🌐 Managing Cloudflare DNS with Terraform

ZONE_ID="" API_TOKEN=""

tf vars file for token

cloudflare_api_token = "" cloudflare_zone_id = ""

Using Azure Blob Storage for State Backend

terraform init -migrate-state export ARM_ACCESS_KEY=""

This repository automates the management of Cloudflare DNS records using Terraform.
It includes scripts to import existing DNS records, generate Terraform configurations, and apply changes efficiently.

📂 Directory Structure

.
├── account-personal/          # Contains different accounts/domains
│   ├── ahmadraza.in/         # Terraform configs for ahmadraza.in
│   ├── kubecloud.in.net/     # Terraform configs for kubecloud.in.net
│   └── users/                # Other Cloudflare-related user settings
├── cf-terraforming/           # Terraforming scripts for Cloudflare
├── import.sh                  # Script to import existing DNS records into Terraform state
├── import.tf                  # Terraform resource blocks generated from Cloudflare records
├── main.tf                    # Main Terraform configuration
├── output.tf                  # Terraform outputs
├── provider.tf                 # Cloudflare provider configuration
├── README.md                   # Documentation (You're reading it!)
├── secret.md                   # Stores API keys and sensitive information (DO NOT SHARE!)
├── terraform.tfstate            # Terraform state file (tracks deployed resources)
├── terraform.tfstate.backup     # Backup of Terraform state
├── terraform.tfvars             # Terraform variables
├── tf-gen.sh                    # Script to generate Terraform resource blocks
└── variables.tf                 # Variable definitions for Terraform

🛠️ Setup Requirements

To use this Terraform setup for managing Cloudflare DNS, you need:

1️⃣ Cloudflare API Token

Generate an API token with the following permissions:

Zone.Zone Read
Zone.DNS Read & Write

💡 How to generate API Token:

Go to Cloudflare Dashboard (opens in a new tab)
Navigate to My Profile > API Tokens
Create a custom token with the above permissions
Copy and save the token securely (you'll need it for Terraform)

2️⃣ Cloudflare Zone ID

Each Cloudflare domain (zone) has a unique Zone ID.

💡 How to find your Zone ID:

Go to Cloudflare Dashboard (opens in a new tab)
Select your domain
Under Overview, find the Zone ID at the bottom of the page.

🚀 Step-by-Step Usage

1️⃣ Configure Terraform Provider

Edit the provider.tf file with your API token:

provider "cloudflare" {
  api_token = "your-cloudflare-api-token"
}

Alternatively, set it as an environment variable:

export CLOUDFLARE_API_TOKEN="your-cloudflare-api-token"

2️⃣ Generate Terraform Resource Blocks

Use the tf-gen.sh script to fetch existing Cloudflare DNS records and create Terraform configuration:

bash tf-gen.sh

This will generate import.tf containing Terraform resource blocks for each DNS record.

3️⃣ Import Existing Cloudflare DNS Records

Run the import.sh script to import existing records into Terraform state:

bash import.sh

This prevents Terraform from trying to recreate records that already exist.

4️⃣ Apply Terraform Configuration

After importing, run Terraform to verify and apply changes:

terraform init
terraform plan
terraform apply

🔄 Handling DNS Record Changes

To add new records: Modify main.tf and run terraform apply.
To update existing records: Change main.tf and run terraform plan to preview changes.
To remove records: Delete the record from main.tf and run terraform apply.

🔥 Troubleshooting

🛑 Terraform is trying to recreate existing records

If terraform plan shows it will recreate existing records, it's likely because:

The import was not done correctly
The imported state differs from the generated Terraform code

✅ Solution: Ensure you run import.sh before terraform plan.

📜 Example Terraform Configuration

A typical DNS record managed with Terraform looks like this:

resource "cloudflare_dns_record" "example" {
  zone_id = "947884535b3bc67c60b37af84c91a744"
  name    = "example"
  type    = "A"
  content = "198.51.100.4"
  proxied = true
  ttl     = 1
}

🎯 Next Steps

Automate DNS updates using CI/CD
Manage multiple Cloudflare accounts using workspaces
Enhance security by using environment variables for sensitive data

👤 Author

Ahmad Raza - ahmadraza.in (opens in a new tab)
For more guides, visit: docs.ahmadraza.in (opens in a new tab) 🚀

📌 What This README Covers

✔️ Terraform setup for Cloudflare DNS
✔️ Generating Terraform configuration from existing records
✔️ Importing existing DNS records into Terraform state
✔️ Managing DNS records efficiently
✔️ Troubleshooting common issues

R3 S3 API Mongodb