CloudFlare is a security service that helps protect your website from attacks. When you use Terraform to create a new web application, CloudFlare is automatically added to the application’s security group. CloudFlare then uses its security features to help protect your website from attacks. To use CloudFlare with Terraform, you first need to create a new Terraform project. Then, add the CloudFlare security group to the project’s security section. Finally, use the Terraform CLI to build and deploy your web application using CloudFlare as its primary security provider.

  1. Create a new Terraform project: git clone https://github.com/cloudflare/terraform cd terraform 2) Add the CloudFlare security group: terraform add cloudflare 3) Build and deploy your web application: terraform build 4) Check for CloudFlare protection: terraform check-health 5) Enjoy secure browsing on your website!

Terraform is a popular infrastructure as code tool, and when paired with CloudFlare, makes managing complex configurations within CloudFlare much easier. For those not familiar, Terraform uses the HCL configuration language to define an infrastructure configuration that can then be used to apply the requested settings to the provider. CloudFlare offers DNS services, security, and edge computing services that pair perfectly with the Terraform tool.

Installing Terraform

Terraform can be used either on Windows or on Linux. The Terraform binary itself is a single executable, and merely needs to be downloaded and placed into the path of the system.

Windows Installation

First, you will need to download the Terraform executable for Windows. Once downloaded, place the executable in a Windows path location. If you need to put the executable in a different location but would like it accessible at any time, you can use the following PowerShell code to modify the user’s PATH environmental variable.

This can be used to modify the system PATH by changing User to Machine. You will need Administrative rights to do this.

Linux Installation

Much like Windows, you will download the latest release of Terraform. Because you might not always be using a GUI, you can do this via the following shell code. Replace {release} with the version of the code, like 0.13.0.

Setting Up Terraform for CloudFlare

To contain our Terraform configuration, we are going to make a directory to hold the .tf files, which are the extension of the Terraform configuration files. Create a new directory to hold the configuration.

PowerShell 7 on Windows

Bash Shell on Linux

Once you have created and navigated to the directory, we will need to initialize the Terraform configuration. We first need to create our configuration file. We are opting to not hardcode our credentials into the configuration file. Instead, a file will pass in those credentials that are excluded from version control. Speaking of which, Git is highly recommended to keep track of the changes.

cloudflare.tf

The following .auto.tfvars file will contain the secrets that we pass into Terraform but do not want to commit to version control history.

cloudflare.auto.tfvars

The reason for the .auto section of the .tfvars filename is that this variable folder will be automatically read by Terraform on operations instead of explicitly passing it in via -var-file=“cloudflare.tfvars”.

Now that we have both of our files configured, it is time to initialize our configuration. This will install any providers that have been specified in the provider section of our Terraform configuration file.

Defining the Terraform CloudFlare Configuration

Now that we have successfully connected to our domain, we need to create our configuration. The first thing we need to do is modify our cloudflare.auto.tfvars file to include the zone_id that we are going to be targeting the DNS records modifications to. Add the following line into the cloudflare.auto.tfvars file.

Next, we need to define the records that we are going to add to CloudFlare. To do this, we are going to use the cloudflare_record resource to create the records. The format of this is the following: resource {type} {name}. The type will be cloudflare_record, and for the name we will use a_mydomain_com and cname_www. These names are arbitrary though, and they can be whatever you would like.

One caveat about the names. If you want to use terraform import to import state on a given record, you will have to match the name with the import record like so:

terraform import cloudflare_record.a_mydomain_com {zone_id}/{record_id}

Planning the Terraform Changes

Now that we have our configuration defined, we can run the terraform plan command, which will generate the changes between what is known by Terraform via the .tfstate file and the CloudFlare environment. If resources have not been imported, or this is the first time running the command, then Terraform will have no knowledge of the environment and all changes will be new.

Applying the Terraform Changes

Once you are confident in your configuration, simply use the apply command. This will prompt for a confirmation, where you need to type yes. The output will show the configuration to apply and the state.

Conclusion

Combining CloudFlare and Terraform is a potent combination. When you are able to architect your environment in code and track changes over time (using version control), you unlock new efficiencies and control. In the event that a configuration is incorrect, it is trivial to roll back to a prior configuration, which makes recovering from errors very quick and painless.