Skip to content

rashedobaid/terraform-cloudflare-zone

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
ruleset.tf
ruleset.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Terraform Cloudflare Zone

Terraform module that manages Cloudflare zones, DNS records, optional Argo Smart Routing, Tiered Caching, and Rulesets.

This module supports:

  • Creating or using an existing Cloudflare zone.
  • Managing multiple DNS records, including:
    • Full control over TTL, proxying, priority, and comments.
  • Enabling and configuring Cloudflare Argo features:
    • Smart Routing
    • Tiered Caching
  • Defining custom Cloudflare Rulesets (e.g., redirect logic, access policies).

Example

module "zone" {
  source  = "rashedobaid/zone/cloudflare"

  # Required Cloudflare account ID
  account_id = "your-cloudflare-account-id"

  # Domain name to create/manage in Cloudflare
  zone = "example.com"

  # Whether to create a new zone or use an existing one
  zone_enabled = true

  # Enable Argo features
  argo_enabled                 = true
  argo_smart_routing_enabled   = true
  argo_tiered_caching_enabled  = true

  # DNS records to manage
  records = [
    {
      name    = "www"
      type    = "A"
      content = "192.0.2.1"
      ttl     = 300
      proxied = true
      comment = "Main website"
    },
    {
      name     = "@"
      type     = "MX"
      content  = "mail.example.com"
      ttl      = 3600
      priority = 10
      comment  = "Mail server"
    }
  ]

  # Optional rulesets to apply
  rulesets = [
    {
      phase = "http_request_dynamic_redirect"
      rules = [
        {
          description = "Redirect example.com to example.net"
          expression  = "http.host eq \"example.com\""
          action      = "redirect"
          action_parameters = {
            from_value = {
              target_url = {
                value = "https://example.net"
              }
              status_code           = 301
              preserve_query_string = true
            }
          }
        }
      ]
    }
  ]
}

Requirements

Name Version
cloudflare >= 5.5.0

Providers

Name Version
cloudflare >= 5.5.0

Modules

No modules.

Resources

Name Type
cloudflare_argo_smart_routing.default resource
cloudflare_argo_tiered_caching.default resource
cloudflare_dns_record.default resource
cloudflare_ruleset.default resource
cloudflare_zone.default resource
cloudflare_zones.default data source

