Skip to content
Cloudflare API
Start here
API Reference

R2

R2Buckets

resource cloudflare_r2_bucket

required Expand Collapse
name: String

Name of the bucket.

account_id: String

Account ID.

optional Expand Collapse
location?: String

Location of the bucket.

storage_class?: String

Storage class for newly uploaded objects, unless specified otherwise.

computed Expand Collapse
id: String

Name of the bucket.

creation_date: String

Creation timestamp.

jurisdiction: String

Jurisdiction where objects in this bucket are guaranteed to be stored.

cloudflare_r2_bucket

resource "cloudflare_r2_bucket" "example_r2_bucket" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = "example-bucket"
  location = "apac"
  storage_class = "Standard"
}

data cloudflare_r2_bucket

required Expand Collapse
bucket_name: String

Name of the bucket.

account_id: String

Account ID.

computed Expand Collapse
id: String

Name of the bucket.

creation_date: String

Creation timestamp.

jurisdiction: String

Jurisdiction where objects in this bucket are guaranteed to be stored.

location: String

Location of the bucket.

name: String

Name of the bucket.

storage_class: String

Storage class for newly uploaded objects, unless specified otherwise.

cloudflare_r2_bucket

data "cloudflare_r2_bucket" "example_r2_bucket" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
}

R2BucketsLifecycle

resource cloudflare_r2_bucket_lifecycle

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

optional Expand Collapse
rules?: List[Attributes]
id: String

Unique identifier for this rule.

conditions: Attributes

Conditions that apply to all transitions of this rule.

prefix: String

Transitions will only apply to objects/uploads in the bucket that start with the given prefix, an empty prefix can be provided to scope rule to all objects/uploads.

enabled: Bool

Whether or not this rule is in effect.

abort_multipart_uploads_transition?: Attributes

Transition to abort ongoing multipart uploads.

condition?: Attributes

Condition for lifecycle transitions to apply after an object reaches an age in seconds.

max_age: Int64
type: String
delete_objects_transition?: Attributes

Transition to delete objects.

condition?: Attributes

Condition for lifecycle transitions to apply after an object reaches an age in seconds.

max_age?: Int64
type: String
date?: Time
storage_class_transitions?: List[Attributes]

Transitions to change the storage class of objects.

condition: Attributes

Condition for lifecycle transitions to apply after an object reaches an age in seconds.

max_age?: Int64
type: String
date?: Time
storage_class: String

cloudflare_r2_bucket_lifecycle

resource "cloudflare_r2_bucket_lifecycle" "example_r2_bucket_lifecycle" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  rules = [{
    id = "Expire all objects older than 24 hours"
    conditions = {
      prefix = "prefix"
    }
    enabled = true
    abort_multipart_uploads_transition = {
      condition = {
        max_age = 0
        type = "Age"
      }
    }
    delete_objects_transition = {
      condition = {
        max_age = 0
        type = "Age"
      }
    }
    storage_class_transitions = [{
      condition = {
        max_age = 0
        type = "Age"
      }
      storage_class = "InfrequentAccess"
    }]
  }]
}

data cloudflare_r2_bucket_lifecycle

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

computed Expand Collapse
rules: List[Attributes]
id: String

Unique identifier for this rule.

conditions: Attributes

Conditions that apply to all transitions of this rule.

prefix: String

Transitions will only apply to objects/uploads in the bucket that start with the given prefix, an empty prefix can be provided to scope rule to all objects/uploads.

enabled: Bool

Whether or not this rule is in effect.

abort_multipart_uploads_transition: Attributes

Transition to abort ongoing multipart uploads.

condition: Attributes

Condition for lifecycle transitions to apply after an object reaches an age in seconds.

max_age: Int64
type: String
delete_objects_transition: Attributes

Transition to delete objects.

condition: Attributes

Condition for lifecycle transitions to apply after an object reaches an age in seconds.

max_age: Int64
type: String
date: Time
storage_class_transitions: List[Attributes]

Transitions to change the storage class of objects.

condition: Attributes

Condition for lifecycle transitions to apply after an object reaches an age in seconds.

max_age: Int64
type: String
date: Time
storage_class: String

cloudflare_r2_bucket_lifecycle

data "cloudflare_r2_bucket_lifecycle" "example_r2_bucket_lifecycle" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
}

R2BucketsCORS

resource cloudflare_r2_bucket_cors

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

optional Expand Collapse
rules?: List[Attributes]
allowed: Attributes

Object specifying allowed origins, methods and headers for this CORS rule.

methods: List[String]

Specifies the value for the Access-Control-Allow-Methods header R2 sets when requesting objects in a bucket from a browser.

origins: List[String]

Specifies the value for the Access-Control-Allow-Origin header R2 sets when requesting objects in a bucket from a browser.

headers?: List[String]

Specifies the value for the Access-Control-Allow-Headers header R2 sets when requesting objects in this bucket from a browser. Cross-origin requests that include custom headers (e.g. x-user-id) should specify these headers as AllowedHeaders.

id?: String

Identifier for this rule.

