Magic Transit

Magic TransitGRE Tunnels

resource cloudflare_magic_wan_gre_tunnel

required Expand Collapse

account_id: String

Identifier

cloudflare_gre_endpoint: String

The IP address assigned to the Cloudflare side of the GRE tunnel.

customer_gre_endpoint: String

The IP address assigned to the customer side of the GRE tunnel.

interface_address: String

A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.

The name of the tunnel. The name cannot contain spaces or special characters, must be 15 characters or less, and cannot share a name with another GRE tunnel.

optional Expand Collapse

bgp?: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes?: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key?: String

MD5 key to use for session authentication.

Note that this is not a security measure. MD5 is not a valid security mechanism, and the key is not treated as a secret value. This is only supported for preventing misconfiguration, not for defending against malicious attacks.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

In other words, MD5 keys may contain any printable ASCII character aside from newline (0x0A), quotation mark ("), vertical tab (0x0B), carriage return (0x0D), tab (0x09), form feed (0x0C), and the question mark (?). Requests specifying an MD5 key with one or more of these disallowed characters will be rejected.

description?: String

An optional description of the GRE tunnel.

interface_address6?: String

A 127 bit IPV6 prefix from within the virtual_subnet6 prefix space with the address being the first IP of the subnet and not same as the address of virtual_subnet6. Eg if virtual_subnet6 is 2606:54c1:7:0:a9fe:12d2::/127 , interface_address6 could be 2606:54c1:7:0:a9fe:12d2:1:200/127

automatic_return_routing?: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

mtu?: Int64

Maximum Transmission Unit (MTU) in bytes for the GRE tunnel. The minimum value is 576.

ttl?: Int64

Time To Live (TTL) in number of hops of the GRE tunnel.

health_check?: Attributes

direction?: String

The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel.

enabled?: Bool

Determines whether to run healthchecks for a tunnel.

rate?: String

How frequent the health check is run. The default value is mid.

target?: Attributes

The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to customer_gre_endpoint address. This field is ignored for bidirectional healthchecks as the interface_address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved?: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type?: String

The type of healthcheck to run, reply or request. The default value is reply.

computed Expand Collapse

id: String

Identifier

created_on: Time

The date and time the tunnel was created.

modified: Bool

modified_on: Time

The date and time the tunnel was last modified.

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

gre_tunnel: Attributes

id: String

Identifier

cloudflare_gre_endpoint: String

The IP address assigned to the Cloudflare side of the GRE tunnel.

customer_gre_endpoint: String

The IP address assigned to the customer side of the GRE tunnel.

interface_address: String

The name of the tunnel. The name cannot contain spaces or special characters, must be 15 characters or less, and cannot share a name with another GRE tunnel.

automatic_return_routing: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

bgp: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key: String

MD5 key to use for session authentication.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

created_on: Time

The date and time the tunnel was created.

description: String

An optional description of the GRE tunnel.

health_check: Attributes

direction: String

enabled: Bool

Determines whether to run healthchecks for a tunnel.

rate: String

How frequent the health check is run. The default value is mid.

target: Attributes

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type: String

The type of healthcheck to run, reply or request. The default value is reply.

interface_address6: String

modified_on: Time

The date and time the tunnel was last modified.

mtu: Int64

Maximum Transmission Unit (MTU) in bytes for the GRE tunnel. The minimum value is 576.

ttl: Int64

Time To Live (TTL) in number of hops of the GRE tunnel.

modified_gre_tunnel: Attributes

id: String

Identifier

cloudflare_gre_endpoint: String

The IP address assigned to the Cloudflare side of the GRE tunnel.

customer_gre_endpoint: String

The IP address assigned to the customer side of the GRE tunnel.

interface_address: String

The name of the tunnel. The name cannot contain spaces or special characters, must be 15 characters or less, and cannot share a name with another GRE tunnel.

automatic_return_routing: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

bgp: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key: String

MD5 key to use for session authentication.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

created_on: Time

The date and time the tunnel was created.

description: String

An optional description of the GRE tunnel.

health_check: Attributes

direction: String

enabled: Bool

Determines whether to run healthchecks for a tunnel.

rate: String

How frequent the health check is run. The default value is mid.

target: Attributes

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type: String

The type of healthcheck to run, reply or request. The default value is reply.

interface_address6: String

modified_on: Time

The date and time the tunnel was last modified.

mtu: Int64

Maximum Transmission Unit (MTU) in bytes for the GRE tunnel. The minimum value is 576.

ttl: Int64

Time To Live (TTL) in number of hops of the GRE tunnel.

