{"id":49655063,"url":"https://github.com/iamask/cloudflare_terraform","last_synced_at":"2026-05-06T08:43:19.067Z","repository":{"id":283010051,"uuid":"937538193","full_name":"iamask/cloudflare_terraform","owner":"iamask","description":null,"archived":false,"fork":false,"pushed_at":"2025-08-29T07:36:53.000Z","size":56,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-29T10:41:01.683Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iamask.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-23T10:01:37.000Z","updated_at":"2025-08-29T07:36:57.000Z","dependencies_parsed_at":"2025-06-20T18:35:00.104Z","dependency_job_id":null,"html_url":"https://github.com/iamask/cloudflare_terraform","commit_stats":null,"previous_names":["iamask/cloudflare_terraform"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/iamask/cloudflare_terraform","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fcloudflare_terraform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fcloudflare_terraform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fcloudflare_terraform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fcloudflare_terraform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iamask","download_url":"https://codeload.github.com/iamask/cloudflare_terraform/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamask%2Fcloudflare_terraform/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32685674,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-06T08:33:17.875Z","status":"ssl_error","status_checked_at":"2026-05-06T08:33:17.221Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-06T08:43:18.412Z","updated_at":"2026-05-06T08:43:19.057Z","avatar_url":"https://github.com/iamask.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloudflare Terraform Configuration\n\nEnterprise zone and account-level configuration using Terraform Provider v5. State managed by Terraform Cloud with GitHub Actions integration.\n\n## 📁 Project Structure\n\n```\ncloudflare_terraform/\n├── main.tf                           # Root configuration\n├── terraform.tfvars.example          # Example variables\n├── accounts/\n│   ├── account_a/\n│   │   ├── custom_rulesets/         # Account-level custom WAF rules\n│   │   ├── waf_managed_rulesets/    # Cloudflare \u0026 OWASP managed rulesets\n│   │   ├── ratelimit_rulesets/      # Account-level rate limiting\n│   │   └── zone_tf_zxc_co_in/       # Zone-specific configuration\n│   │       ├── dns/                 # DNS records\n│   │       ├── security/            # WAF, custom rules, rate limiting\n│   │       ├── rules/               # Transform, redirect, cache rules\n│   │       ├── tls/                 # SSL/TLS settings\n│   │       └── zone_settings/       # Zone-level settings\n│   └── account_b/                   # Additional account configuration\n│       └── main.tf                  # Account B configuration (to be defined)\n```\n\n\u003e **Note:** Additional accounts can be configured similarly under the `accounts/` directory to manage multi-account deployments.\n\n## 🚀 Features\n\n**Account-Level:**\n- Custom WAF rulesets\n- Managed WAF (Cloudflare \u0026 OWASP Core Ruleset)\n- Rate limiting rules\n\n**Zone-Level:**\n- DNS management\n- Security (WAF, custom rules, rate limiting)\n- Rules (transform, redirect, cache, origin)\n- TLS/SSL configuration\n- Zone settings\n\n## 📋 Requirements\n\n- Terraform \u003e= 1.5.0\n- Cloudflare Provider ~\u003e 5.0\n- Cloudflare API Token ([Create Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/))\n- Account ID \u0026 Zone ID ([Find IDs](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/))\n\n## 🔧 Quick Start\n\n```bash\n# Clone repository\ngit clone \u003crepository-url\u003e\n\n# Initialize Terraform\nterraform init\n\n# Review changes\nterraform plan\n\n# Apply configuration\nterraform apply\n```\n\n## ⚠️ Important Note\n\n**Ruleset Modification Behavior**: \n\n✅ **In-place updates** (no downtime):\n- Modifying rule expressions (e.g., changing hostnames)\n- Updating descriptions or enabled status\n- Simple property changes within existing rules\n\n❌ **Full replacement** (brief disruption):\n- Adding or removing rules from the array\n- Changing fundamental properties (kind, phase)\n- Major structural changes to the ruleset\n\n```hcl\n# Example: Expression changes = UPDATE\nexpression = \"host eq \\\"api.example.com\\\"\" → \"host eq \\\"api2.example.com\\\"\"  # ✅ In-place update\n\n# Example: Adding/removing rules = REPLACE\nrules = [\n  { action = \"block\", ... },  # Existing\n  { action = \"log\", ... }     # ← Adding new rule causes replacement\n]\n```\n\n### 💡 Mitigation Strategies\n\n**1. Use Multiple Smaller Rulesets**\n```hcl\n# Instead of one large ruleset, split by purpose\nresource \"cloudflare_ruleset\" \"security_rules\" { ... }     # Security-focused rules\nresource \"cloudflare_ruleset\" \"api_rules\" { ... }          # API protection rules\nresource \"cloudflare_ruleset\" \"geo_rules\" { ... }          # Geo-blocking rules\n# Changes to one ruleset won't affect others\n```\n\n**2. Use Lifecycle Meta-Argument**\n```hcl\nresource \"cloudflare_ruleset\" \"account_custom_ruleset\" {\n  # ... ruleset configuration ...\n  \n  lifecycle {\n    create_before_destroy = true  # Creates new ruleset before destroying old one\n  }\n}\n# Minimizes downtime during replacement\n```\n\n## 📚 References\n\n- [Cloudflare Provider Docs](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)\n- [Terraform + Cloudflare Guide](https://developers.cloudflare.com/terraform/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamask%2Fcloudflare_terraform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiamask%2Fcloudflare_terraform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamask%2Fcloudflare_terraform/lists"}