API Reference

Zero Trust

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Tunnels

TunnelsCloudflared

resource cloudflare_zero_trust_tunnel_cloudflared

required Expand Collapse

account_id: String

Cloudflare account ID

name: String

A user-friendly name for a tunnel.

optional Expand Collapse

config_src?: String

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel on the Zero Trust dashboard.

tunnel_secret?: String

Sets the password required to run a locally-managed tunnel. Must be at least 32 bytes and encoded as a base64 string.

computed Expand Collapse

id: String

UUID of the tunnel.

account_tag: String

Cloudflare account ID

conns_active_at: Time

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

conns_inactive_at: Time

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

created_at: Time

Timestamp of when the resource was created.

deleted_at: Time

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

Deprecatedremote_config: Bool

Use the config_src field instead.

If true, the tunnel can be configured remotely from the Zero Trust dashboard. If false, the tunnel must be configured locally on the origin machine.

status: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

tun_type: String

The type of tunnel.

Deprecatedconnections: List[Attributes]

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id: String

UUID of the Cloudflare Tunnel connection.

client_id: String

UUID of the Cloudflare Tunnel connector.

client_version: String

The cloudflared version used to establish this connection.

colo_name: String

The Cloudflare data center used for this connection.

is_pending_reconnect: Bool

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Time

Timestamp of when the connection was established.

origin_ip: String

The public IP address of the host running cloudflared.

uuid: String

UUID of the Cloudflare Tunnel connection.

metadata: JSON

Metadata associated with the tunnel.

cloudflare_zero_trust_tunnel_cloudflared

Terraform

HTTP

TypeScript

Python

Go

Terraform

resource "cloudflare_zero_trust_tunnel_cloudflared" "example_zero_trust_tunnel_cloudflared" {
  account_id = "699d98642c564d2e855e9661899b7252"
  name = "blog"
  config_src = "cloudflare"
  tunnel_secret = "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="
}

data cloudflare_zero_trust_tunnel_cloudflared

required Expand Collapse

account_id: String

Cloudflare account ID

optional Expand Collapse

tunnel_id?: String

UUID of the tunnel.

filter?: Attributes

exclude_prefix?: String

existed_at?: String

If provided, include only resources that were created (and not deleted) before this time. URL encoded.

include_prefix?: String

is_deleted?: Bool

If true, only include deleted tunnels. If false, exclude deleted tunnels. If empty, all tunnels will be included.

name?: String

A user-friendly name for a tunnel.

status?: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

uuid?: String

UUID of the tunnel.

was_active_at?: Time

was_inactive_at?: Time

computed Expand Collapse

id: String

UUID of the tunnel.

account_tag: String

Cloudflare account ID

config_src: String

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel on the Zero Trust dashboard.

conns_active_at: Time

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

conns_inactive_at: Time

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

created_at: Time

Timestamp of when the resource was created.

deleted_at: Time

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

name: String

A user-friendly name for a tunnel.

Deprecatedremote_config: Bool

Use the config_src field instead.

If true, the tunnel can be configured remotely from the Zero Trust dashboard. If false, the tunnel must be configured locally on the origin machine.

status: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

tun_type: String

The type of tunnel.

Deprecatedconnections: List[Attributes]

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id: String

UUID of the Cloudflare Tunnel connection.

client_id: String

UUID of the Cloudflare Tunnel connector.

client_version: String

The cloudflared version used to establish this connection.

colo_name: String

The Cloudflare data center used for this connection.

is_pending_reconnect: Bool

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Time

Timestamp of when the connection was established.

origin_ip: String

The public IP address of the host running cloudflared.

uuid: String

UUID of the Cloudflare Tunnel connection.

metadata: JSON

Metadata associated with the tunnel.

cloudflare_zero_trust_tunnel_cloudflared

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_tunnel_cloudflared" "example_zero_trust_tunnel_cloudflared" {
  account_id = "699d98642c564d2e855e9661899b7252"
  tunnel_id = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
}

data cloudflare_zero_trust_tunnel_cloudflareds

required Expand Collapse

account_id: String

Cloudflare account ID

optional Expand Collapse

exclude_prefix?: String

existed_at?: String

If provided, include only resources that were created (and not deleted) before this time. URL encoded.

include_prefix?: String

is_deleted?: Bool

If true, only include deleted tunnels. If false, exclude deleted tunnels. If empty, all tunnels will be included.

name?: String

A user-friendly name for a tunnel.

status?: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

uuid?: String

UUID of the tunnel.

was_active_at?: Time

was_inactive_at?: Time

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

UUID of the tunnel.

account_tag: String

Cloudflare account ID

config_src: String

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel on the Zero Trust dashboard.