cloudflare_magic_wan_gre_tunnel

resource "cloudflare_magic_wan_gre_tunnel" "example_magic_wan_gre_tunnel" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  cloudflare_gre_endpoint = "203.0.113.1"
  customer_gre_endpoint = "203.0.113.1"
  interface_address = "192.0.2.0/31"
  name = "GRE_1"
  automatic_return_routing = true
  bgp = {
    customer_asn = 0
    extra_prefixes = ["string"]
    md5_key = "md5_key"
  }
  description = "Tunnel for ISP X"
  health_check = {
    direction = "bidirectional"
    enabled = true
    rate = "low"
    target = {
      saved = "203.0.113.1"
    }
    type = "request"
  }
  interface_address6 = "2606:54c1:7:0:a9fe:12d2:1:200/127"
  mtu = 0
  ttl = 0
}

data cloudflare_magic_wan_gre_tunnel

required Expand Collapse

gre_tunnel_id: String

Identifier

account_id: String

Identifier

computed Expand Collapse

id: String

Identifier

gre_tunnel: Attributes

id: String

Identifier

cloudflare_gre_endpoint: String

The IP address assigned to the Cloudflare side of the GRE tunnel.

customer_gre_endpoint: String

The IP address assigned to the customer side of the GRE tunnel.

interface_address: String

The name of the tunnel. The name cannot contain spaces or special characters, must be 15 characters or less, and cannot share a name with another GRE tunnel.

automatic_return_routing: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

bgp: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key: String

MD5 key to use for session authentication.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

created_on: Time

The date and time the tunnel was created.

description: String

An optional description of the GRE tunnel.

health_check: Attributes

direction: String

enabled: Bool

Determines whether to run healthchecks for a tunnel.

rate: String

How frequent the health check is run. The default value is mid.

target: Attributes

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type: String

The type of healthcheck to run, reply or request. The default value is reply.

interface_address6: String

modified_on: Time

The date and time the tunnel was last modified.

mtu: Int64

Maximum Transmission Unit (MTU) in bytes for the GRE tunnel. The minimum value is 576.

ttl: Int64

Time To Live (TTL) in number of hops of the GRE tunnel.

cloudflare_magic_wan_gre_tunnel

data "cloudflare_magic_wan_gre_tunnel" "example_magic_wan_gre_tunnel" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  gre_tunnel_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

Magic TransitIPSEC Tunnels

resource cloudflare_magic_wan_ipsec_tunnel

required Expand Collapse

account_id: String

Identifier

cloudflare_endpoint: String

The IP address assigned to the Cloudflare side of the IPsec tunnel.

interface_address: String

The name of the IPsec tunnel. The name cannot share a name with other tunnels.

optional Expand Collapse

customer_endpoint?: String

The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.

description?: String

An optional description forthe IPsec tunnel.

interface_address6?: String

psk?: String

A randomly generated or provided string for use in the IPsec tunnel.

bgp?: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes?: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key?: String

MD5 key to use for session authentication.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

custom_remote_identities?: Attributes

fqdn_id?: String

A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

Must be of the form <custom label>.<account ID>.custom.ipsec.cloudflare.com.

This custom ID does not need to be unique. Two IPsec tunnels may have the same custom fqdn_id. However, if another IPsec tunnel has the same value then the two tunnels cannot have the same cloudflare_endpoint.

automatic_return_routing?: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

replay_protection?: Bool

If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

health_check?: Attributes

direction?: String

enabled?: Bool

Determines whether to run healthchecks for a tunnel.

rate?: String

How frequent the health check is run. The default value is mid.

target?: Attributes

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved?: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type?: String

The type of healthcheck to run, reply or request. The default value is reply.

computed Expand Collapse

id: String

Identifier

allow_null_cipher: Bool

When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).

created_on: Time

The date and time the tunnel was created.

modified: Bool

modified_on: Time

The date and time the tunnel was last modified.

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

ipsec_tunnel: Attributes

id: String

Identifier

cloudflare_endpoint: String

The IP address assigned to the Cloudflare side of the IPsec tunnel.

interface_address: String

The name of the IPsec tunnel. The name cannot share a name with other tunnels.

allow_null_cipher: Bool

When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).

automatic_return_routing: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

bgp: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key: String

MD5 key to use for session authentication.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

created_on: Time

The date and time the tunnel was created.

custom_remote_identities: Attributes

fqdn_id: String

A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

Must be of the form <custom label>.<account ID>.custom.ipsec.cloudflare.com.

customer_endpoint: String

The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.

description: String

An optional description forthe IPsec tunnel.

health_check: Attributes

direction: String

enabled: Bool

Determines whether to run healthchecks for a tunnel.

rate: String

How frequent the health check is run. The default value is mid.

target: Attributes

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type: String

The type of healthcheck to run, reply or request. The default value is reply.

interface_address6: String

modified_on: Time

The date and time the tunnel was last modified.

psk_metadata: Attributes

The PSK metadata that includes when the PSK was generated.

