Skip to content
/ terraform-aws-cloudflare-ips-security-group Public

This terraform module populates an AWS security group ingress rules with Cloudflare source IPs

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

skwashd/terraform-aws-cloudflare-ips-security-group

BranchesTags

Repository files navigation

Cloudflare Source IPs AWS Security Group Ingress

This terraform module populates an AWS security group ingress rules with Cloudflare source IPs. By default module only allows access for 443/tcp (https), but additional ports can be added.

Example

To include this model in your project you can use the following definition:

module "cloudflare_ips" {
  source  = "skwashd/cloudflare-ips-security-group/aws"
  version = "1.1.0"

  vpc_id = aws_vpc.id

  tags = var.tags
}

# ...

resource "aws_lb" "my_app" {
  name = "app-${var.tags["Environment"]}"

  load_balancer_type = "application"
  security_groups    = [module.cloudflare_ips.security_group.id, aws_security_group.alb.id] # etc

  # ...
}

This will create the security group and attach it to your load balancer.

API Token

The Cloudflare provider requires an API token.

If you already use the Cloudflare provider in your project, you don't need to do anything. Your existing token will work.

If you only need to fetch the IPs, then you don't need to generate a real token. The IP lookup doesn't use the token to fetch the values. In your pipeline set the CLOUDFLARE_API_TOKEN using export CLOUDFLARE_API_TOKEN="YQSn-xWAQiiEh9qM58wZNnyQS7FUdoqGIUAbrh7T" or the equivelant in your deployment tool of choice. This invalid token that passes validation lifted from Cloudflare docs.

Generated Docs

Requirements

Name Version
terraform >= 1.0.0, < 2.0.0
aws >= 5.0.0, < 6.0.0
cloudflare >= 4.0.0, < 5.0.0

Providers

Name Version
aws >= 5.0.0, < 6.0.0
cloudflare >= 4.0.0, < 5.0.0

Inputs

Name Description Type Default Required
vpc_id The ID of the VPC to place the security group within string n/a yes
additional_ports Any additional tcp ports that should be addred to the egress rules list(number) [] no
name The name of the security group string "" no
tags The tags to apply to the security group and rules map(any) {} no

Outputs

Name Description
security_group AWS security group containing ingress rules for Cloudflare services

Modules

No modules.

Resources

Name Type
aws_security_group.this resource
aws_vpc_security_group_ingress_rule.ingress_tcp_ipv4 resource
aws_vpc_security_group_ingress_rule.ingress_tcp_ipv6 resource
cloudflare_ip_ranges.cloudflare data source

About

This terraform module populates an AWS security group ingress rules with Cloudflare source IPs

Topics

aws terraform cloudflare aws-vpc terraform-module aws-security-group

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages