Skip to content
Cloudflare API
Start here
API Reference

Accounts

resource cloudflare_account

required Expand Collapse
name: String

Account name

optional Expand Collapse
unit?: Attributes

information related to the tenant unit, and optionally, an id of the unit to create the account on. see https://developers.cloudflare.com/tenant/how-to/manage-accounts/

id?: String

Tenant unit ID

type?: String
managed_by?: Attributes

Parent container details

parent_org_id: String

ID of the parent Organization, if one exists

parent_org_name: String

Name of the parent Organization, if one exists

settings?: Attributes

Account settings

abuse_contact_email?: String

Sets an abuse contact email to notify for abuse reports.

enforce_twofactor?: Bool

Indicates whether membership in this account requires that Two-Factor Authentication is enabled

computed Expand Collapse
id: String

Identifier

created_on: Time

Timestamp for the creation of the account

cloudflare_account

resource "cloudflare_account" "example_account" {
  name = "name"
  type = "standard"
  unit = {
    id = "f267e341f3dd4697bd3b9f71dd96247f"
  }
}

data cloudflare_account

optional Expand Collapse
account_id?: String

Account identifier tag.

filter?: Attributes
direction?: String

Direction to order results.

name?: String

Name of the account.

computed Expand Collapse
id: String

Account identifier tag.

created_on: Time

Timestamp for the creation of the account

name: String

Account name

type: String
managed_by: Attributes

Parent container details

parent_org_id: String

ID of the parent Organization, if one exists

parent_org_name: String

Name of the parent Organization, if one exists

settings: Attributes

Account settings

abuse_contact_email: String

Sets an abuse contact email to notify for abuse reports.

enforce_twofactor: Bool

Indicates whether membership in this account requires that Two-Factor Authentication is enabled

cloudflare_account

data "cloudflare_account" "example_account" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_accounts

optional Expand Collapse
direction?: String

Direction to order results.

name?: String

Name of the account.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

Identifier

name: String

Account name

type: String
created_on: Time

Timestamp for the creation of the account

managed_by: Attributes

Parent container details

parent_org_id: String

ID of the parent Organization, if one exists

parent_org_name: String

Name of the parent Organization, if one exists

settings: Attributes

Account settings

abuse_contact_email: String

Sets an abuse contact email to notify for abuse reports.

enforce_twofactor: Bool

Indicates whether membership in this account requires that Two-Factor Authentication is enabled

cloudflare_accounts

data "cloudflare_accounts" "example_accounts" {
  direction = "desc"
  name = "example.com"
}

AccountsMembers

resource cloudflare_account_member

required Expand Collapse
account_id: String

Account identifier tag.

email: String

The contact email address of the user.

optional Expand Collapse
status?: String

Status of the member invitation. If not provided during creation, defaults to 'pending'. Changing from 'accepted' back to 'pending' will trigger a replacement of the member resource in Terraform.

roles?: List[String]

Array of roles associated with this member.

policies?: List[Attributes]

Array of policies associated with this member.

id: String

Policy identifier.

access: String

Allow or deny operations against the resources.

permission_groups: List[Attributes]

A set of permission groups that are specified to the policy.

id: String

Identifier of the group.

resource_groups: List[Attributes]

A list of resource groups that the policy applies to.

id: String

Identifier of the group.

computed Expand Collapse
id: String

Membership identifier tag.

user: Attributes

Details of the user associated to the membership.

email: String

The contact email address of the user.

id: String

Identifier

first_name: String

User's first name

last_name: String

User's last name

two_factor_authentication_enabled: Bool

Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication.

cloudflare_account_member

resource "cloudflare_account_member" "example_account_member" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  email = "user@example.com"
  roles = ["3536bcfad5faccb999b47003c79917fb"]
  status = "accepted"
}

data cloudflare_account_member

required Expand Collapse
account_id: String

Account identifier tag.

optional Expand Collapse
member_id?: String

Membership identifier tag.

filter?: Attributes
direction?: String

Direction to order results.

order?: String

Field to order results by.

status?: String

A member's status in the account.

computed Expand Collapse
id: String

Membership identifier tag.

email: String

The contact email address of the user.

status: String

A member's status in the account.

policies: List[Attributes]

Access policy for the membership

id: String

Policy identifier.

access: String

Allow or deny operations against the resources.

permission_groups: List[Attributes]

A set of permission groups that are specified to the policy.

id: String

Identifier of the permission group.

meta: Attributes

Attributes associated to the permission group.

key: String
value: String
name: String

Name of the permission group.

resource_groups: List[Attributes]

A list of resource groups that the policy applies to.

id: String

Identifier of the resource group.

scope: List[Attributes]