last_generated_on: Time

The date and time the tunnel was last modified.

replay_protection: Bool

If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

modified_ipsec_tunnel: Attributes

id: String

Identifier

cloudflare_endpoint: String

The IP address assigned to the Cloudflare side of the IPsec tunnel.

interface_address: String

The name of the IPsec tunnel. The name cannot share a name with other tunnels.

allow_null_cipher: Bool

When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).

automatic_return_routing: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

bgp: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key: String

MD5 key to use for session authentication.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

created_on: Time

The date and time the tunnel was created.

custom_remote_identities: Attributes

fqdn_id: String

A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

Must be of the form <custom label>.<account ID>.custom.ipsec.cloudflare.com.

customer_endpoint: String

The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.

description: String

An optional description forthe IPsec tunnel.

health_check: Attributes

direction: String

enabled: Bool

Determines whether to run healthchecks for a tunnel.

rate: String

How frequent the health check is run. The default value is mid.

target: Attributes

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type: String

The type of healthcheck to run, reply or request. The default value is reply.

interface_address6: String

modified_on: Time

The date and time the tunnel was last modified.

psk_metadata: Attributes

The PSK metadata that includes when the PSK was generated.

last_generated_on: Time

The date and time the tunnel was last modified.

replay_protection: Bool

If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

psk_metadata: Attributes

The PSK metadata that includes when the PSK was generated.

last_generated_on: Time

The date and time the tunnel was last modified.

cloudflare_magic_wan_ipsec_tunnel

resource "cloudflare_magic_wan_ipsec_tunnel" "example_magic_wan_ipsec_tunnel" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  cloudflare_endpoint = "203.0.113.1"
  interface_address = "192.0.2.0/31"
  name = "IPsec_1"
  automatic_return_routing = true
  bgp = {
    customer_asn = 0
    extra_prefixes = ["string"]
    md5_key = "md5_key"
  }
  custom_remote_identities = {
    fqdn_id = "fqdn_id"
  }
  customer_endpoint = "203.0.113.1"
  description = "Tunnel for ISP X"
  health_check = {
    direction = "bidirectional"
    enabled = true
    rate = "low"
    target = {
      saved = "203.0.113.1"
    }
    type = "request"
  }
  interface_address6 = "2606:54c1:7:0:a9fe:12d2:1:200/127"
  psk = "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy"
  replay_protection = false
}

data cloudflare_magic_wan_ipsec_tunnel

required Expand Collapse

ipsec_tunnel_id: String

Identifier

account_id: String

Identifier

computed Expand Collapse

id: String

Identifier

ipsec_tunnel: Attributes

id: String

Identifier

cloudflare_endpoint: String

The IP address assigned to the Cloudflare side of the IPsec tunnel.

interface_address: String

The name of the IPsec tunnel. The name cannot share a name with other tunnels.

allow_null_cipher: Bool

When true, the tunnel can use a null-cipher (ENCR_NULL) in the ESP tunnel (Phase 2).

automatic_return_routing: Bool

True if automatic stateful return routing should be enabled for a tunnel, false otherwise.

bgp: Attributes

customer_asn: Int64

ASN used on the customer end of the BGP session

extra_prefixes: List[String]

Prefixes in this list will be advertised to the customer device, in addition to the routes in the Magic routing table.

md5_key: String

MD5 key to use for session authentication.

The MD5 key, if set, must be of non-zero length and consist only of the following types of character:

ASCII alphanumerics: [a-zA-Z0-9]
Special characters in the set '!@#$%^&*()+[]{}<>/.,;:_-~= |`

bgp_status: Attributes

state: String

tcp_established: Bool

updated_at: Time

bgp_state: String

cf_speaker_ip: String

cf_speaker_port: Int64

customer_speaker_ip: String

customer_speaker_port: Int64

created_on: Time

The date and time the tunnel was created.

custom_remote_identities: Attributes

fqdn_id: String

A custom IKE ID of type FQDN that may be used to identity the IPsec tunnel. The generated IKE IDs can still be used even if this custom value is specified.

Must be of the form <custom label>.<account ID>.custom.ipsec.cloudflare.com.

customer_endpoint: String

The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.

description: String

An optional description forthe IPsec tunnel.

health_check: Attributes

direction: String

enabled: Bool

Determines whether to run healthchecks for a tunnel.

rate: String

How frequent the health check is run. The default value is mid.

target: Attributes

effective: String

The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.

saved: String

The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.

type: String

The type of healthcheck to run, reply or request. The default value is reply.

interface_address6: String

modified_on: Time

The date and time the tunnel was last modified.

psk_metadata: Attributes

The PSK metadata that includes when the PSK was generated.

last_generated_on: Time

The date and time the tunnel was last modified.

replay_protection: Bool

If true, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.

cloudflare_magic_wan_ipsec_tunnel

data "cloudflare_magic_wan_ipsec_tunnel" "example_magic_wan_ipsec_tunnel" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  ipsec_tunnel_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

Magic TransitRoutes

resource cloudflare_magic_wan_static_route

required Expand Collapse

account_id: String

Identifier

nexthop: String

The next-hop IP Address for the static route.

prefix: String

IP Prefix in Classless Inter-Domain Routing format.

priority: Int64

Priority of the static route.

optional Expand Collapse

description?: String

An optional human provided description of the static route.

weight?: Int64

Optional weight of the ECMP scope - if provided.

scope?: Attributes

Used only for ECMP routes.

colo_names?: List[String]

List of colo names for the ECMP scope.

colo_regions?: List[String]

List of colo regions for the ECMP scope.

computed Expand Collapse

id: String

Identifier

created_on: Time

When the route was created.

modified: Bool

modified_on: Time

When the route was last modified.

modified_route: Attributes

id: String

Identifier

nexthop: String

The next-hop IP Address for the static route.

prefix: String

IP Prefix in Classless Inter-Domain Routing format.

priority: Int64

Priority of the static route.

created_on: Time

When the route was created.

description: String

An optional human provided description of the static route.

modified_on: Time

When the route was last modified.

scope: Attributes

Used only for ECMP routes.

colo_names: List[String]

List of colo names for the ECMP scope.

colo_regions: List[String]

List of colo regions for the ECMP scope.

weight: Int64

Optional weight of the ECMP scope - if provided.

route: Attributes

id: String

Identifier

nexthop: String

The next-hop IP Address for the static route.

prefix: String

IP Prefix in Classless Inter-Domain Routing format.

priority: Int64

Priority of the static route.

created_on: Time

When the route was created.

description: String

An optional human provided description of the static route.

modified_on: Time

When the route was last modified.

scope: Attributes

Used only for ECMP routes.

colo_names: List[String]

List of colo names for the ECMP scope.

colo_regions: List[String]

List of colo regions for the ECMP scope.

weight: Int64

Optional weight of the ECMP scope - if provided.

cloudflare_magic_wan_static_route

resource "cloudflare_magic_wan_static_route" "example_magic_wan_static_route" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  nexthop = "203.0.113.1"
  prefix = "192.0.2.0/24"
  priority = 0
  description = "New route for new prefix 203.0.113.1"
  scope = {
    colo_names = ["den01"]
    colo_regions = ["APAC"]
  }
  weight = 0
}

data cloudflare_magic_wan_static_route

required Expand Collapse

route_id: String

Identifier

account_id: String

Identifier

computed Expand Collapse

id: String

Identifier

route: Attributes

id: String

Identifier

nexthop: String

The next-hop IP Address for the static route.

prefix: String

IP Prefix in Classless Inter-Domain Routing format.

priority: Int64

Priority of the static route.

created_on: Time

When the route was created.

description: String

An optional human provided description of the static route.

modified_on: Time

When the route was last modified.

scope: Attributes

Used only for ECMP routes.

colo_names: List[String]

List of colo names for the ECMP scope.

colo_regions: List[String]

List of colo regions for the ECMP scope.

weight: Int64

Optional weight of the ECMP scope - if provided.

cloudflare_magic_wan_static_route

data "cloudflare_magic_wan_static_route" "example_magic_wan_static_route" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  route_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

Magic TransitSites

resource cloudflare_magic_transit_site

required Expand Collapse

account_id: String

Identifier

The name of the site.

optional Expand Collapse

ha_mode?: Bool

Site high availability mode. If set to true, the site can have two connectors and runs in high availability mode.

connector_id?: String

Magic Connector identifier tag.

description?: String

secondary_connector_id?: String

Magic Connector identifier tag. Used when high availability mode is on.

location?: Attributes

Location of site in latitude and longitude.

lat?: String

Latitude

lon?: String

Longitude

computed Expand Collapse

id: String

Identifier

cloudflare_magic_transit_site

resource "cloudflare_magic_transit_site" "example_magic_transit_site" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = "site_1"
  connector_id = "ac60d3d0435248289d446cedd870bcf4"
  description = "description"
  ha_mode = true
  location = {
    lat = "37.6192"
    lon = "122.3816"
  }
  secondary_connector_id = "8d67040d3835dbcf46ce29da440dc482"
}

data cloudflare_magic_transit_site

required Expand Collapse

account_id: String

Identifier

optional Expand Collapse

site_id?: String

Identifier

filter?: Attributes

connectorid?: String

Identifier

computed Expand Collapse

id: String

Identifier

connector_id: String

Magic Connector identifier tag.

description: String

ha_mode: Bool

Site high availability mode. If set to true, the site can have two connectors and runs in high availability mode.

