cloudflare/cf-terraforming

cloudflare/cf-terraforming

Description: A command line utility to facilitate terraforming your existing Cloudflare resources.

Language: Go

License: MPL-2.0

Stars: 1371

Forks: 168

Open issues: 12

Created: 2018-12-07T21:41:47Z

Pushed: 2026-05-30T17:16:38Z

Default branch: master

Fork: no

Archived: no

README:

Cloudflare Terraforming

Overview

cf-terraforming is a command line utility to facilitate terraforming your existing Cloudflare resources. It does this by using your account credentials to retrieve your configurations from the Cloudflare API and converting them to Terraform configurations that can be used with the Terraform Cloudflare provider.

This tool is ideal if you already have Cloudflare resources defined but want to start managing them via Terraform, and don't want to spend the time to manually write the Terraform configuration to describe them. The intention is that this would be a one-time HCL generation of whichever resource(s) you want to begin managing exclusively through Terraform.

Read the announcement blog for further details on using cf-terraforming in your workflow.

> [!WARNING] > This tool is not intended for use in CI.

> [!NOTE] > If you would like to export resources compatible with Terraform you will need to download an older release as this tool no longer supports it.

Usage

Usage:
cf-terraforming import [flags]

Flags:
-h, --help help for import

Global Flags:
-a, --account string Target the provided account ID for the command
-c, --config string Path to config file (default "/Users/vaishak/.cf-terraforming.yaml")
-e, --email string API Email address associated with your account
--hostname string Hostname to use to query the API
-k, --key string API Key generated on the 'My Profile' page. See: https://dash.cloudflare.com/profile
--modern-import-block Whether to generate HCL import blocks for generated resources instead of terraform import compatible CLI commands. This is only compatible with Terraform 1.5+
--provider-registry-hostname string Hostname to use for provider registry lookups. Deprecated: this is no longer needed to be configured for custom registries.
--resource-id key Resource type and IDs mapping in the format of key to comma separated values. Example: `cloudflare_zone_setting=always_online,cache_level,...`
--resource-type string Comma delimitered string of which resource(s) you wish to generate
--terraform-binary-path string Path to an existing Terraform binary (otherwise, one will be downloaded)
--terraform-install-path string Path to an initialized Terraform working directory (default ".")
-t, --token string API Token
-v, --verbose Specify verbose output (same as setting log level to debug)
-z, --zone string Target the provided zone ID for the command

Authentication

Cloudflare supports two authentication methods to the API:

• API Token - gives access only to resources and permissions specified for that token (recommended)
• API key - gives access to everything your user profile has access to

Both can be retrieved on the user profile page.

> [!TIP] > We recommend that you store your Cloudflare credentials (API key, email, token) as environment > variables as demonstrated below.

# if using API Token
export CLOUDFLARE_API_TOKEN='Hzsq3Vub-7Y-hSTlAaLH3Jq_YfTUOCcgf22_Fs-j'

# if using API Key
export CLOUDFLARE_EMAIL='user@example.com'
export CLOUDFLARE_API_KEY='1150bed3f45247b99f7db9696fffa17cbx9'

# specify zone ID
export CLOUDFLARE_ZONE_ID='81b06ss3228f488fh84e5e993c2dc17'

# now call cf-terraforming, e.g.
cf-terraforming generate \
--resource-type "cloudflare_record" \
--zone $CLOUDFLARE_ZONE_ID

cf-terraforming supports the following environment variables:

• CLOUDFLARE_API_TOKEN - API Token based authentication
• CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY - API Key based authentication

Alternatively, if using a config file, then specify the inputs using the same names the flag names. Example:

cat ~/.cf-terraforming.yaml
email: "email@domain.com"
key: ""
#or
token: ""

Example usage

cf-terraforming generate \
--zone $CLOUDFLARE_ZONE_ID \
--resource-type "cloudflare_record"

will contact the Cloudflare API on your behalf and result in a valid Terraform configuration representing the resource you requested:

resource "cloudflare_record" "terraform_managed_resource" {
name = "example.com"
proxied = false
ttl = 120
type = "A"
value = "198.51.100.4"
zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
}

Some resource require an ID to be passed in to be able to either generate the hcl block or import command. The resources which require an id are listed in the table below for the v5 provider. Example usage:

cf-terraforming generate \
--zone $CLOUDFLARE_ZONE_ID \
--resource-type "cloudflare_hostname_tls_setting" \
--resource-id "cloudflare_hostname_tls_setting=ciphers"

Define --terraform-binary-path on the generate command which will ensure we're reusing the installed version of terraform instead of fetching a new one each time, if you're seeing issues.

Prerequisites

• A Cloudflare account with resources defined (e.g. a few zones, some load

balancers, spectrum applications, etc)

• A valid Cloudflare API key and sufficient permissions to access the resources

you are requesting via the API

• An initialised Terraform directory (terraform init has run and providers installed). See the provider documentation if you have not yet setup the Terraform directory.

Installation

Homebrew

brew tap cloudflare/cloudflare
brew install cloudflare/cloudflare/cf-terraforming

> [!NOTE] > If you have installed an older version of cf-terraforming via Homebrew, > you may need to first uninstall cf-terraforming and then install it to > pick up the updated install process and address the signing/notarisation > issues.

Go

go install github.com/cloudflare/cf-terraforming/cmd/cf-terraforming@latest

If you use another OS, you will need to download the release directly from GitHub Releases or build the Go source.

##…