The scope associated to the resource group

key: String

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[Attributes]

A list of scope objects for additional context.

key: String

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Attributes

Attributes associated to the resource group.

key: String
value: String
name: String

Name of the resource group.

roles: List[Attributes]

Roles assigned to this Member.

id: String

Role identifier tag.

description: String

Description of role's permissions.

name: String

Role name.

permissions: Attributes
analytics: Attributes
read: Bool
write: Bool
billing: Attributes
read: Bool
write: Bool
cache_purge: Attributes
read: Bool
write: Bool
dns: Attributes
read: Bool
write: Bool
dns_records: Attributes
read: Bool
write: Bool
lb: Attributes
read: Bool
write: Bool
logs: Attributes
read: Bool
write: Bool
organization: Attributes
read: Bool
write: Bool
ssl: Attributes
read: Bool
write: Bool
waf: Attributes
read: Bool
write: Bool
zone_settings: Attributes
read: Bool
write: Bool
zones: Attributes
read: Bool
write: Bool
user: Attributes

Details of the user associated to the membership.

email: String

The contact email address of the user.

id: String

Identifier

first_name: String

User's first name

last_name: String

User's last name

two_factor_authentication_enabled: Bool

Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication.

cloudflare_account_member

data "cloudflare_account_member" "example_account_member" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  member_id = "4536bcfad5faccb111b47003c79917fa"
}

data cloudflare_account_members

required Expand Collapse
account_id: String

Account identifier tag.

optional Expand Collapse
direction?: String

Direction to order results.

order?: String

Field to order results by.

status?: String

A member's status in the account.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

Membership identifier tag.

email: String

The contact email address of the user.

policies: List[Attributes]

Access policy for the membership

id: String

Policy identifier.

access: String

Allow or deny operations against the resources.

permission_groups: List[Attributes]

A set of permission groups that are specified to the policy.

id: String

Identifier of the permission group.

meta: Attributes

Attributes associated to the permission group.

key: String
value: String
name: String

Name of the permission group.

resource_groups: List[Attributes]

A list of resource groups that the policy applies to.

id: String

Identifier of the resource group.

scope: List[Attributes]

The scope associated to the resource group

key: String

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[Attributes]

A list of scope objects for additional context.

key: String

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Attributes

Attributes associated to the resource group.

key: String
value: String
name: String

Name of the resource group.

roles: List[Attributes]

Roles assigned to this Member.

id: String

Role identifier tag.

description: String

Description of role's permissions.

name: String

Role name.

permissions: Attributes
analytics: Attributes
read: Bool
write: Bool
billing: Attributes
read: Bool
write: Bool
cache_purge: Attributes
read: Bool
write: Bool
dns: Attributes
read: Bool
write: Bool
dns_records: Attributes
read: Bool
write: Bool
lb: Attributes
read: Bool
write: Bool
logs: Attributes
read: Bool
write: Bool
organization: Attributes
read: Bool
write: Bool
ssl: Attributes
read: Bool
write: Bool
waf: Attributes
read: Bool
write: Bool
zone_settings: Attributes
read: Bool
write: Bool
zones: Attributes
read: Bool
write: Bool
status: String

A member's status in the account.

user: Attributes

Details of the user associated to the membership.

email: String

The contact email address of the user.

id: String

Identifier

first_name: String

User's first name

last_name: String

User's last name

two_factor_authentication_enabled: Bool

Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication.

cloudflare_account_members

data "cloudflare_account_members" "example_account_members" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  direction = "desc"
  order = "status"
  status = "accepted"
}

AccountsRoles

data cloudflare_account_role

required Expand Collapse
account_id: String

Account identifier tag.

role_id: String

Role identifier tag.

computed Expand Collapse
description: String

Description of role's permissions.

id: String

Role identifier tag.

name: String

Role name.

permissions: Attributes
analytics: Attributes
read: Bool
write: Bool
billing: Attributes
read: Bool
write: Bool
cache_purge: Attributes
read: Bool
write: Bool
dns: Attributes
read: Bool
write: Bool
dns_records: Attributes
read: Bool
write: Bool
lb: Attributes
read: Bool
write: Bool
logs: Attributes
read: Bool
write: Bool
organization: Attributes
read: Bool
write: Bool
ssl: Attributes
read: Bool
write: Bool
waf: Attributes
read: Bool
write: Bool
zone_settings: Attributes
read: Bool
write: Bool
zones: Attributes
read: Bool
write: Bool

cloudflare_account_role

data "cloudflare_account_role" "example_account_role" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  role_id = "3536bcfad5faccb999b47003c79917fb"
}

data cloudflare_account_roles

required Expand Collapse
account_id: String

Account identifier tag.

optional Expand Collapse
max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