Inputs

Name Description Type Default Required
account_id The Cloudflare account ID associated with the zone. string n/a yes
argo_enabled Whether to enable Cloudflare Argo for the zone. bool false no
argo_smart_routing_enabled Enable smart routing as part of Argo features. bool true no
argo_tiered_caching_enabled Enable tiered caching as part of Argo features. bool true no
records List of DNS records to be created within the zone. 
list(object({
    name     = string
    type     = string
    ttl      = optional(number, 1)
    content  = optional(string)
    data     = optional(map(any))
    priority = optional(number)
    proxied  = optional(bool)
    comment  = optional(string)
    settings = optional(map(any))
  }))
 [] no
rulesets List of Rulesets to be created within the zone. 
list(object({
    name        = optional(string)
    phase       = string
    description = optional(string)
    rules = optional(list(object({
      action      = string
      expression  = string
      description = optional(string)
      enabled     = optional(bool)
      ref         = optional(string)
      action_parameters = optional(object({
        id                       = optional(string)
        ruleset                  = optional(string)
        version                  = optional(string)
        phases                   = optional(list(string))
        products                 = optional(list(string))
        host_header              = optional(string)
        status_code              = optional(number)
        content                  = optional(string)
        content_type             = optional(string)
        polish                   = optional(string)
        security_level           = optional(string)
        ssl                      = optional(string)
        automatic_https_rewrites = optional(bool)
        mirage                   = optional(bool)
        rocket_loader            = optional(bool)
        bic                      = optional(bool)
        hotlink_protection       = optional(bool)
        cache                    = optional(bool)
        origin_cache_control     = optional(bool)
        browser_ttl = optional(object({
          mode    = string
          default = optional(number)
        }))
        edge_ttl = optional(object({
          mode    = string
          default = optional(number)
          status_code_ttl = optional(list(object({
            value       = number
            status_code = optional(number)
            status_code_range = optional(object({
              from = optional(number)
              to   = optional(number)
            }))
          })))
        }))
        cache_key = optional(object({
          ignore_query_strings_order = optional(bool)
          cache_by_device_type       = optional(bool)
          cache_deception_armor      = optional(bool)
          custom_key = optional(object({
            cookie = optional(object({
              include        = optional(list(string))
              check_presence = optional(list(string))
            }))
            header = optional(object({
              include        = optional(list(string))
              check_presence = optional(list(string))
              exclude_origin = optional(bool)
            }))
            host = optional(object({
              resolved = optional(bool)
            }))
            user = optional(object({
              device_type = optional(bool)
              geo         = optional(bool)
              lang        = optional(bool)
            }))
            query_string = optional(object({
              include = optional(object({
                all  = optional(bool)
                list = optional(list(string))
              }))
              exclude = optional(object({
                all  = optional(bool)
                list = optional(list(string))
              }))
            }))
          }))
        }))
        serve_stale = optional(object({
          disable_stale_while_updating = optional(bool)
        }))
        headers = optional(map(object({
          operation  = string
          value      = optional(string)
          expression = optional(string)
        })))
        from_value = optional(object({
          status_code           = optional(number)
          preserve_query_string = optional(bool)
          target_url = optional(object({
            value      = optional(string)
            expression = optional(string)
          }))
        }))
        uri = optional(object({
          path = optional(object({
            value      = optional(string)
            expression = optional(string)
          }))
          query = optional(object({
            value      = optional(string)
            expression = optional(string)
          }))
        }))
        overrides = optional(object({
          action            = optional(string)
          enabled           = optional(bool)
          sensitivity_level = optional(string)
          categories = optional(list(object({
            category          = string
            action            = optional(string)
            enabled           = optional(bool)
            sensitivity_level = optional(string)
          })))
          rules = optional(list(object({
            id                = string
            action            = optional(string)
            enabled           = optional(bool)
            score_threshold   = optional(number)
            sensitivity_level = optional(string)
          })))
        }))
      }))
      logging = optional(object({
        enabled = optional(bool)
      }))
      ratelimit = optional(object({
        characteristics     = list(string)
        period              = number
        requests_per_period = optional(number)
        mitigation_timeout  = optional(number)
        counting_expression = optional(string)
        requests_to_origin  = optional(bool)
        score_per_period    = optional(number)
      }))
      exposed_credential_check = optional(object({
        username_expression = string
        password_expression = string
      }))
    })), [])
  }))
 [] no
type Type of zone: 'full' for Cloudflare-managed DNS, or 'partial' for CNAME setup. string "full" no
zone The domain name of the Cloudflare zone (e.g., example.com). string n/a yes
zone_enabled Determines whether to create a new DNS zone. If set to false, uses an existing zone. bool true no

Outputs

Name Description
id The unique identifier of the Cloudflare zone.
meta_phishing_detected Indicates whether phishing content has been detected on the zone.
name_servers List of Cloudflare-assigned name servers. Only populated for zones using full DNS setup.
record_key_to_id Map of record keys (name-type-content) to record IDs.
ruleset_ids Map of ruleset phases to their corresponding IDs.
status Current status of the zone (e.g., 'active', 'pending').
type The zone type, indicating the plan or configuration applied (e.g., 'full' or 'partial').
vanity_name_servers List of custom vanity name servers assigned to the zone, if configured.
verification_key TXT record value used to verify domain ownership. Applicable only for zones of type 'partial'.

Authors

Module is maintained by Rashed Obaid.

License

Apache 2 Licensed. See LICENSE for full details.

About

Terraform Cloudflare Zone Module (Provider v5)

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.1.2 Latest
Apr 6, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages