Welcome! This repository is dedicated to managing Cloudflare infrastructure with Terraform.
In order to keep secrets safe, I used some tools to accomplish this goal.
https://docs.aws.amazon.com/kms/
https://github.com/getsops/sops
https://github.com/gruntwork-io/terragrunt
https://github.com/cloudflare/cf-terraforming
All projects have their own license. Please, check them out.
- Create a KMS Key in AWS
- Install SOPS tool
- Install Terragrunt tool
- Install cf-terraforming
- Clone current cloudflare infraestructure (cf-terraforming)
- Export variables
$ export CLOUDFLARE_API_TOKEN='YOURAPITOKEN'
$ export CLOUDFLARE_ZONE_ID='YOURZONEID'
$ export CLOUDFLARE_EMAIL='YOURCLOUDFLAREMAIL'- Execute command to export existing configuration
$ cf-terraforming generate --email $CLOUDFLARE_EMAIL --token $CLOUDFLARE_API_TOKEN -z $CLOUDFLARE_ZONE_ID --resource-type cloudflare_dns_record > existing_cloudflare_config.tf- Execute command to import existing configuration
#It returns one line per DNS record. Copy & Paste one at a time
$ cf-terraforming import --resource-type "cloudflare_dns_record" --email $CLOUDFLARE_EMAIL --key $CLOUDFLARE_API_KEY --zone $CLOUDFLARE_ZONE_ID
$ terragrunt import cloudflare_dns_record.terraform_managed_resource_example1djdtgdfdfjdndv...
20:04:57.084 STDOUT terraform: cloudflare_dns_record.terraform_managed_resource_example1djdtgdfdfjdndv1: Importing from ID "example1djdtgdfdfjdndv"...
20:04:58.217 STDOUT terraform: cloudflare_dns_record.terraform_managed_resource_example1djdtgdfdfjdndv: Import prepared!
20:04:58.220 STDOUT terraform: Prepared cloudflare_dns_record for import
20:04:58.220 STDOUT terraform: cloudflare_dns_record.terraform_managed_resource_example1djdtgdfdfjdndv: Refreshing state... [id=example1djdtgdfdfjdndv]
20:04:59.025 STDOUT terraform:
20:04:59.025 STDOUT terraform: Import successful!
20:04:59.025 STDOUT terraform: The resources that were imported are shown above. These resources are now in
20:04:59.025 STDOUT terraform: your Terraform state and will henceforth be managed by Terraform.
20:04:59.025 STDOUT terraform:
$ terragrunt import cloudflare_dns_record.terraform_managed_resource_example2dpplkkmnjicndv...
20:05:51.084 STDOUT terraform: cloudflare_dns_record.terraform_managed_resource_example2dpplkkmnjicndv: Importing from ID "example2dpplkkmnjicndv"...
20:05:52.217 STDOUT terraform: cloudflare_dns_record.terraform_managed_resource_example2dpplkkmnjicndv: Import prepared!
20:05:52.220 STDOUT terraform: Prepared cloudflare_dns_record for import
20:05:52.220 STDOUT terraform: cloudflare_dns_record.terraform_managed_resource_example2dpplkkmnjicndv1: Refreshing state... [id=example2dpplkkmnjicndv]
20:05:53.025 STDOUT terraform:
20:05:53.025 STDOUT terraform: Import successful!
20:05:53.025 STDOUT terraform: The resources that were imported are shown above. These resources are now in
20:05:53.025 STDOUT terraform: your Terraform state and will henceforth be managed by Terraform.
20:05:53.025 STDOUT terraform: Instead of using terraform, it necessary to use terragrunt in order to access to secrets.
# Clone the repository
$ git clone https://github.com/asantar0/cloudflare-terraform.git
# Navigate to the project directory
$ cd cloudflare-terraform
# Install dependencies
$ terraform init
# Plan
$ terragrunt plan
# Apply
$ terragrunt apply
# Destroy
$ terragrunt destroyThis project is licensed under the MIT License. See the LICENSE file for more details.
This project is provided as-is, and the authors are not responsible for any damages or losses resulting from its use. Always test security measures in a staging environment before applying them to a prod site.