Skip to main content

​
🌐 Managing Cloudflare DNS with Terraform

ZONE_ID="" API_TOKEN=""

​
tf vars file for token

cloudflare_api_token = "" cloudflare_zone_id = ""

​
Using Azure Blob Storage for State Backend

terraform init -migrate-state export ARM_ACCESS_KEY="" This repository automates the management of Cloudflare DNS records using Terraform.
It includes scripts to import existing DNS records, generate Terraform configurations, and apply changes efficiently.

​
πŸ“‚ Directory Structure

.
β”œβ”€β”€ account-personal/          # Contains different accounts/domains
β”‚   β”œβ”€β”€ ahmadraza.in/         # Terraform configs for ahmadraza.in
β”‚   β”œβ”€β”€ kubecloud.in.net/     # Terraform configs for kubecloud.in.net
β”‚   └── users/                # Other Cloudflare-related user settings
β”œβ”€β”€ cf-terraforming/           # Terraforming scripts for Cloudflare
β”œβ”€β”€ import.sh                  # Script to import existing DNS records into Terraform state
β”œβ”€β”€ import.tf                  # Terraform resource blocks generated from Cloudflare records
β”œβ”€β”€ main.tf                    # Main Terraform configuration
β”œβ”€β”€ output.tf                  # Terraform outputs
β”œβ”€β”€ provider.tf                 # Cloudflare provider configuration
β”œβ”€β”€ README.md                   # Documentation (You're reading it!)
β”œβ”€β”€ secret.md                   # Stores API keys and sensitive information (DO NOT SHARE!)
β”œβ”€β”€ terraform.tfstate            # Terraform state file (tracks deployed resources)
β”œβ”€β”€ terraform.tfstate.backup     # Backup of Terraform state
β”œβ”€β”€ terraform.tfvars             # Terraform variables
β”œβ”€β”€ tf-gen.sh                    # Script to generate Terraform resource blocks
└── variables.tf                 # Variable definitions for Terraform

​
πŸ› οΈ Setup Requirements

To use this Terraform setup for managing Cloudflare DNS, you need:

​
1️⃣ Cloudflare API Token

Generate an API token with the following permissions:
  • Zone.Zone Read
  • Zone.DNS Read & Write
πŸ’‘ How to generate API Token:
  1. Go to Cloudflare Dashboard
  2. Navigate to My Profile > API Tokens
  3. Create a custom token with the above permissions
  4. Copy and save the token securely (you’ll need it for Terraform)

​
2️⃣ Cloudflare Zone ID

Each Cloudflare domain (zone) has a unique Zone ID. πŸ’‘ How to find your Zone ID:
  1. Go to Cloudflare Dashboard
  2. Select your domain
  3. Under Overview, find the Zone ID at the bottom of the page.

​
πŸš€ Step-by-Step Usage

​
1️⃣ Configure Terraform Provider

Edit the provider.tf file with your API token: 
provider "cloudflare" {
  api_token = "your-cloudflare-api-token"
}
Alternatively, set it as an environment variable: 
export CLOUDFLARE_API_TOKEN="your-cloudflare-api-token"

​
2️⃣ Generate Terraform Resource Blocks

Use the tf-gen.sh script to fetch existing Cloudflare DNS records and create Terraform configuration: 
bash tf-gen.sh
This will generate import.tf containing Terraform resource blocks for each DNS record.

​
3️⃣ Import Existing Cloudflare DNS Records

Run the import.sh script to import existing records into Terraform state: 
bash import.sh
This prevents Terraform from trying to recreate records that already exist.

​
4️⃣ Apply Terraform Configuration

After importing, run Terraform to verify and apply changes: 
terraform init
terraform plan
terraform apply

​
πŸ”„ Handling DNS Record Changes

  • To add new records: Modify main.tf and run terraform apply.
  • To update existing records: Change main.tf and run terraform plan to preview changes.
  • To remove records: Delete the record from main.tf and run terraform apply.

​
πŸ”₯ Troubleshooting

​
πŸ›‘ Terraform is trying to recreate existing records

If terraform plan shows it will recreate existing records, it’s likely because:
  • The import was not done correctly
  • The imported state differs from the generated Terraform code
βœ… Solution: Ensure you run import.sh before terraform plan.

​
πŸ“œ Example Terraform Configuration

A typical DNS record managed with Terraform looks like this: 
resource "cloudflare_dns_record" "example" {
  zone_id = "947884535b3bc67c60b37af84c91a744"
  name    = "example"
  type    = "A"
  content = "198.51.100.4"
  proxied = true
  ttl     = 1
}

​
🎯 Next Steps

  • Automate DNS updates using CI/CD
  • Manage multiple Cloudflare accounts using workspaces
  • Enhance security by using environment variables for sensitive data

​
πŸ‘€ Author

Ahmad Raza - ahmadraza.in
For more guides, visit: docs.ahmadraza.in πŸš€

​
πŸ“Œ What This README Covers

βœ”οΈ Terraform setup for Cloudflare DNS
βœ”οΈ Generating Terraform configuration from existing records
βœ”οΈ Importing existing DNS records into Terraform state
βœ”οΈ Managing DNS records efficiently
βœ”οΈ Troubleshooting common issues