diff --git a/README.md b/README.md
index 9117143..0effc35 100644
--- a/README.md
+++ b/README.md
@@ -113,8 +113,10 @@ module "zone" {
source = "cloudposse/zone/cloudflare"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
- zone = "cloudposse.co"
- records = [
+
+ account_id = "example-account-id"
+ zone = "cloudposse.co"
+ records = [
{
name = "bastion"
value = "192.168.1.11"
@@ -195,6 +197,7 @@ Available targets:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [account\_id](#input\_account\_id) | Cloudflare account ID to manage the zone resource in | `string` | n/a | yes |
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [argo\_enabled](#input\_argo\_enabled) | Whether to enable Cloudflare Argo for DNS zone | `bool` | `false` | no |
| [argo\_smart\_routing\_enabled](#input\_argo\_smart\_routing\_enabled) | Whether smart routing is enabled. | `bool` | `true` | no |
@@ -205,8 +208,8 @@ Available targets:
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| [firewall\_rules](#input\_firewall\_rules) | paused:
Whether this filter is currently paused.
expression:
The filter expression to be used.
description:
A note that you can use to describe the purpose of the filter and rule.
ref:
Short reference tag to quickly select related rules.
action:
The action to apply to a matched request.
Possible values: `block`, `challenge`, `allow`, `js_challenge`, `bypass`.
priority:
The priority of the rule to allow control of processing order.
A lower number indicates high priority.
If not provided, any rules with a priority will be sequenced before those without.
products:
List of products to bypass for a request when the bypass action is used.
Possible values: `zoneLockdown`, `uaBlock`, `bic`, `hot`, `securityLevel`, `rateLimit`, `waf`. | `list(any)` | `null` | no |
-| [healthchecks](#input\_healthchecks) | A list of maps of Health Checks rules.
The values of map is fully compliant with `cloudflare_healthcheck` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/healthcheck | `list(any)` | `null` | no |
+| [firewall\_rules](#input\_firewall\_rules) | paused:
Whether this filter is currently paused.
expression:
The filter expression to be used.
description:
A note that you can use to describe the purpose of the filter and rule.
ref:
Short reference tag to quickly select related rules.
action:
The action to apply to a matched request.
Possible values: `block`, `challenge`, `allow`, `js_challenge`, `bypass`.
priority:
The priority of the rule to allow control of processing order.
A lower number indicates high priority.
If not provided, any rules with a priority will be sequenced before those without.
products:
List of products to bypass for a request when the bypass action is used.
Possible values: `zoneLockdown`, `uaBlock`, `bic`, `hot`, `securityLevel`, `rateLimit`, `waf`. | `list(any)` | `null` | no |
+| [healthchecks](#input\_healthchecks) | A list of maps of Health Checks rules.
The values of map is fully compliant with `cloudflare_healthcheck` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/healthcheck | `list(any)` | `null` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [jump\_start](#input\_jump\_start) | Whether to scan for DNS records on creation. | `bool` | `false` | no |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
@@ -215,10 +218,10 @@ Available targets:
| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| [page\_rules](#input\_page\_rules) | A list of maps of Page Rules.
The values of map is fully compliant with `cloudflare_page_rule` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/cloudflare_page_rule | `list(any)` | `null` | no |
+| [page\_rules](#input\_page\_rules) | A list of maps of Page Rules.
The values of map is fully compliant with `cloudflare_page_rule` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/cloudflare_page_rule | `list(any)` | `null` | no |
| [paused](#input\_paused) | Whether this zone is paused (traffic bypasses Cloudflare) | `bool` | `false` | no |
| [plan](#input\_plan) | The name of the commercial plan to apply to the zone. Possible values: `free`, `pro`, `business`, `enterprise` | `string` | `"free"` | no |
-| [records](#input\_records) | name:
The name of the record.
type:
The type of the record.
value:
The value of the record.
ttl:
The TTL of the record.
Default value: 1.
priority:
The priority of the record.
proxied:
Whether the record gets Cloudflare's origin protection.
Default value: false. | `list(any)` | `[]` | no |
+| [records](#input\_records) | name:
The name of the record.
type:
The type of the record.
value:
The value of the record.
ttl:
The TTL of the record.
Default value: 1.
priority:
The priority of the record.
proxied:
Whether the record gets Cloudflare's origin protection.
