https://github.com/brainsik/terraform-cloudflare-dns-caa
Create Cloudflare DNS CAA records
https://github.com/brainsik/terraform-cloudflare-dns-caa
caa cloudflare dns opentofu opentofu-modules terraform terraform-modules
Last synced: about 2 months ago
JSON representation
Create Cloudflare DNS CAA records
- Host: GitHub
- URL: https://github.com/brainsik/terraform-cloudflare-dns-caa
- Owner: brainsik
- License: mit
- Created: 2022-12-29T05:38:58.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-02-06T20:34:09.000Z (3 months ago)
- Last Synced: 2025-03-26T14:12:20.354Z (about 2 months ago)
- Topics: caa, cloudflare, dns, opentofu, opentofu-modules, terraform, terraform-modules
- Language: Shell
- Homepage: https://search.opentofu.org/module/brainsik/dns-caa/cloudflare/latest
- Size: 45.9 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-cloudflare-dns-caa
Create Cloudflare [DNS CAA records](https://www.rfc-editor.org/rfc/rfc8659).
The Zone ID can be found on the Cloudflare overview page for the domain you
want to add records to.
## Cloudflare v4
The latest version of this module supports the Cloudflare v5 provider. In
order to use Cloudflare v4 (which changed the name of the resource used to
create DNS records), pin to v2 of this module:
```hcl
source = "brainsik/dns-caa/cloudflare"
version = "~> 2"
```
## Usage
To create a root `example.com` CAA record saying [Let's Encrypt](https://letsencrypt.org)
can issue hostname certificates and _no_ CA can
issue wildcards:
```hcl
module "example_com_caa" {
source = "brainsik/dns-caa/cloudflare"
zone_id = "313372600deadcodebea5751993defc0"
name = "example.com"
issue = ["letsencrypt.org"]
issuewild = [";"]
}
```
The same record, but with ACME CAA Account and Method Bindings:
```hcl
module "example_com_caa" {
source = "brainsik/dns-caa/cloudflare"
zone_id = "313372600deadcodebea5751993defc0"
name = "example.com"
issue = ["letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/123456789; validationmethods=http-01"]
issuewild = [";"]
}
```
To create a root `example.com` CAA record saying both [Let's Encrypt](https://letsencrypt.org)
and [ZeroSSL](https://zerossl.com) can issue hostname certificates and _no_ CA can
issue wildcards:
```hcl
module "example_com_caa" {
source = "brainsik/dns-caa/cloudflare"
zone_id = "313372600deadcodebea5751993defc0"
name = "example.com"
issue = ["letsencrypt.org", "sectigo.com"]
issuewild = [";"]
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
| [cloudflare](#requirement\_cloudflare) | >= 5 |
## Providers
| Name | Version |
|------|---------|
| [cloudflare](#provider\_cloudflare) | >= 5 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [cloudflare_dns_record.caa_iodef](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/dns_record) | resource |
| [cloudflare_dns_record.caa_issue](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/dns_record) | resource |
| [cloudflare_dns_record.caa_issuewild](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/dns_record) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [iodef](#input\_iodef) | URL to send violation reports to | `set(string)` | `[]` | no |
| [issue](#input\_issue) | Domain name of CA that can issue certificates for specific hostnames | `set(string)` | `[]` | no |
| [issuewild](#input\_issuewild) | Domain name of CA that can issue wildcard certificates | `set(string)` | `[]` | no |
| [name](#input\_name) | The name of the record | `string` | n/a | yes |
| [zone\_id](#input\_zone\_id) | The Cloudflare DNS zone ID to add the record to | `string` | n/a | yes |
## Outputs
No outputs.