Deprecatedconnections: List[Attributes]

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id: String

UUID of the Cloudflare Tunnel connection.

client_id: String

UUID of the Cloudflare Tunnel connector.

client_version: String

The cloudflared version used to establish this connection.

colo_name: String

The Cloudflare data center used for this connection.

is_pending_reconnect: Bool

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Time

Timestamp of when the connection was established.

origin_ip: String

The public IP address of the host running cloudflared.

uuid: String

UUID of the Cloudflare Tunnel connection.

conns_active_at: Time

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

conns_inactive_at: Time

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

created_at: Time

Timestamp of when the resource was created.

deleted_at: Time

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

metadata: JSON

Metadata associated with the tunnel.

name: String

A user-friendly name for a tunnel.

Deprecatedremote_config: Bool

Use the config_src field instead.

If true, the tunnel can be configured remotely from the Zero Trust dashboard. If false, the tunnel must be configured locally on the origin machine.

status: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

tun_type: String

The type of tunnel.

cloudflare_zero_trust_tunnel_cloudflareds

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_tunnel_cloudflareds" "example_zero_trust_tunnel_cloudflareds" {
  account_id = "699d98642c564d2e855e9661899b7252"
  exclude_prefix = "vpc1-"
  existed_at = "2019-10-12T07%3A20%3A50.52Z"
  include_prefix = "vpc1-"
  is_deleted = true
  name = "blog"
  status = "healthy"
  uuid = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
  was_active_at = "2009-11-10T23:00:00Z"
  was_inactive_at = "2009-11-10T23:00:00Z"
}

TunnelsCloudflaredConfigurations

resource cloudflare_zero_trust_tunnel_cloudflared_config

required Expand Collapse

tunnel_id: String

UUID of the tunnel.

account_id: String

Identifier.

optional Expand Collapse

config?: Attributes

The tunnel configuration and ingress rules.

ingress?: List[Attributes]

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: String

Public hostname for this service.

service: String

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. 'http_status:404'.

origin_request?: Attributes

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access?: Attributes

For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.

aud_tag: List[String]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: String

required?: Bool

Deny traffic that has not fulfilled Access authorization.

ca_pool?: String

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout?: Int64

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding?: Bool

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin?: Bool

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header?: String

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections?: Int64

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout?: Int64

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host?: Bool

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs?: Bool

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify?: Bool

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name?: String

Hostname that cloudflared should expect from your origin server certificate.

proxy_type?: String

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.

tcp_keep_alive?: Int64

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout?: Int64

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path?: String

Requests with this path route to this public hostname.

origin_request?: Attributes

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access?: Attributes

For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.

aud_tag: List[String]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: String

required?: Bool

Deny traffic that has not fulfilled Access authorization.

ca_pool?: String

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout?: Int64

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding?: Bool

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin?: Bool

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header?: String

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections?: Int64

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout?: Int64

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host?: Bool

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs?: Bool

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify?: Bool

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name?: String

Hostname that cloudflared should expect from your origin server certificate.

proxy_type?: String

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.

tcp_keep_alive?: Int64

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout?: Int64

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

Deprecatedwarp_routing: Attributes

This field is ignored by cloudflared since version 2023.10.0.

Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

enabled: Bool

computed Expand Collapse

id: String

UUID of the tunnel.

created_at: Time

source: String

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard.

version: Int64

The version of the Tunnel Configuration.

cloudflare_zero_trust_tunnel_cloudflared_config

Terraform

HTTP

TypeScript

Python

Go

Terraform

resource "cloudflare_zero_trust_tunnel_cloudflared_config" "example_zero_trust_tunnel_cloudflared_config" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  tunnel_id = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
  config = {
    ingress = [{
      hostname = "tunnel.example.com"
      service = "https://localhost:8001"
      origin_request = {
        access = {
          aud_tag = ["string"]
          team_name = "zero-trust-organization-name"
          required = false
        }
        ca_pool = "caPool"
        connect_timeout = 10
        disable_chunked_encoding = true
        http2_origin = true
        http_host_header = "httpHostHeader"
        keep_alive_connections = 100
        keep_alive_timeout = 90
        match_sn_ito_host = false
        no_happy_eyeballs = false
        no_tls_verify = false
        origin_server_name = "originServerName"
        proxy_type = "proxyType"
        tcp_keep_alive = 30
        tls_timeout = 10
      }
      path = "subpath"
    }]
    origin_request = {
      access = {
        aud_tag = ["string"]
        team_name = "zero-trust-organization-name"
        required = false
      }
      ca_pool = "caPool"
      connect_timeout = 10
      disable_chunked_encoding = true
      http2_origin = true
      http_host_header = "httpHostHeader"
      keep_alive_connections = 100
      keep_alive_timeout = 90
      match_sn_ito_host = false
      no_happy_eyeballs = false
      no_tls_verify = false
      origin_server_name = "originServerName"
      proxy_type = "proxyType"
      tcp_keep_alive = 30
      tls_timeout = 10
    }
  }
}

data cloudflare_zero_trust_tunnel_cloudflared_config

required Expand Collapse

account_id: String

Identifier.

tunnel_id: String

UUID of the tunnel.

computed Expand Collapse

created_at: Time

source: String

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard.

version: Int64

The version of the Tunnel Configuration.

config: Attributes

The tunnel configuration and ingress rules.

ingress: List[Attributes]

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: String

Public hostname for this service.

service: String

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. 'http_status:404'.

origin_request: Attributes

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Attributes

For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.

aud_tag: List[String]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: String

required: Bool

Deny traffic that has not fulfilled Access authorization.

ca_pool: String

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Int64

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Bool

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Bool

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: String

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Int64

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Int64

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Bool

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Bool

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Bool

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: String

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: String

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.

tcp_keep_alive: Int64

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Int64

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path: String

Requests with this path route to this public hostname.

origin_request: Attributes

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Attributes

For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.

aud_tag: List[String]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: String

required: Bool

Deny traffic that has not fulfilled Access authorization.

ca_pool: String

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Int64

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Bool

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Bool

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: String

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Int64

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Int64

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Bool

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Bool

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Bool

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: String

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: String

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.

tcp_keep_alive: Int64

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Int64

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

Deprecatedwarp_routing: Attributes

This field is ignored by cloudflared since version 2023.10.0.

Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

enabled: Bool

cloudflare_zero_trust_tunnel_cloudflared_config

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_tunnel_cloudflared_config" "example_zero_trust_tunnel_cloudflared_config" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  tunnel_id = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
}

TunnelsCloudflaredToken

data cloudflare_zero_trust_tunnel_cloudflared_token

required Expand Collapse

account_id: String

Cloudflare account ID

tunnel_id: String

UUID of the tunnel.

computed Expand Collapse

token: String

The Tunnel Token is used as a mechanism to authenticate the operation of a tunnel.

cloudflare_zero_trust_tunnel_cloudflared_token

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_tunnel_cloudflared_token" "example_zero_trust_tunnel_cloudflared_token" {
  account_id = "699d98642c564d2e855e9661899b7252"
  tunnel_id = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
}

TunnelsWARP Connector

resource cloudflare_zero_trust_tunnel_warp_connector

required Expand Collapse

account_id: String

Cloudflare account ID

name: String

A user-friendly name for a tunnel.

optional Expand Collapse

ha?: Bool

Indicates that the tunnel will be created to be highly available. If omitted, defaults to false.

tunnel_secret?: String

Sets the password required to run a locally-managed tunnel. Must be at least 32 bytes and encoded as a base64 string.

computed Expand Collapse

id: String

UUID of the tunnel.

account_tag: String

Cloudflare account ID

conns_active_at: Time

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

conns_inactive_at: Time

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

created_at: Time

Timestamp of when the resource was created.

deleted_at: Time

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

status: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

tun_type: String

The type of tunnel.

Deprecatedconnections: List[Attributes]

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id: String

UUID of the Cloudflare Tunnel connection.

client_id: String

UUID of the Cloudflare Tunnel connector.

client_version: String

The cloudflared version used to establish this connection.

colo_name: String

The Cloudflare data center used for this connection.

is_pending_reconnect: Bool

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Time

Timestamp of when the connection was established.

origin_ip: String

The public IP address of the host running cloudflared.

uuid: String

UUID of the Cloudflare Tunnel connection.

metadata: JSON

Metadata associated with the tunnel.

cloudflare_zero_trust_tunnel_warp_connector

Terraform

HTTP

TypeScript

Python

Go

Terraform

resource "cloudflare_zero_trust_tunnel_warp_connector" "example_zero_trust_tunnel_warp_connector" {
  account_id = "699d98642c564d2e855e9661899b7252"
  name = "blog"
  ha = true
}

data cloudflare_zero_trust_tunnel_warp_connector

required Expand Collapse

account_id: String

Cloudflare account ID

optional Expand Collapse

tunnel_id?: String

UUID of the tunnel.

filter?: Attributes

exclude_prefix?: String

existed_at?: String

If provided, include only resources that were created (and not deleted) before this time. URL encoded.

include_prefix?: String

is_deleted?: Bool

If true, only include deleted tunnels. If false, exclude deleted tunnels. If empty, all tunnels will be included.

name?: String

A user-friendly name for the tunnel.

status?: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

uuid?: String

UUID of the tunnel.

was_active_at?: Time

was_inactive_at?: Time

computed Expand Collapse

id: String

UUID of the tunnel.

account_tag: String

Cloudflare account ID

conns_active_at: Time

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

conns_inactive_at: Time

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

created_at: Time

Timestamp of when the resource was created.

deleted_at: Time

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

name: String

A user-friendly name for a tunnel.

status: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

tun_type: String

The type of tunnel.

Deprecatedconnections: List[Attributes]

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id: String

UUID of the Cloudflare Tunnel connection.

client_id: String

UUID of the Cloudflare Tunnel connector.

client_version: String

The cloudflared version used to establish this connection.

colo_name: String

The Cloudflare data center used for this connection.

is_pending_reconnect: Bool

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Time

Timestamp of when the connection was established.

origin_ip: String

The public IP address of the host running cloudflared.

uuid: String

UUID of the Cloudflare Tunnel connection.

metadata: JSON

Metadata associated with the tunnel.

cloudflare_zero_trust_tunnel_warp_connector

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_tunnel_warp_connector" "example_zero_trust_tunnel_warp_connector" {
  account_id = "699d98642c564d2e855e9661899b7252"
  tunnel_id = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
}

data cloudflare_zero_trust_tunnel_warp_connectors

required Expand Collapse

account_id: String

Cloudflare account ID

optional Expand Collapse

exclude_prefix?: String

existed_at?: String

If provided, include only resources that were created (and not deleted) before this time. URL encoded.

include_prefix?: String

is_deleted?: Bool

If true, only include deleted tunnels. If false, exclude deleted tunnels. If empty, all tunnels will be included.

name?: String

A user-friendly name for the tunnel.

status?: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

uuid?: String

UUID of the tunnel.

was_active_at?: Time

was_inactive_at?: Time

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

UUID of the tunnel.

account_tag: String

Cloudflare account ID

Deprecatedconnections: List[Attributes]

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id: String

UUID of the Cloudflare Tunnel connection.

client_id: String

UUID of the Cloudflare Tunnel connector.

client_version: String

The cloudflared version used to establish this connection.

colo_name: String

The Cloudflare data center used for this connection.

is_pending_reconnect: Bool

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Time

Timestamp of when the connection was established.

origin_ip: String

The public IP address of the host running cloudflared.

uuid: String

UUID of the Cloudflare Tunnel connection.

conns_active_at: Time

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

conns_inactive_at: Time

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

created_at: Time

Timestamp of when the resource was created.

deleted_at: Time

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

metadata: JSON

Metadata associated with the tunnel.

name: String

A user-friendly name for a tunnel.

status: String

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

tun_type: String

The type of tunnel.

cloudflare_zero_trust_tunnel_warp_connectors

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_tunnel_warp_connectors" "example_zero_trust_tunnel_warp_connectors" {
  account_id = "699d98642c564d2e855e9661899b7252"
  exclude_prefix = "vpc1-"
  existed_at = "2019-10-12T07%3A20%3A50.52Z"
  include_prefix = "vpc1-"
  is_deleted = true
  name = "blog"
  status = "healthy"
  uuid = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
  was_active_at = "2009-11-10T23:00:00Z"
  was_inactive_at = "2009-11-10T23:00:00Z"
}

TunnelsWARP ConnectorToken

data cloudflare_zero_trust_tunnel_warp_connector_token

required Expand Collapse

account_id: String

Cloudflare account ID

tunnel_id: String

UUID of the tunnel.

computed Expand Collapse

token: String

The Tunnel Token is used as a mechanism to authenticate the operation of a tunnel.

cloudflare_zero_trust_tunnel_warp_connector_token

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_tunnel_warp_connector_token" "example_zero_trust_tunnel_warp_connector_token" {
  account_id = "699d98642c564d2e855e9661899b7252"
  tunnel_id = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415"
}