The name of the site.

secondary_connector_id: String

Magic Connector identifier tag. Used when high availability mode is on.

location: Attributes

Location of site in latitude and longitude.

lat: String

Latitude

lon: String

Longitude

cloudflare_magic_transit_site

data "cloudflare_magic_transit_site" "example_magic_transit_site" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_magic_transit_sites

required Expand Collapse

account_id: String

Identifier

optional Expand Collapse

connectorid?: String

Identifier

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

Identifier

connector_id: String

Magic Connector identifier tag.

description: String

ha_mode: Bool

Site high availability mode. If set to true, the site can have two connectors and runs in high availability mode.

location: Attributes

Location of site in latitude and longitude.

lat: String

Latitude

lon: String

Longitude

The name of the site.

secondary_connector_id: String

Magic Connector identifier tag. Used when high availability mode is on.

cloudflare_magic_transit_sites

data "cloudflare_magic_transit_sites" "example_magic_transit_sites" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  connectorid = "023e105f4ecef8ad9ca31a8372d0c353"
}

Magic TransitSitesACLs

resource cloudflare_magic_transit_site_acl

required Expand Collapse

account_id: String

Identifier

site_id: String

Identifier

The name of the ACL.

lan_1: Attributes

lan_id: String

The identifier for the LAN you want to create an ACL policy with.

lan_name?: String

The name of the LAN based on the provided lan_id.

port_ranges?: List[String]

Array of port ranges on the provided LAN that will be included in the ACL. If no ports or port rangess are provided, communication on any port on this LAN is allowed.

ports?: List[Int64]

Array of ports on the provided LAN that will be included in the ACL. If no ports or port ranges are provided, communication on any port on this LAN is allowed.

subnets?: List[String]

Array of subnet IPs within the LAN that will be included in the ACL. If no subnets are provided, communication on any subnets on this LAN are allowed.

lan_2: Attributes

lan_id: String

The identifier for the LAN you want to create an ACL policy with.

lan_name?: String

The name of the LAN based on the provided lan_id.

port_ranges?: List[String]

Array of port ranges on the provided LAN that will be included in the ACL. If no ports or port rangess are provided, communication on any port on this LAN is allowed.

ports?: List[Int64]

Array of ports on the provided LAN that will be included in the ACL. If no ports or port ranges are provided, communication on any port on this LAN is allowed.

subnets?: List[String]

Array of subnet IPs within the LAN that will be included in the ACL. If no subnets are provided, communication on any subnets on this LAN are allowed.

optional Expand Collapse

description?: String

Description for the ACL.

forward_locally?: Bool

The desired forwarding action for this ACL policy. If set to "false", the policy will forward traffic to Cloudflare. If set to "true", the policy will forward traffic locally on the Magic Connector. If not included in request, will default to false.

unidirectional?: Bool

The desired traffic direction for this ACL policy. If set to "false", the policy will allow bidirectional traffic. If set to "true", the policy will only allow traffic in one direction. If not included in request, will default to false.

protocols?: List[String]

computed Expand Collapse

id: String

Identifier

cloudflare_magic_transit_site_acl

resource "cloudflare_magic_transit_site_acl" "example_magic_transit_site_acl" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
  lan_1 = {
    lan_id = "lan_id"
    lan_name = "lan_name"
    port_ranges = ["8080-9000"]
    ports = [1]
    subnets = ["192.0.2.1"]
  }
  lan_2 = {
    lan_id = "lan_id"
    lan_name = "lan_name"
    port_ranges = ["8080-9000"]
    ports = [1]
    subnets = ["192.0.2.1"]
  }
  name = "PIN Pad - Cash Register"
  description = "Allows local traffic between PIN pads and cash register."
  forward_locally = true
  protocols = ["tcp"]
  unidirectional = true
}

data cloudflare_magic_transit_site_acl

required Expand Collapse

acl_id: String

Identifier

account_id: String

Identifier

site_id: String

Identifier

computed Expand Collapse

id: String

Identifier

description: String

Description for the ACL.

forward_locally: Bool

The name of the ACL.

unidirectional: Bool

protocols: List[String]

lan_1: Attributes

lan_id: String

The identifier for the LAN you want to create an ACL policy with.

lan_name: String

The name of the LAN based on the provided lan_id.

port_ranges: List[String]

Array of port ranges on the provided LAN that will be included in the ACL. If no ports or port rangess are provided, communication on any port on this LAN is allowed.

ports: List[Int64]

Array of ports on the provided LAN that will be included in the ACL. If no ports or port ranges are provided, communication on any port on this LAN is allowed.

subnets: List[String]

Array of subnet IPs within the LAN that will be included in the ACL. If no subnets are provided, communication on any subnets on this LAN are allowed.

