Skip to content
Visit Terraform on GitHub
Set theme to dark (⇧+D)

Hello World

Let’s say you have a web server for your domain that’s accessible on You just signed up your domain,, on Cloudflare and want to manage everything in Terraform.

This tutorial step shows you how to get started. Before you do so, make sure you’ve installed Terraform. You will need to create an API Token with permissions to edit resources for this tutorial.

1. Defining your first Terraform config file

First we’ll create a initial Terraform config file. Any files ending in .tf will be processed by Terraform. As you configuration gets more complex you’ll want to split the config into separate files and modules, but for now we’ll proceed with a single file:

$ cat > <<'EOF'terraform {   required_providers {    cloudflare = {      source = "cloudflare/cloudflare"      version = "~> 2.0"    }  }}
provider "cloudflare" {      email = ""      api_token = "your-api-token"}
variable "zone_id" {  default = "e097e1136dc79bc1149e32a8a6bde5ef"}
variable "domain" {  default = ""}
resource "cloudflare_record" "www" {  zone_id = var.zone_id  name    = "www"  value   = ""  type    = "A"  proxied = true}EOF

2. Initializing Terraform and the Cloudflare provider

Now that you’ve created your basic configuration in HCL, let’s initialize Terraform and ask it to apply the configuration to Cloudflare.

$ terraform init
Initializing provider plugins...- Checking for available provider plugins on Downloading plugin for provider "cloudflare" (1.0.0)...
The following providers do not have any version constraints in configuration,so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breakingchanges, it is recommended to add version = "..." constraints to thecorresponding provider blocks in configuration, with the constraint stringssuggested below.
* provider.cloudflare: version = "~> 1.0"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to seeany changes that are required for your infrastructure. All Terraform commandsshould now work.
If you ever set or change modules or backend configuration for Terraform,rerun this command to reinitialize your working directory. If you forget, othercommands will detect it and remind you to do so if necessary.

When you run terraform init, any plugins required, such as the Cloudflare Terraform provider, are automatically downloaded and saved locally to a .terraform directory:

$ find .terraform/.terraform/.terraform/plugins.terraform/plugins/darwin_amd64.terraform/plugins/darwin_amd64/lock.json.terraform/plugins/darwin_amd64/terraform-provider-cloudflare_v1.0.0_x4

3. Reviewing the execution plan

With the Cloudflare provider installed, let’s ask Terraform what changes it’s planning to make to your Cloudflare account so it matches the configuration you previously defined:

$ terraform planRefreshing Terraform state in-memory prior to plan...The refreshed state will be used to calculate this plan, but will not bepersisted to local or remote state storage.

An execution plan has been generated and is shown below.Resource actions are indicated with the following symbols:  + create
Terraform will perform the following actions:
  + cloudflare_record.www      id:          <computed>      created_on:  <computed>      domain:      <computed>      hostname:    <computed>      metadata.%:  <computed>      modified_on: <computed>      name:        "www"      proxiable:   <computed>      proxied:     "true"      ttl:         <computed>      type:        "A"      value:       ""      zone_id:     "e097e1136dc79bc1149e32a8a6bde5ef"

Plan: 1 to add, 0 to change, 0 to destroy.
Note: You didn’t specify an "-out" parameter to save this plan, so Terraformcan’t guarantee that exactly these actions will be performed if"terraform apply" is subsequently run.

As you can see in the above “execution plan”, Terraform is going to create a new DNS record, as requested. Values that you’ve explicitly specified are displayed, e.g., the value of the A record——while values that are derived based on other API calls, e.g., looking up the metadata, or returned after the object is created, are displayed as <computed>.

4. Applying your changes

The plan command is important, as it allows you to preview the changes for accuracy before actually making them. Once you’re comfortable with the execution plan, it’s time to apply it:

$ terraform apply --auto-approvecloudflare_record.www: Creating...  created_on:  "" => "<computed>"  domain:      "" => ""  hostname:    "" => "<computed>"  metadata.%:  "" => "<computed>"  modified_on: "" => "<computed>"  name:        "" => "www"  proxiable:   "" => "<computed>"  proxied:     "" => "true"  ttl:         "" => "<computed>"  type:        "" => "A"  value:       "" => ""  zone_id:     "" => "<computed>"cloudflare_record.www: Creation complete after 1s (ID: c38d3103767284e7cd14d5dad3ab8668)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Note that I specified --auto-approve on the command line for briefer output; without this flag, Terraform will show you the output of terraform plan and then ask for confirmation before applying it.

5. Verifying the results

Logging back into the Cloudflare Dashboard and selecting the DNS tab, I can see the record that was created by Terraform:

New DNS Record

If you’d like to see the full results returned from the API call (including the default values that you didn’t specify but let Terraform compute), you can run terraform show:

$ terraform showcloudflare_record.www:  id = c38d3103767284e7cd14d5dad3ab8668  created_on = 2018-04-08T00:37:33.76321Z  data.% = 0  domain =  hostname =  metadata.% = 2  metadata.auto_added = false  metadata.managed_by_apps = false  modified_on = 2018-04-08T00:37:33.76321Z  name = www  priority = 0  proxiable = true  proxied = true  ttl = 1  type = A  value =  zone_id = e097e1136dc79bc1149e32a8a6bde5ef
$ curl https://www.example.comHello, this is!