Default value: false. | `list(any)` | `[]` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
diff --git a/README.yaml b/README.yaml
index 309b4c2..14c252d 100644
--- a/README.yaml
+++ b/README.yaml
@@ -72,8 +72,10 @@ usage: |-
source = "cloudposse/zone/cloudflare"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
- zone = "cloudposse.co"
- records = [
+
+ account_id = "example-account-id"
+ zone = "cloudposse.co"
+ records = [
{
name = "bastion"
value = "192.168.1.11"
diff --git a/docs/terraform.md b/docs/terraform.md
index dbca417..2ce8032 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -38,6 +38,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [account\_id](#input\_account\_id) | Cloudflare account ID to manage the zone resource in | `string` | n/a | yes |
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [argo\_enabled](#input\_argo\_enabled) | Whether to enable Cloudflare Argo for DNS zone | `bool` | `false` | no |
| [argo\_smart\_routing\_enabled](#input\_argo\_smart\_routing\_enabled) | Whether smart routing is enabled. | `bool` | `true` | no |
@@ -48,8 +49,8 @@
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| [firewall\_rules](#input\_firewall\_rules) | paused:
Whether this filter is currently paused.
expression:
The filter expression to be used.
description:
A note that you can use to describe the purpose of the filter and rule.
ref:
Short reference tag to quickly select related rules.
action:
The action to apply to a matched request.
Possible values: `block`, `challenge`, `allow`, `js_challenge`, `bypass`.
priority:
The priority of the rule to allow control of processing order.
A lower number indicates high priority.
If not provided, any rules with a priority will be sequenced before those without.
products:
List of products to bypass for a request when the bypass action is used.
Possible values: `zoneLockdown`, `uaBlock`, `bic`, `hot`, `securityLevel`, `rateLimit`, `waf`. | `list(any)` | `null` | no |
-| [healthchecks](#input\_healthchecks) | A list of maps of Health Checks rules.
The values of map is fully compliant with `cloudflare_healthcheck` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/healthcheck | `list(any)` | `null` | no |
+| [firewall\_rules](#input\_firewall\_rules) | paused:
Whether this filter is currently paused.
expression:
The filter expression to be used.
description:
A note that you can use to describe the purpose of the filter and rule.
ref:
Short reference tag to quickly select related rules.
action:
The action to apply to a matched request.
Possible values: `block`, `challenge`, `allow`, `js_challenge`, `bypass`.
priority:
The priority of the rule to allow control of processing order.
A lower number indicates high priority.
If not provided, any rules with a priority will be sequenced before those without.
products:
List of products to bypass for a request when the bypass action is used.
Possible values: `zoneLockdown`, `uaBlock`, `bic`, `hot`, `securityLevel`, `rateLimit`, `waf`. | `list(any)` | `null` | no |
+| [healthchecks](#input\_healthchecks) | A list of maps of Health Checks rules.
The values of map is fully compliant with `cloudflare_healthcheck` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/healthcheck | `list(any)` | `null` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [jump\_start](#input\_jump\_start) | Whether to scan for DNS records on creation. | `bool` | `false` | no |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
@@ -58,10 +59,10 @@
| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| [page\_rules](#input\_page\_rules) | A list of maps of Page Rules.
The values of map is fully compliant with `cloudflare_page_rule` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/cloudflare_page_rule | `list(any)` | `null` | no |
+| [page\_rules](#input\_page\_rules) | A list of maps of Page Rules.
The values of map is fully compliant with `cloudflare_page_rule` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/cloudflare_page_rule | `list(any)` | `null` | no |
| [paused](#input\_paused) | Whether this zone is paused (traffic bypasses Cloudflare) | `bool` | `false` | no |
| [plan](#input\_plan) | The name of the commercial plan to apply to the zone. Possible values: `free`, `pro`, `business`, `enterprise` | `string` | `"free"` | no |
-| [records](#input\_records) | name:
The name of the record.
type:
The type of the record.
value:
The value of the record.
ttl:
The TTL of the record.
Default value: 1.
priority:
The priority of the record.
proxied:
Whether the record gets Cloudflare's origin protection.
Default value: false. | `list(any)` | `[]` | no |
+| [records](#input\_records) | name:
The name of the record.
type:
The type of the record.
value:
The value of the record.
ttl:
The TTL of the record.
Default value: 1.
priority:
The priority of the record.
proxied:
Whether the record gets Cloudflare's origin protection.
Default value: false. | `list(any)` | `[]` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 56761bf..0fda304 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -7,3 +7,5 @@ stage = "test"
name = "cf-zone"
zone = "test-automation.app"
+
+account_id = "example-account-id"
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index f5980e3..19d6cc1 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -1,6 +1,7 @@
module "zone" {
source = "../.."
+ account_id = var.account_id
zone = var.zone
zone_enabled = false
argo_enabled = false
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index d1bb2a0..73198f1 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -2,3 +2,8 @@ variable "zone" {
type = string
description = "The DNS zone name which will be added."
}
+
+variable "account_id" {
+ type = string
+ description = "Cloudflare account ID to manage the zone resource in"
+}
diff --git a/main.tf b/main.tf
index 0666825..ef8bca8 100644
--- a/main.tf
+++ b/main.tf
@@ -3,9 +3,9 @@ locals {
smart_routing = local.argo_enabed && var.argo_smart_routing_enabled ? "on" : "off"
argo_enabed = module.this.enabled && var.argo_enabled
zone_enabled = module.this.enabled && var.zone_enabled
- zone_exists = module.this.enabled && ! var.zone_enabled
+ zone_exists = module.this.enabled && !var.zone_enabled
records_enabled = module.this.enabled && length(var.records) > 0
- zone_id = local.zone_enabled ? join("", cloudflare_zone.default.*.id) : (local.zone_exists ? lookup(data.cloudflare_zones.default[0].zones[0], "id") : null)
+ zone_id = local.zone_enabled ? join("", cloudflare_zone.default[*].id) : (local.zone_exists ? data.cloudflare_zones.default[0].zones[0].id : null)
records = local.records_enabled ? {
for index, record in var.records :
try(record.key, format("%s-%s", record.name, record.type)) => record
@@ -23,6 +23,7 @@ data "cloudflare_zones" "default" {
resource "cloudflare_zone" "default" {
count = local.zone_enabled ? 1 : 0
+ account_id = var.account_id
zone = var.zone
paused = var.paused
jump_start = var.jump_start
diff --git a/outputs.tf b/outputs.tf
index 9bf31eb..e706cc8 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -24,37 +24,37 @@ output "firewall_rule_ids" {
output "plan" {
description = "The name of the commercial plan to apply to the zone."
- value = join("", cloudflare_zone.default.*.plan)
+ value = join("", cloudflare_zone.default[*].plan)
}
output "vanity_name_servers" {
description = "A list of Vanity Nameservers."
- value = try(cloudflare_zone.default.*.vanity_name_servers, null)
+ value = try(cloudflare_zone.default[*].vanity_name_servers, null)
}
output "meta_wildcard_proxiable" {
description = "Indicates whether wildcard DNS records can receive Cloudflare security and performance features."
- value = join("", cloudflare_zone.default.*.meta.wildcard_proxiable)
+ value = join("", cloudflare_zone.default[*].meta.wildcard_proxiable)
}
output "meta_phishing_detected" {
description = "Indicates if URLs on the zone have been identified as hosting phishing content."
- value = join("", cloudflare_zone.default.*.meta.phishing_detected)
+ value = join("", cloudflare_zone.default[*].meta.phishing_detected)
}
output "status" {
description = "Status of the zone."
- value = join("", cloudflare_zone.default.*.status)
+ value = join("", cloudflare_zone.default[*].status)
}
output "name_servers" {
description = "A list of Cloudflare-assigned name servers. This is only populated for zones that use Cloudflare DNS."
- value = try(cloudflare_zone.default.*.name_servers, null)
+ value = try(cloudflare_zone.default[*].name_servers, null)
}
output "verification_key" {
description = "Contains the TXT record value to validate domain ownership. This is only populated for zones of type `partial`."
- value = join("", cloudflare_zone.default.*.verification_key)
+ value = join("", cloudflare_zone.default[*].verification_key)
}
output "page_rule_targets_to_ids" {
diff --git a/variables.tf b/variables.tf
index 05b96e7..d535080 100644
--- a/variables.tf
+++ b/variables.tf
@@ -3,6 +3,11 @@ variable "zone" {
description = "The DNS zone name which will be added."
}
+variable "account_id" {
+ type = string
+ description = "Cloudflare account ID to manage the zone resource in"
+}
+
variable "zone_enabled" {
type = bool
description = "Whether to create DNS zone otherwise use existing."
@@ -23,9 +28,9 @@ variable "records" {
The TTL of the record.
Default value: 1.
priority:
- The priority of the record.
+ The priority of the record.
proxied:
- Whether the record gets Cloudflare's origin protection.
+ Whether the record gets Cloudflare's origin protection.
Default value: false.
DOC
}
@@ -86,7 +91,7 @@ variable "healthchecks" {
type = list(any)
default = null
description = <<-DOC
- A list of maps of Health Checks rules.
+ A list of maps of Health Checks rules.
The values of map is fully compliant with `cloudflare_healthcheck` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/healthcheck
DOC
@@ -105,14 +110,14 @@ variable "firewall_rules" {
ref:
Short reference tag to quickly select related rules.
action:
- The action to apply to a matched request.
+ The action to apply to a matched request.
Possible values: `block`, `challenge`, `allow`, `js_challenge`, `bypass`.
priority:
- The priority of the rule to allow control of processing order.
+ The priority of the rule to allow control of processing order.
A lower number indicates high priority.
If not provided, any rules with a priority will be sequenced before those without.
products:
- List of products to bypass for a request when the bypass action is used.
+ List of products to bypass for a request when the bypass action is used.
Possible values: `zoneLockdown`, `uaBlock`, `bic`, `hot`, `securityLevel`, `rateLimit`, `waf`.
DOC
}
@@ -121,7 +126,7 @@ variable "page_rules" {
type = list(any)
default = null
description = <<-DOC
- A list of maps of Page Rules.
+ A list of maps of Page Rules.
The values of map is fully compliant with `cloudflare_page_rule` resource.
To get more info see https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/cloudflare_page_rule
DOC