lan_2: Attributes

lan_id: String

The identifier for the LAN you want to create an ACL policy with.

lan_name: String

The name of the LAN based on the provided lan_id.

port_ranges: List[String]

Array of port ranges on the provided LAN that will be included in the ACL. If no ports or port rangess are provided, communication on any port on this LAN is allowed.

ports: List[Int64]

Array of ports on the provided LAN that will be included in the ACL. If no ports or port ranges are provided, communication on any port on this LAN is allowed.

subnets: List[String]

Array of subnet IPs within the LAN that will be included in the ACL. If no subnets are provided, communication on any subnets on this LAN are allowed.

cloudflare_magic_transit_site_acl

data "cloudflare_magic_transit_site_acl" "example_magic_transit_site_acl" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
  acl_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_magic_transit_site_acls

required Expand Collapse

account_id: String

Identifier

site_id: String

Identifier

optional Expand Collapse

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

Identifier

description: String

Description for the ACL.

forward_locally: Bool

lan_1: Attributes

lan_id: String

The identifier for the LAN you want to create an ACL policy with.

lan_name: String

The name of the LAN based on the provided lan_id.

port_ranges: List[String]

Array of port ranges on the provided LAN that will be included in the ACL. If no ports or port rangess are provided, communication on any port on this LAN is allowed.

ports: List[Int64]

Array of ports on the provided LAN that will be included in the ACL. If no ports or port ranges are provided, communication on any port on this LAN is allowed.

subnets: List[String]

Array of subnet IPs within the LAN that will be included in the ACL. If no subnets are provided, communication on any subnets on this LAN are allowed.

lan_2: Attributes

lan_id: String

The identifier for the LAN you want to create an ACL policy with.

lan_name: String

The name of the LAN based on the provided lan_id.

port_ranges: List[String]

Array of port ranges on the provided LAN that will be included in the ACL. If no ports or port rangess are provided, communication on any port on this LAN is allowed.

ports: List[Int64]

Array of ports on the provided LAN that will be included in the ACL. If no ports or port ranges are provided, communication on any port on this LAN is allowed.

subnets: List[String]

Array of subnet IPs within the LAN that will be included in the ACL. If no subnets are provided, communication on any subnets on this LAN are allowed.

The name of the ACL.

protocols: List[String]

unidirectional: Bool

cloudflare_magic_transit_site_acls

data "cloudflare_magic_transit_site_acls" "example_magic_transit_site_acls" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

Magic TransitSitesLANs

resource cloudflare_magic_transit_site_lan

required Expand Collapse

account_id: String

Identifier

site_id: String

Identifier

optional Expand Collapse

ha_link?: Bool

mark true to use this LAN for HA probing. only works for site with HA turned on. only one LAN can be set as the ha_link.

bond_id?: Int64

is_breakout?: Bool

mark true to use this LAN for source-based breakout traffic

is_prioritized?: Bool

mark true to use this LAN for source-based prioritized traffic

name?: String

physport?: Int64

vlan_tag?: Int64

VLAN ID. Use zero for untagged.

nat?: Attributes

static_prefix?: String

A valid CIDR notation representing an IP range.

routed_subnets?: List[Attributes]

next_hop: String

A valid IPv4 address.

prefix: String

A valid CIDR notation representing an IP range.

nat?: Attributes

static_prefix?: String

A valid CIDR notation representing an IP range.

static_addressing?: Attributes

If the site is not configured in high availability mode, this configuration is optional (if omitted, use DHCP). However, if in high availability mode, static_address is required along with secondary and virtual address.

address: String

A valid CIDR notation representing an IP range.

dhcp_relay?: Attributes

server_addresses?: List[String]

List of DHCP server IPs.

dhcp_server?: Attributes

dhcp_pool_end?: String

A valid IPv4 address.

dhcp_pool_start?: String

A valid IPv4 address.

dns_server?: String

A valid IPv4 address.

dns_servers?: List[String]

reservations?: Map[String]

Mapping of MAC addresses to IP addresses

secondary_address?: String

A valid CIDR notation representing an IP range.

virtual_address?: String

A valid CIDR notation representing an IP range.