Role identifier tag.

description: String

Description of role's permissions.

name: String

Role name.

permissions: Attributes
analytics: Attributes
read: Bool
write: Bool
billing: Attributes
read: Bool
write: Bool
cache_purge: Attributes
read: Bool
write: Bool
dns: Attributes
read: Bool
write: Bool
dns_records: Attributes
read: Bool
write: Bool
lb: Attributes
read: Bool
write: Bool
logs: Attributes
read: Bool
write: Bool
organization: Attributes
read: Bool
write: Bool
ssl: Attributes
read: Bool
write: Bool
waf: Attributes
read: Bool
write: Bool
zone_settings: Attributes
read: Bool
write: Bool
zones: Attributes
read: Bool
write: Bool

cloudflare_account_roles

data "cloudflare_account_roles" "example_account_roles" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

AccountsSubscriptions

resource cloudflare_account_subscription

required Expand Collapse
account_id: String

Identifier

optional Expand Collapse
frequency?: String

How often the subscription is renewed automatically.

rate_plan?: Attributes

The rate plan applied to the subscription.

id?: String

The ID of the rate plan.

currency?: String

The currency applied to the rate plan subscription.

externally_managed?: Bool

Whether this rate plan is managed externally from Cloudflare.

is_contract?: Bool

Whether a rate plan is enterprise-based (or newly adopted term contract).

public_name?: String

The full name of the rate plan.

scope?: String

The scope that this rate plan applies to.

sets?: List[String]

The list of sets this rate plan applies to. Returns array of strings.

computed Expand Collapse
id: String

Subscription identifier tag.

currency: String

The monetary unit in which pricing information is displayed.

current_period_end: Time

The end of the current period and also when the next billing is due.

current_period_start: Time

When the current billing period started. May match initial_period_start if this is the first period.

price: Float64

The price of the subscription that will be billed, in US dollars.

state: String

The state that the subscription is in.

cloudflare_account_subscription

resource "cloudflare_account_subscription" "example_account_subscription" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  frequency = "monthly"
  rate_plan = {
    id = "free"
    currency = "USD"
    externally_managed = false
    is_contract = false
    public_name = "Business Plan"
    scope = "zone"
    sets = ["string"]
  }
}

data cloudflare_account_subscription

required Expand Collapse
account_id: String

Identifier

computed Expand Collapse
id: String

Identifier

currency: String

The monetary unit in which pricing information is displayed.

current_period_end: Time

The end of the current period and also when the next billing is due.

current_period_start: Time

When the current billing period started. May match initial_period_start if this is the first period.

frequency: String

How often the subscription is renewed automatically.

price: Float64

The price of the subscription that will be billed, in US dollars.

state: String

The state that the subscription is in.

rate_plan: Attributes

The rate plan applied to the subscription.

id: String

The ID of the rate plan.

currency: String

The currency applied to the rate plan subscription.

externally_managed: Bool

Whether this rate plan is managed externally from Cloudflare.

is_contract: Bool

Whether a rate plan is enterprise-based (or newly adopted term contract).

public_name: String

The full name of the rate plan.

scope: String

The scope that this rate plan applies to.

sets: List[String]

The list of sets this rate plan applies to. Returns array of strings.

cloudflare_account_subscription

data "cloudflare_account_subscription" "example_account_subscription" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

AccountsTokens

resource cloudflare_account_token

required Expand Collapse
account_id: String

Account identifier tag.

name: String

Token name.

policies: List[Attributes]

List of access policies assigned to the token.

id: String

Policy identifier.

effect: String

Allow or deny operations against the resources.

permission_groups: List[Attributes]

A set of permission groups that are specified to the policy.

id: String

Identifier of the permission group.

meta?: Attributes

Attributes associated to the permission group.

key?: String
value?: String
name: String

Name of the permission group.

resources: Map[String]

A list of resource names that the policy applies to.

optional Expand Collapse
expires_on?: Time

The expiration time on or after which the JWT MUST NOT be accepted for processing.

not_before?: Time

The time before which the token MUST NOT be accepted for processing.

condition?: Attributes
request_ip?: Attributes

Client IP restrictions.

in?: List[String]

List of IPv4/IPv6 CIDR addresses.

not_in?: List[String]

List of IPv4/IPv6 CIDR addresses.

status?: String

Status of the token.

computed Expand Collapse
id: String

Token identifier tag.

issued_on: Time

The time on which the token was created.

last_used_on: Time

Last time the token was used.

modified_on: Time

Last time the token was modified.

value: String

The token value.

