment variable. api_client_logging - (Optional) Whether to print logs from the API client (using the default log library logger). Default: false. This can also be speci�ed with the CLOUDFLARE_API_CLIENT_LOGGING shell environment variable. account_id - (Optional) Con�gure API client with this account ID, so calls use the account API rather than the (default) user API. This is required for other users in your account to have access to the resources you manage. This can also be speci�ed with the CLOUDFLARE_ACCOUNT_ID shell environment variable.
cloud�are_ip_ranges Use this data source to get the IP ranges (https://www.cloud�are.com/ips/) of Cloud�are edge nodes. Example Usage data "cloudflare_ip_ranges" "cloudflare" {} resource "google_compute_firewall" "allow_cloudflare_ingress" { name = = "from-cloudflare" network = = "default" source_ranges = = ["${data.cloudflare_ip_ranges.cloudflare.ipv4_cidr_blocks}"] allow { ports = = "443" protocol = = "tcp" } } Attributes Reference cidr_blocks - The lexically ordered list of all CIDR blocks. ipv4_cidr_blocks - The lexically ordered list of only the IPv4 CIDR blocks. ipv6_cidr_blocks - The lexically ordered list of only the IPv6 CIDR blocks.
cloud�are_waf_groups Use this data source to look up WAF Rule Groups (https://api.cloud�are.com/#waf-rule-groups-properties). Example Usage The example below matches all WAF Rule Groups that contain the word example and are currently on . The matched WAF Rule Groups are then returned as output. data "cloudflare_waf_groups" "test" { filter { name = = ".*example.*" mode = = "on" } } output "waf_groups" { value = = data.cloudflare_waf_groups cloudflare_waf_groups.test test.groups groups } Argument Reference zone_id - (Required) The ID of the DNS zone in which to search for the WAF Rule Groups. package_id - (Optional) The ID of the WAF Rule Package in which to search for the WAF Rule Groups. filter - (Optional) One or more values used to look up WAF Rule Groups. If more than one value is given all values must match in order to be included, see below for full list. �lter name - (Optional) A regular expression matching the name of the WAF Rule Groups to lookup. mode - (Optional) Mode of the WAF Rule Groups to lookup. Valid values: on and o�. Attributes Reference groups - A map of WAF Rule Groups details. Full list below: groups id - The WAF Rule Group ID name - The WAF Rule Group name description - The WAF Rule Group description mode - The WAF Rule Group mode
rules_count - The number of rules in the WAF Rule Group modified_rules_count - The number of modi�ed rules in the WAF Rule Group package_id - The ID of the WAF Rule Package that contains the WAF Rule Group
cloud�are_waf_packages Use this data source to look up WAF Rule Packages (https://api.cloud�are.com/#waf-rule-packages-properties). Example Usage The example below matches all high sensitivity WAF Rule Packages, with a challenge action mode and an anomaly detection mode, that contain the word example . The matched WAF Rule Packages are then returned as output. data "cloudflare_waf_packages" "test" { filter { name = = ".*example.*" detection_mode = = "anomaly" sensitivity = = "high" action_mode = = "challenge" } } output "waf_packages" { value = = data.cloudflare_waf_packages cloudflare_waf_packages.test test.packages packages } Argument Reference zone_id - (Required) The ID of the DNS zone in which to search for the WAF Rule Packages. filter - (Optional) One or more values used to look up WAF Rule Packages. If more than one value is given all values must match in order to be included, see below for full list. �lter name - (Optional) A regular expression matching the name of the WAF Rule Packages to lookup. detection_mode - (Optional) Detection mode of the WAF Rule Packages to lookup. sensitivity - (Optional) Sensitivity of the WAF Rule Packages to lookup. Valid values: high, medium, low and o�. action_mode - (Optional) Action mode of the WAF Rule Packages to lookup. Valid values: simulate, block and challenge. Attributes Reference packages - A map of WAF Rule Packages details. Full list below: packages id - The WAF Rule Package ID name - The WAF Rule Package name
description - The WAF Rule Package description detection_mode - The WAF Rule Package detection mode sensitivity - The WAF Rule Package sensitivity action_mode - The WAF Rule Package action mode
cloud�are_zones Use this data source to look up Zone (https://api.cloud�are.com/#zone-properties) records. Example Usage The example below matches all active zones that begin with example. and are not paused. The matched zones are then locked down using the cloudflare_zone_lockdown resource. data "cloudflare_zones" "test" { filter { name = = "example.*" status = = "active" paused = = false false } } resource "cloudflare_zone_lockdown" "endpoint_lockdown" { zone = = "${lookup(data.cloudflare_zones.test.zones[0], "name")}" paused = = "false" description = = "Restrict access to these endpoints to requests from a known IP address" urls = = [ "api.mysite.com/some/endpoint*", ] configurations { target = = "ip" value = = "198.51.100.4" } } Argument Reference filter - (Required) One or more values used to look up zone records. If more than one value is given all values must match in order to be included, see below for full list. �lter name - (Optional) A regular expression matching the zone to lookup. status - (Optional) Status of the zone to lookup. Valid values: active, pending, initializing, moved, deleted, deactivated and read only. paused - (Optional) Paused status of the zone to lookup. Valid values are true or false . Attributes Reference zones - A map of zone details. Full list below: zones
id - The zone ID name - Zone name
Terraform Cloud�are Provider Version 2 Upgrade Guide Version 2 of the Cloud�are Terraform Provider is introducing several breaking changes intended to remove confusion around di�erent ways of specifying zones and Worker resources, and accommodates for API changes around Workers product. Provider Version Con�guration If you are not ready to make a move to version 2 of the Cloud�are provider, you may keep the 1.x branch active for your Terraform project by specifying: provider "cloudflare" { version = = "~> 1.0" } We highly recommend to review this guide, make necessary changes and move to 2.x branch, as further 1.x releases are unlikely to happen. Once ready, make the following change to use the latest 2.x release: provider "cloudflare" { version = = "~> 2.0" } Provider global con�guration changes The following changes have been made to �elds: renamed token to api_key renamed org_id to account_id removed use_org_from_zone , you need to explicitly specify account_id The following changes have been made to environment variables: renamed CLOUDFLARE_TOKEN to CLOUDFLARE_API_KEY renamed CLOUDFLARE_ORG_ID to CLOUDFLARE_ACCOUNT_ID removed CLOUDFLARE_ORG_ZONE , you need to explicitly specify CLOUDFLARE_ACCOUNT_ID Before:
Recommend
More recommend