computed Expand Collapse

id: String

Identifier

cloudflare_magic_transit_site_lan

resource "cloudflare_magic_transit_site_lan" "example_magic_transit_site_lan" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bond_id = 2
  ha_link = true
  is_breakout = true
  is_prioritized = true
  name = "name"
  nat = {
    static_prefix = "192.0.2.0/24"
  }
  physport = 1
  routed_subnets = [{
    next_hop = "192.0.2.1"
    prefix = "192.0.2.0/24"
    nat = {
      static_prefix = "192.0.2.0/24"
    }
  }]
  static_addressing = {
    address = "192.0.2.0/24"
    dhcp_relay = {
      server_addresses = ["192.0.2.1"]
    }
    dhcp_server = {
      dhcp_pool_end = "192.0.2.1"
      dhcp_pool_start = "192.0.2.1"
      dns_server = "192.0.2.1"
      dns_servers = ["192.0.2.1"]
      reservations = {
        "00:11:22:33:44:55" = "192.0.2.100"
        "AA:BB:CC:DD:EE:FF" = "192.168.1.101"
      }
    }
    secondary_address = "192.0.2.0/24"
    virtual_address = "192.0.2.0/24"
  }
  vlan_tag = 42
}

data cloudflare_magic_transit_site_lan

required Expand Collapse

lan_id: String

Identifier

account_id: String

Identifier

site_id: String

Identifier

computed Expand Collapse

id: String

Identifier

bond_id: Int64

ha_link: Bool

mark true to use this LAN for HA probing. only works for site with HA turned on. only one LAN can be set as the ha_link.

is_breakout: Bool

mark true to use this LAN for source-based breakout traffic

is_prioritized: Bool

mark true to use this LAN for source-based prioritized traffic

physport: Int64

vlan_tag: Int64

VLAN ID. Use zero for untagged.

nat: Attributes

static_prefix: String

A valid CIDR notation representing an IP range.

routed_subnets: List[Attributes]

next_hop: String

A valid IPv4 address.

prefix: String

A valid CIDR notation representing an IP range.

nat: Attributes

static_prefix: String

A valid CIDR notation representing an IP range.

static_addressing: Attributes

address: String

A valid CIDR notation representing an IP range.

dhcp_relay: Attributes

server_addresses: List[String]

List of DHCP server IPs.

dhcp_server: Attributes

dhcp_pool_end: String

A valid IPv4 address.

dhcp_pool_start: String

A valid IPv4 address.

dns_server: String

A valid IPv4 address.

dns_servers: List[String]

reservations: Map[String]

Mapping of MAC addresses to IP addresses

secondary_address: String

A valid CIDR notation representing an IP range.

virtual_address: String

A valid CIDR notation representing an IP range.

cloudflare_magic_transit_site_lan

data "cloudflare_magic_transit_site_lan" "example_magic_transit_site_lan" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
  lan_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_magic_transit_site_lans

required Expand Collapse

account_id: String

Identifier

site_id: String

Identifier

optional Expand Collapse

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

Identifier

bond_id: Int64

ha_link: Bool

mark true to use this LAN for HA probing. only works for site with HA turned on. only one LAN can be set as the ha_link.

is_breakout: Bool

mark true to use this LAN for source-based breakout traffic

is_prioritized: Bool

mark true to use this LAN for source-based prioritized traffic

nat: Attributes

static_prefix: String

A valid CIDR notation representing an IP range.

physport: Int64

routed_subnets: List[Attributes]

next_hop: String

A valid IPv4 address.

prefix: String

A valid CIDR notation representing an IP range.

nat: Attributes

static_prefix: String

A valid CIDR notation representing an IP range.

site_id: String

Identifier

static_addressing: Attributes

address: String

A valid CIDR notation representing an IP range.

dhcp_relay: Attributes

server_addresses: List[String]

List of DHCP server IPs.

dhcp_server: Attributes

dhcp_pool_end: String

A valid IPv4 address.

dhcp_pool_start: String

A valid IPv4 address.

dns_server: String

A valid IPv4 address.

dns_servers: List[String]

reservations: Map[String]

Mapping of MAC addresses to IP addresses

secondary_address: String

A valid CIDR notation representing an IP range.

virtual_address: String

A valid CIDR notation representing an IP range.

vlan_tag: Int64

VLAN ID. Use zero for untagged.

cloudflare_magic_transit_site_lans

data "cloudflare_magic_transit_site_lans" "example_magic_transit_site_lans" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

Magic TransitSitesWANs

resource cloudflare_magic_transit_site_wan

required Expand Collapse

account_id: String

Identifier

site_id: String

Identifier

physport: Int64

optional Expand Collapse

name?: String

priority?: Int64

vlan_tag?: Int64

VLAN ID. Use zero for untagged.

static_addressing?: Attributes

(optional) if omitted, use DHCP. Submit secondary_address when site is in high availability mode.

address: String

A valid CIDR notation representing an IP range.

gateway_address: String

A valid IPv4 address.

secondary_address?: String

A valid CIDR notation representing an IP range.

computed Expand Collapse

id: String

Identifier

health_check_rate: String

Magic WAN health check rate for tunnels created on this link. The default value is mid.