cloudflare_account_token

resource "cloudflare_account_token" "example_account_token" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = "readonly token"
  policies = [{
    effect = "allow"
    permission_groups = [{
      id = "c8fed203ed3043cba015a93ad1616f1f"
      meta = {
        key = "key"
        value = "value"
      }
    }, {
      id = "82e64a83756745bbbb1c9c2701bf816b"
      meta = {
        key = "key"
        value = "value"
      }
    }]
    resources = {
      foo = "string"
    }
  }]
  condition = {
    request_ip = {
      in = ["123.123.123.0/24", "2606:4700::/32"]
      not_in = ["123.123.123.100/24", "2606:4700:4700::/48"]
    }
  }
  expires_on = "2020-01-01T00:00:00Z"
  not_before = "2018-07-01T05:20:00Z"
}

data cloudflare_account_token

required Expand Collapse
account_id: String

Account identifier tag.

optional Expand Collapse
token_id?: String

Token identifier tag.

filter?: Attributes
direction?: String

Direction to order results.

computed Expand Collapse
id: String

Token identifier tag.

expires_on: Time

The expiration time on or after which the JWT MUST NOT be accepted for processing.

issued_on: Time

The time on which the token was created.

last_used_on: Time

Last time the token was used.

modified_on: Time

Last time the token was modified.

name: String

Token name.

not_before: Time

The time before which the token MUST NOT be accepted for processing.

status: String

Status of the token.

condition: Attributes
request_ip: Attributes

Client IP restrictions.

in: List[String]

List of IPv4/IPv6 CIDR addresses.

not_in: List[String]

List of IPv4/IPv6 CIDR addresses.

policies: List[Attributes]

List of access policies assigned to the token.

id: String

Policy identifier.

effect: String

Allow or deny operations against the resources.

permission_groups: List[Attributes]

A set of permission groups that are specified to the policy.

id: String

Identifier of the permission group.

meta: Attributes

Attributes associated to the permission group.

key: String
value: String
name: String

Name of the permission group.

resources: Map[String]

A list of resource names that the policy applies to.

cloudflare_account_token

data "cloudflare_account_token" "example_account_token" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  token_id = "ed17574386854bf78a67040be0a770b0"
}

data cloudflare_account_tokens

required Expand Collapse
account_id: String

Account identifier tag.

optional Expand Collapse
direction?: String

Direction to order results.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

Token identifier tag.

condition: Attributes
request_ip: Attributes

Client IP restrictions.

in: List[String]

List of IPv4/IPv6 CIDR addresses.

not_in: List[String]

List of IPv4/IPv6 CIDR addresses.

expires_on: Time

The expiration time on or after which the JWT MUST NOT be accepted for processing.

issued_on: Time

The time on which the token was created.

last_used_on: Time

Last time the token was used.

modified_on: Time

Last time the token was modified.

name: String

Token name.

not_before: Time

The time before which the token MUST NOT be accepted for processing.

policies: List[Attributes]

List of access policies assigned to the token.

id: String

Policy identifier.

effect: String

Allow or deny operations against the resources.

permission_groups: List[Attributes]

A set of permission groups that are specified to the policy.

id: String

Identifier of the permission group.

meta: Attributes

Attributes associated to the permission group.

key: String
value: String
name: String

Name of the permission group.

resources: Map[String]

A list of resource names that the policy applies to.

status: String

Status of the token.

cloudflare_account_tokens

data "cloudflare_account_tokens" "example_account_tokens" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  direction = "desc"
}

AccountsTokensPermission Groups

data cloudflare_account_api_token_permission_groups

required Expand Collapse
account_id: String

Account identifier tag.

optional Expand Collapse
name?: String

Filter by the name of the permission group. The value must be URL-encoded.

scope?: String

Filter by the scope of the permission group. The value must be URL-encoded.

computed Expand Collapse
permission_groups: List[Attributes]
id: String

Public ID.

name: String

Permission Group Name

scopes: List[String]

Resources to which the Permission Group is scoped

cloudflare_account_api_token_permission_groups

data "cloudflare_account_api_token_permission_groups" "example_account_api_token_permission_groups" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = "Account%20Settings%20Write"
  scope = "com.cloudflare.api.account.zone"
}

data cloudflare_account_api_token_permission_groups_list

required Expand Collapse
account_id: String

Account identifier tag.

optional Expand Collapse
name?: String

Filter by the name of the permission group. The value must be URL-encoded.

scope?: String

Filter by the scope of the permission group. The value must be URL-encoded.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

Public ID.

name: String

Permission Group Name

scopes: List[String]

Resources to which the Permission Group is scoped

cloudflare_account_api_token_permission_groups_list

data "cloudflare_account_api_token_permission_groups_list" "example_account_api_token_permission_groups_list" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = "Account%20Settings%20Write"
  scope = "com.cloudflare.api.account.zone"
}