expose_headers?: List[String]

Specifies the headers that can be exposed back, and accessed by, the JavaScript making the cross-origin request. If you need to access headers beyond the safelisted response headers, such as Content-Encoding or cf-cache-status, you must specify it here.

max_age_seconds?: Float64

Specifies the amount of time (in seconds) browsers are allowed to cache CORS preflight responses. Browsers may limit this to 2 hours or less, even if the maximum value (86400) is specified.

cloudflare_r2_bucket_cors

resource "cloudflare_r2_bucket_cors" "example_r2_bucket_cors" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  rules = [{
    allowed = {
      methods = ["GET"]
      origins = ["http://localhost:3000"]
      headers = ["x-requested-by"]
    }
    id = "Allow Local Development"
    expose_headers = ["Content-Encoding"]
    max_age_seconds = 3600
  }]
}

data cloudflare_r2_bucket_cors

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

computed Expand Collapse
rules: List[Attributes]
allowed: Attributes

Object specifying allowed origins, methods and headers for this CORS rule.

methods: List[String]

Specifies the value for the Access-Control-Allow-Methods header R2 sets when requesting objects in a bucket from a browser.

origins: List[String]

Specifies the value for the Access-Control-Allow-Origin header R2 sets when requesting objects in a bucket from a browser.

headers: List[String]

Specifies the value for the Access-Control-Allow-Headers header R2 sets when requesting objects in this bucket from a browser. Cross-origin requests that include custom headers (e.g. x-user-id) should specify these headers as AllowedHeaders.

id: String

Identifier for this rule.

expose_headers: List[String]

Specifies the headers that can be exposed back, and accessed by, the JavaScript making the cross-origin request. If you need to access headers beyond the safelisted response headers, such as Content-Encoding or cf-cache-status, you must specify it here.

max_age_seconds: Float64

Specifies the amount of time (in seconds) browsers are allowed to cache CORS preflight responses. Browsers may limit this to 2 hours or less, even if the maximum value (86400) is specified.

cloudflare_r2_bucket_cors

data "cloudflare_r2_bucket_cors" "example_r2_bucket_cors" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
}

R2BucketsDomainsCustom

resource cloudflare_r2_custom_domain

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

domain: String

Name of the custom domain to be added.

zone_id: String

Zone ID of the custom domain.

enabled: Bool

Whether to enable public bucket access at the custom domain. If undefined, the domain will be enabled.

optional Expand Collapse
min_tls?: String

Minimum TLS Version the custom domain will accept for incoming connections. If not set, defaults to 1.0.

ciphers?: List[String]

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

computed Expand Collapse
zone_name: String

Zone that the custom domain resides in.

status: Attributes
ownership: String

Ownership status of the domain.

ssl: String

SSL certificate status.

cloudflare_r2_custom_domain

resource "cloudflare_r2_custom_domain" "example_r2_custom_domain" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  domain = "prefix.example-domain.com"
  enabled = true
  zone_id = "36ca64a6d92827b8a6b90be344bb1bfd"
  ciphers = ["string"]
  min_tls = "1.0"
}

data cloudflare_r2_custom_domain

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

domain: String

Name of the custom domain.

computed Expand Collapse
enabled: Bool

Whether this bucket is publicly accessible at the specified custom domain.

min_tls: String

Minimum TLS Version the custom domain will accept for incoming connections. If not set, defaults to 1.0.

zone_id: String

Zone ID of the custom domain resides in.

zone_name: String

Zone that the custom domain resides in.

ciphers: List[String]

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

status: Attributes
ownership: String

Ownership status of the domain.

ssl: String

SSL certificate status.

cloudflare_r2_custom_domain

data "cloudflare_r2_custom_domain" "example_r2_custom_domain" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  domain = "example-domain/custom-domain.com"
}

R2BucketsDomainsManaged

resource cloudflare_r2_managed_domain

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

enabled: Bool

Whether to enable public bucket access at the r2.dev domain.

computed Expand Collapse
bucket_id: String

Bucket ID.

domain: String

Domain name of the bucket's r2.dev domain.

cloudflare_r2_managed_domain

resource "cloudflare_r2_managed_domain" "example_r2_managed_domain" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  enabled = true
}

R2BucketsEvent Notifications

resource cloudflare_r2_bucket_event_notification

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

queue_id: String

Queue ID.

rules: List[Attributes]

Array of rules to drive notifications.

actions: List[String]

Array of R2 object actions that will trigger notifications.

description?: String

A description that can be used to identify the event notification rule after creation.

prefix?: String

Notifications will be sent only for objects with this prefix.

suffix?: String

Notifications will be sent only for objects with this suffix.

computed Expand Collapse
queue_name: String

Name of the queue.

cloudflare_r2_bucket_event_notification

resource "cloudflare_r2_bucket_event_notification" "example_r2_bucket_event_notification" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  queue_id = "queue_id"
  rules = [{
    actions = ["PutObject", "CopyObject"]
    description = "Notifications from source bucket to queue"
    prefix = "img/"
    suffix = ".jpeg"
  }]
}

data cloudflare_r2_bucket_event_notification

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

queue_id: String

Queue ID.