cloudflare_magic_transit_site_wan

resource "cloudflare_magic_transit_site_wan" "example_magic_transit_site_wan" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
  physport = 1
  name = "name"
  priority = 0
  static_addressing = {
    address = "192.0.2.0/24"
    gateway_address = "192.0.2.1"
    secondary_address = "192.0.2.0/24"
  }
  vlan_tag = 42
}

data cloudflare_magic_transit_site_wan

required Expand Collapse

wan_id: String

Identifier

account_id: String

Identifier

site_id: String

Identifier

computed Expand Collapse

id: String

Identifier

health_check_rate: String

Magic WAN health check rate for tunnels created on this link. The default value is mid.

physport: Int64

priority: Int64

Priority of WAN for traffic loadbalancing.

vlan_tag: Int64

VLAN ID. Use zero for untagged.

static_addressing: Attributes

(optional) if omitted, use DHCP. Submit secondary_address when site is in high availability mode.

address: String

A valid CIDR notation representing an IP range.

gateway_address: String

A valid IPv4 address.

secondary_address: String

A valid CIDR notation representing an IP range.

cloudflare_magic_transit_site_wan

data "cloudflare_magic_transit_site_wan" "example_magic_transit_site_wan" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
  wan_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_magic_transit_site_wans

required Expand Collapse

account_id: String

Identifier

site_id: String

Identifier

optional Expand Collapse

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

Identifier

health_check_rate: String

Magic WAN health check rate for tunnels created on this link. The default value is mid.

physport: Int64

priority: Int64

Priority of WAN for traffic loadbalancing.

site_id: String

Identifier

static_addressing: Attributes

(optional) if omitted, use DHCP. Submit secondary_address when site is in high availability mode.

address: String

A valid CIDR notation representing an IP range.

gateway_address: String

A valid IPv4 address.

secondary_address: String

A valid CIDR notation representing an IP range.

vlan_tag: Int64

VLAN ID. Use zero for untagged.

cloudflare_magic_transit_site_wans

data "cloudflare_magic_transit_site_wans" "example_magic_transit_site_wans" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  site_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

Magic TransitConnectors

resource cloudflare_magic_transit_connector

required Expand Collapse

account_id: String

Account identifier

device: Attributes

Exactly one of id, serial_number, or provision_license must be provided.

id?: String

provision_license?: Bool

When true, create and provision a new licence key for the connector.

serial_number?: String

optional Expand Collapse

provision_license?: Bool

When true, regenerate license key for the connector.

activated?: Bool

interrupt_window_duration_hours?: Float64

interrupt_window_hour_of_day?: Float64

notes?: String

timezone?: String

interrupt_window_days_of_week?: List[String]

Allowed days of the week for upgrades. Default is all days.

interrupt_window_embargo_dates?: List[String]

List of dates (YYYY-MM-DD) when upgrades are blocked.

computed Expand Collapse

id: String

last_heartbeat: String

last_seen_version: String

last_updated: String

license_key: String

cloudflare_magic_transit_connector

resource "cloudflare_magic_transit_connector" "example_magic_transit_connector" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  device = {
    id = "id"
    provision_license = true
    serial_number = "serial_number"
  }
  activated = true
  interrupt_window_days_of_week = ["Sunday"]
  interrupt_window_duration_hours = 1
  interrupt_window_embargo_dates = ["string"]
  interrupt_window_hour_of_day = 0
  notes = "notes"
  timezone = "timezone"
}

data cloudflare_magic_transit_connector

required Expand Collapse

connector_id: String

account_id: String

Account identifier

computed Expand Collapse

id: String

activated: Bool

interrupt_window_duration_hours: Float64

interrupt_window_hour_of_day: Float64

last_heartbeat: String

last_seen_version: String

last_updated: String

license_key: String

notes: String

timezone: String

interrupt_window_days_of_week: List[String]

Allowed days of the week for upgrades. Default is all days.

interrupt_window_embargo_dates: List[String]

List of dates (YYYY-MM-DD) when upgrades are blocked.

device: Attributes

id: String

serial_number: String

cloudflare_magic_transit_connector

data "cloudflare_magic_transit_connector" "example_magic_transit_connector" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  connector_id = "connector_id"
}

data cloudflare_magic_transit_connectors

required Expand Collapse

account_id: String

Account identifier

optional Expand Collapse

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

activated: Bool

interrupt_window_days_of_week: List[String]

Allowed days of the week for upgrades. Default is all days.

interrupt_window_duration_hours: Float64

interrupt_window_embargo_dates: List[String]

List of dates (YYYY-MM-DD) when upgrades are blocked.

interrupt_window_hour_of_day: Float64

last_updated: String

notes: String

timezone: String

device: Attributes

id: String

serial_number: String

last_heartbeat: String

last_seen_version: String

license_key: String

cloudflare_magic_transit_connectors

data "cloudflare_magic_transit_connectors" "example_magic_transit_connectors" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
}