Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/flaconi/terraform-cloudflare-firewall
Terraform module for Cloudflare firewall rules
https://github.com/flaconi/terraform-cloudflare-firewall
cloudflare terraform terraform-module
Last synced: about 4 hours ago
JSON representation
Terraform module for Cloudflare firewall rules
- Host: GitHub
- URL: https://github.com/flaconi/terraform-cloudflare-firewall
- Owner: Flaconi
- License: mit
- Created: 2021-09-21T12:40:44.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2024-04-12T10:56:38.000Z (7 months ago)
- Last Synced: 2024-04-12T17:24:37.982Z (7 months ago)
- Topics: cloudflare, terraform, terraform-module
- Language: Makefile
- Homepage:
- Size: 33.2 KB
- Stars: 2
- Watchers: 11
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Terraform module: Cloudflare Firewall rules
[](https://github.com/flaconi/terraform-cloudflare-firewall/actions?query=workflow%3Alint)
[](https://github.com/flaconi/terraform-cloudflare-firewall/actions?query=workflow%3Atest)
[](https://github.com/flaconi/terraform-cloudflare-firewall/releases)
[](https://registry.terraform.io/modules/flaconi/firewall/cloudflare/)
[](https://opensource.org/licenses/MIT)
This Terraform module manages Cloudflare Firewall rules to its full extend (even for Enterprise customers).
## Behaviour
When deleting Cloudflare firewall rules and recreating them with the same expression, Terraform is too fast for the Cloudflare API and will fail with an error, that the rule already exists.
To overcome this limitation, all rules in this module are indexed by their corresponding firewall expression (see [locals.tf](locals.tf)). Firewall expressions must be unique in Cloudflare anyway, so the index will never duplicate.
This also means that whenever the expression changes, the rule will be recreated. Changes in all other values will not trigger a recreated.
## Priority of rules
This module omits the `priority` key for rulesets and auto-calculates those by the order they appear in the `rules` list.
## Example
`terraform.tfvars`:
```hcl
domain = "domain.tld"
rules = [
{
description = "Test (WAF Bypass)"
paused = false
action = "bypass"
expression = "(http.user_agent contains \"UA-TEST/\" and ip.src eq 1.2.3.4 and http.request.uri.path eq \"/api/endpoint\")"
products = ["waf"]
},
{
description = "Test"
paused = false
action = "allow"
expression = "(http.user_agent contains \"UA-TEST1\" and ip.src eq 1.2.3.4 and http.request.uri.path eq \"/api/endpoint\")"
products = []
},
]
```
## Providers
| Name | Version |
|------|---------|
| [cloudflare](#provider\_cloudflare) | ~> 4.29 |
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5 |
| [cloudflare](#requirement\_cloudflare) | ~> 4.29 |
## Required Inputs
The following input variables are required:
### [api\_token](#input\_api\_token)
Description: The Cloudflare API token.
Type: `string`
Description: Cloudflare domain to apply rules for.
Type: `string`
## Optional Inputs
The following input variables are optional (have default values):
Description: List of Cloudflare firewall rule objects.
Type:
```hcl
list(object({
description = string
enabled = bool
action = string
expression = string
products = list(string)
}))
```
Default: `[]`
## Outputs
| Name | Description |
|------|-------------|
| [domain](#output\_domain) | Current zone information. |
| [rules](#output\_rules) | Created Cloudflare rules for the current zone. |
## License
**[MIT License](LICENSE)**
Copyright (c) 2021 **[flaconi](https://github.com/flaconi)**