This terraform module populates an AWS security group ingress rules with Cloudflare source IPs. By default module only allows access for 443/tcp (https), but additional ports can be added.
The Cloudflare provider requires an API. The IP lookup doesn't use the token to featch the values. Using export CLOUDFLARE_API_TOKEN="YQSn-xWAQiiEh9qM58wZNnyQS7FUdoqGIUAbrh7T"
works. This invalid token that passes validation lifted from Cloudflare docs.
Name | Version |
---|---|
terraform | >= 1.0.0 |
aws | ~> 3.67.0 |
cloudflare | ~> 3.4.0 |
Name | Version |
---|---|
aws | ~> 3.67.0 |
cloudflare | ~> 3.4.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
vpc_id | The ID of the VPC to place the security group within | string |
n/a | yes |
additional_ports | Any additional tcp ports that should be addred to the egress rules | list(number) |
[] |
no |
name | The name of the security group | string |
"" |
no |
tags | The tags to apply to the security group and rules | map(any) |
{} |
no |
Name | Description |
---|---|
security_group | AWS security group containing ingress rules for Cloudflare services |
No modules.
Name | Type |
---|---|
aws_security_group.this | resource |
aws_security_group_rule.ingress_tcp | resource |
cloudflare_ip_ranges.cloudflare | data source |