قالب وردپرس درنا توس
Home / Tips and Tricks / How to use Terraform with CloudFlare – CloudSavvy IT

How to use Terraform with CloudFlare – CloudSavvy IT



CloudFlare logo

Terraform is a popular infrastructure as a code tool, and when paired with CloudFlare, it becomes easier to manage complex configurations within CloudFlare. For those unfamiliar, Terraform uses the HCL configuration language to define an infrastructure configuration that can then be used to apply the requested settings to the vendor. CloudFlare offers DNS services, security and edge computing services that fit perfectly with the Terraform tool.

Install Terraform

Terraform can be used on either Windows or Linux. The Terraform binary itself is a single executable and only needs to be downloaded and placed in the system path.

Windows installation

First you need to download the Terraform Run for Windows. After downloading, place the executable in a Windows path location. If you need to place the executable file in another location but want it available at any time, you can use the following PowerShell code to change the user̵

7;s PATH environmentally variable.

[System.Environment]::SetEnvironmentVariable("PATH",(($Env:PATH, "C:\Tools") -Join ";"),"User")

This can be used to modify the system PATH by changing User to Machine. You need administrative rights to do this.

Linux installation

Just like Windows, you can download the latest version of Terraform. Since you may not always use a GUI, you can do this via the following shell code. Replace {release} with the version of the code, which 0.13.0.

wget 
unzip terraform_{release}_linux_amd64.zip
mv terraform /usr/bin/

Set up Terraform for CloudFlare

To contain our Terraform configuration, we will create a directory that contains .tf files, which are the extension of the Terraform configuration files. Create a new directory to keep the configuration.

PowerShell 7 on Windows

New-Item -Name 'CF_Terraform' -Type 'Directory'
Set-Location -Path 'CF_Terraform'

Bash Shell on Linux

mkdir cf_terraform
cd cf_terraform

Once you have created and navigated to the directory, we need to initialize the Terraform configuration. We must first create our configuration file. We choose not to encode our references to the configuration file. Instead, a file is sent in the references that are exempt from version control. Speaking of which, Git strongly recommends keeping track of the changes.

cloudflare.tf

variable "api_token" {}

provider "cloudflare" {
  version   = "~> 2.9"
  api_token = var.api_token
}

The following .auto.tfvars the file will contain the secrets that we transfer to Terraform but do not want to commit to the version control history.

cloudflare.auto.tfvars

# Zone.DNS Permissions
# Example token below
api_token = "as3uo7WkxL6asdfasdfaME7IdLofKBG9C_Zi-gf"

reason .auto section of .tfvars file name is that this variable folder will automatically be read by Terraform during operations instead of explicitly submitting it via -var-file="cloudflare.tfvars".

Now that we have both our files configured, it’s time to initialize our configuration. This will install all vendors that have been specified in provider section of our Terraform configuration file.

terraform init

Initializing our configuration installs all vendors listed in the vendor section of our Terraform configuration file.

Define the Terraform CloudFlare configuration

Now that we’re connected to our domain, we need to create our configuration. The first thing we need to do is change ours cloudflare.auto.tfvars file to include zone_id to which we will target the DNS record changes. Add the following line in cloudflare.auto.tfvars file.

# Zone.DNS Permissions
api_token = "as3uo7WkxL6asdfasdfaME7IdLofKBG9C_Zi-gf"
# Specific Domain Zone ID
zone_id   = "fddd89b6e1d52ebdfdasdc8bc02186333"

Next, we need to define the items we are going to add to CloudFlare. To do this we will use cloudflare_record resource to create the records. The format for this is as follows: resource {type} {name}. The type will be cloudflare_record, and for the name we will use a_mydomain_com and cname_www. However, these names are arbitrary, and they can be whatever you want.

resource "cloudflare_record" "a_mydomain_com" {
  zone_id = var.zone_id
  name    = "mydomain.com"
  value   = "133.145.220.110"
  type    = "A"
  ttl     = 1
  proxied = true
}

resource "cloudflare_record" "cname_www" {
  zone_id = var.zone_id
  name    = "www"
  value   = "mydomain.com"
  type    = "CNAME"
  ttl     = 1
  proxied = true
}

A warning about the names. If you want to use terraform import to import permissions on a specific entry, you must match the name with the import entry as follows:

terraform import cloudflare_record.a_mydomain_com {zone_id}/{record_id}

Plan the Terraform changes

Now that we have defined our configuration, we can run terraform plan command that generates the changes between what is known by Terraform via .tfstate the file and the CloudFlare environment. If resources have not been imported, or if this is your first time running the command, Terraform will have no knowledge of the environment and any changes will be new.

terraform plan

Run the terraform plan command

Apply the Terraform changes

When you are sure of your configuration, just use apply command. This will ask for a confirmation, where you have to write yes. The output shows the configuration to be applied and the condition.

terraform apply
Use the Apply command to request confirmation and then type yes.  The output shows the configuration to be applied and the condition.
Use the Apply command. This will ask for a confirmation, where you must write yes. The output shows the configuration to be applied and the condition.

Conclusion

Combining CloudFlare and Terraform is a strong combination. When you can architect your environment in code and track changes over time (using version control), you unlock new efficiencies and controls. In the event that a configuration is incorrect, it is trivial to roll back to a previous configuration, making it quick and painless to recover from errors.


Source link