computed Expand Collapse
queue_name: String

Name of the queue.

rules: List[Attributes]
actions: List[String]

Array of R2 object actions that will trigger notifications.

created_at: String

Timestamp when the rule was created.

description: String

A description that can be used to identify the event notification rule after creation.

prefix: String

Notifications will be sent only for objects with this prefix.

rule_id: String

Rule ID.

suffix: String

Notifications will be sent only for objects with this suffix.

cloudflare_r2_bucket_event_notification

data "cloudflare_r2_bucket_event_notification" "example_r2_bucket_event_notification" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  queue_id = "queue_id"
}

R2BucketsLocks

resource cloudflare_r2_bucket_lock

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

optional Expand Collapse
rules?: List[Attributes]
id: String

Unique identifier for this rule.

condition: Attributes

Condition to apply a lock rule to an object for how long in seconds.

max_age_seconds?: Int64
type: String
date?: Time
enabled: Bool

Whether or not this rule is in effect.

prefix?: String

Rule will only apply to objects/uploads in the bucket that start with the given prefix, an empty prefix can be provided to scope rule to all objects/uploads.

cloudflare_r2_bucket_lock

resource "cloudflare_r2_bucket_lock" "example_r2_bucket_lock" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  rules = [{
    id = "Lock all objects for 24 hours"
    condition = {
      max_age_seconds = 100
      type = "Age"
    }
    enabled = true
    prefix = "prefix"
  }]
}

data cloudflare_r2_bucket_lock

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

computed Expand Collapse
rules: List[Attributes]
id: String

Unique identifier for this rule.

condition: Attributes

Condition to apply a lock rule to an object for how long in seconds.

max_age_seconds: Int64
type: String
date: Time
enabled: Bool

Whether or not this rule is in effect.

prefix: String

Rule will only apply to objects/uploads in the bucket that start with the given prefix, an empty prefix can be provided to scope rule to all objects/uploads.

cloudflare_r2_bucket_lock

data "cloudflare_r2_bucket_lock" "example_r2_bucket_lock" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
}

R2BucketsSippy

resource cloudflare_r2_bucket_sippy

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

optional Expand Collapse
destination?: Attributes

R2 bucket to copy objects to.

access_key_id?: String

ID of a Cloudflare API token. This is the value labelled "Access Key ID" when creating an API. token from the R2 dashboard.

Sippy will use this token when writing objects to R2, so it is best to scope this token to the bucket you're enabling Sippy for.

r2_bucket_sippy_provider?: String
secret_access_key?: String

Value of a Cloudflare API token. This is the value labelled "Secret Access Key" when creating an API. token from the R2 dashboard.

Sippy will use this token when writing objects to R2, so it is best to scope this token to the bucket you're enabling Sippy for.

source?: Attributes

AWS S3 bucket to copy objects from.

access_key_id?: String

Access Key ID of an IAM credential (ideally scoped to a single S3 bucket).

bucket?: String

Name of the AWS S3 bucket.

r2_bucket_sippy_provider?: String
region?: String

Name of the AWS availability zone.

secret_access_key?: String

Secret Access Key of an IAM credential (ideally scoped to a single S3 bucket).

client_email?: String

Client email of an IAM credential (ideally scoped to a single GCS bucket).

private_key?: String

Private Key of an IAM credential (ideally scoped to a single GCS bucket).

bucket_url?: String

URL to the S3-compatible API of the bucket.

computed Expand Collapse
enabled: Bool

State of Sippy for this bucket.

cloudflare_r2_bucket_sippy

resource "cloudflare_r2_bucket_sippy" "example_r2_bucket_sippy" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
  destination = {
    access_key_id = "accessKeyId"
    r2_bucket_sippy_provider = "r2"
    secret_access_key = "secretAccessKey"
  }
  source = {
    access_key_id = "accessKeyId"
    bucket = "bucket"
    r2_bucket_sippy_provider = "aws"
    region = "region"
    secret_access_key = "secretAccessKey"
  }
}

data cloudflare_r2_bucket_sippy

required Expand Collapse
account_id: String

Account ID.

bucket_name: String

Name of the bucket.

computed Expand Collapse
enabled: Bool

State of Sippy for this bucket.

destination: Attributes

Details about the configured destination bucket.

access_key_id: String

ID of the Cloudflare API token used when writing objects to this bucket.

account: String
bucket: String

Name of the bucket on the provider.

r2_bucket_sippy_provider: String
source: Attributes

Details about the configured source bucket.

bucket: String

Name of the bucket on the provider (AWS, GCS only).

bucket_url: String

S3-compatible URL (Generic S3-compatible providers only).

r2_bucket_sippy_provider: String
region: String

Region where the bucket resides (AWS only).

cloudflare_r2_bucket_sippy

data "cloudflare_r2_bucket_sippy" "example_r2_bucket_sippy" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  bucket_name = "example-bucket"
}