Skip to content

Flaconi/terraform-cloudflare-rulesets

Repository files navigation

Terraform module: Cloudflare Rulesets

This Terraform module manages Cloudflare Rulesets.

lint test Tag Terraform License

Providers

Name Version
cloudflare ~> 4.51

Requirements

Name Version
terraform ~> 1.8
cloudflare ~> 4.51

Required Inputs

The following input variables are required:

Description: The Cloudflare API token.

Type: string

Description: Cloudflare domain to apply rules for.

Type: string

Description: Name of the ruleset.

Type: string

Description: Type of Ruleset to create.

Type: string

Description: Point in the request/response lifecycle where the ruleset will be created.

Type: string

Optional Inputs

The following input variables are optional (have default values):

Description: Brief summary of the ruleset and its intended use.

Type: string

Default: null

Description: List of Cloudflare rule objects.

Type:

list(object({
    expression = string
    action     = string
    action_parameters = optional(object({
      # phase: http_config_settings, action: set_config
      polish = optional(string)

      # phase: http_log_custom_fields, action: log_custom_field
      cookie_fields   = optional(list(string))
      request_fields  = optional(list(string))
      response_fields = optional(list(string))

      # phase: http_request_dynamic_redirect, action: redirect
      from_value = optional(object({
        preserve_query_string = optional(bool)
        status_code           = number
        target_url = object({
          value      = optional(string)
          expression = optional(string)
        })
      }), null)

      # phase: http_request_firewall_custom, action: block, challenge, js_challenge, log, managed_challenge, skip
      phases   = optional(list(string))
      products = optional(list(string))
      ruleset  = optional(string)

      # phase: http_request_firewall_managed, action: block, challenge, js_challenge, log, managed_challenge, skip
      id = optional(string)
      overrides = optional(object({
        action = optional(string)
        categories = optional(list(object({
          action   = optional(string)
          category = string
          enabled  = bool
        })), [])
        enabled = optional(bool)
        rules = optional(list(object({
          id              = string
          action          = string
          enabled         = bool
          score_threshold = optional(number)
        })), [])
      }), null)

      # phase: http_request_origin, action: route
      host_header = optional(string)
      origin = optional(object({
        host = optional(string)
        port = optional(number)
      }), null)

      # phase: http_request_transform
      uri = optional(object({
        path  = optional(string)
        query = optional(string)
      }))
    }), null)
    # phase: http_ratelimit, action: block, challenge, js_challenge, log, managed_challenge
    ratelimit = optional(object({
      characteristics            = optional(list(string))
      counting_expression        = optional(string)
      mitigation_timeout         = optional(number)
      period                     = optional(number)
      requests_per_period        = optional(number)
      requests_to_origin         = optional(bool)
      score_per_period           = optional(number)
      score_response_header_name = optional(string)
    }), null)
    description = optional(string)
    enabled     = optional(bool, true)
    logging = optional(object({
      enabled = bool
    }), null)
    ref = optional(string)
  }))

Default: []

Outputs

Name Description
domain Current zone information.
rules Created Cloudflare rules for the current zone.

License

MIT License

Copyright (c) 2024 Flaconi GmbH