1. Docs
  2. Reference
  3. API
  4. @pulumi/cloudflare

Package @pulumi/cloudflare

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-cloudflare repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-cloudflare repo.

var cloudflare = require("@pulumi/cloudflare");

import * as cloudflare from "@pulumi/cloudflare";

Modules

Resources

Functions

Others

Resources

Resource AccessApplication

class AccessApplication extends CustomResource

Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const stagingApp = new cloudflare.AccessApplication("stagingApp", {
    domain: "staging.example.com",
    name: "staging application",
    sessionDuration: "24h",
    zoneId: "1d5fdc9e88c8a8c4518b068cd94331fe",
});

constructor

new AccessApplication(name: string, args: AccessApplicationArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessApplication resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessApplicationState, opts?: pulumi.CustomResourceOptions): AccessApplication

Get an existing AccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccessApplication

Returns true if the given object is an instance of AccessApplication. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property aud

public aud: pulumi.Output<string>;

Application Audience (AUD) Tag of the application

property domain

public domain: pulumi.Output<string>;

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Friendly name of the Access Application.

property sessionDuration

public sessionDuration: pulumi.Output<string | undefined>;

How often a user will be forced to re-authorise. Must be one of 30m, 6h, 12h, 24h, 168h, 730h.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone to which the access rule should be added.

Resource AccessGroup

class AccessGroup extends CustomResource

Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Allowing access to `test@example.com` email address only
const testGroupAccessGroup = new cloudflare.AccessGroup("testGroupAccessGroup", {
    accountId: "975ecf5a45e3bcb680dba0722a420ad9",
    name: "staging group",
    include: [{
        emails: ["test@example.com"],
    }],
});
// Allowing `test@example.com` to access but only when coming from a
// specific IP.
const testGroupIndex_accessGroupAccessGroup = new cloudflare.AccessGroup("testGroupIndex/accessGroupAccessGroup", {
    accountId: "975ecf5a45e3bcb680dba0722a420ad9",
    name: "staging group",
    include: [{
        emails: ["test@example.com"],
    }],
    requires: {
        ips: [_var.office_ip],
    },
});

Conditions

require, exclude and include arguments share the available conditions which can be applied. The conditions are:

  • ip - (Optional) A list of IP addresses or ranges. Example: ip = ["1.2.3.4", "10.0.0.0/2"]
  • email - (Optional) A list of email addresses. Example: email = ["test@example.com"]
  • emailDomain - (Optional) A list of email domains. Example: emailDomain = ["example.com"]
  • serviceToken - (Optional) A list of service token ids. Example: serviceToken = [cloudflare_access_service_token.demo.id]
  • anyValidServiceToken - (Optional) Boolean indicating if allow all tokens to be granted. Example: anyValidServiceToken = true
  • group - (Optional) A list of access group ids. Example: group = [cloudflare_access_group.demo.id]
  • everyone - (Optional) Boolean indicating permitting access for all requests. Example: everyone = true
  • certificate - (Optional) Whether to use mTLS certificate authentication.
  • commonName - (Optional) Use a certificate common name to authenticate with.
  • gsuite - (Optional) Use GSuite as the authentication mechanism. Example:
  # ... other configuration
  include {
    gsuite {
      email = "admins@example.com"
      identityProviderId = "ca298b82-93b5-41bf-bc2d-10493f09b761"
    }
  }
  • github - (Optional) Use a GitHub team as the include condition. Example:
  # ... other configuration
  include {
    github {
      name = "my-github-team-name"
      identityProviderId = "ca298b82-93b5-41bf-bc2d-10493f09b761"
    }
  }
  • azure - (Optional) Use Azure AD as the include condition. Example:
  # ... other configuration
  include {
    azure {
      id = "86773093-5feb-48dd-814b-7ccd3676ff50e"
      identityProviderId = "ca298b82-93b5-41bf-bc2d-10493f09b761"
    }
  }
  • okta - (Optional) Use Okta as the include condition. Example:
  # ... other configuration
  include {
    okta {
      name = "admins"
      identityProviderId = "ca298b82-93b5-41bf-bc2d-10493f09b761"
    }
  }
  • saml - (Optional) Use an external SAML setup as the include condition. Example:
  # ... other configuration
  include {
    saml {
      attributeName = "group"
      attributeValue = "admins"
      identityProviderId = "ca298b82-93b5-41bf-bc2d-10493f09b761"
    }
  }

constructor

new AccessGroup(name: string, args: AccessGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessGroupState, opts?: pulumi.CustomResourceOptions): AccessGroup

Get an existing AccessGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccessGroup

Returns true if the given object is an instance of AccessGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

The ID of the account the group is associated with.

property excludes

public excludes: pulumi.Output<AccessGroupExclude[] | undefined>;

A series of access conditions, see below for full list.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property includes

public includes: pulumi.Output<AccessGroupInclude[]>;

A series of access conditions, see below for full list.

property name

public name: pulumi.Output<string>;

Friendly name of the Access Group.

property requires

public requires: pulumi.Output<AccessGroupRequire[] | undefined>;

A series of access conditions, see below for full list.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AccessIdentityProvider

class AccessIdentityProvider extends CustomResource

Provides a Cloudflare Access Identity Provider resource. Identity Providers are used as an authentication or authorisation source within Access.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// one time pin
const pinLogin = new cloudflare.AccessIdentityProvider("pinLogin", {
    accountId: "1d5fdc9e88c8a8c4518b068cd94331fe",
    name: "PIN login",
    type: "onetimepin",
});
// oauth
const githubOauth = new cloudflare.AccessIdentityProvider("githubOauth", {
    accountId: "1d5fdc9e88c8a8c4518b068cd94331fe",
    configs: [{
        clientId: "example",
        clientSecret: "secretKey",
    }],
    name: "GitHub OAuth",
    type: "github",
});
// saml
const jumpcloudSaml = new cloudflare.AccessIdentityProvider("jumpcloudSaml", {
    accountId: "1d5fdc9e88c8a8c4518b068cd94331fe",
    configs: [{
        attributes: [
            "email",
            "username",
        ],
        idpPublicCert: `MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o`,
        issuerUrl: "jumpcloud",
        signRequest: false,
        ssoTargetUrl: "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
    }],
    name: "JumpCloud SAML",
    type: "saml",
});

constructor

new AccessIdentityProvider(name: string, args: AccessIdentityProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessIdentityProvider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessIdentityProviderState, opts?: pulumi.CustomResourceOptions): AccessIdentityProvider

Get an existing AccessIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccessIdentityProvider

Returns true if the given object is an instance of AccessIdentityProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

property configs

public configs: pulumi.Output<AccessIdentityProviderConfig[] | undefined>;

Provider configuration from the [developer documentation][accessIdentityProviderGuide].

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Friendly name of the Access Identity Provider configuration.

property type

public type: pulumi.Output<string>;

The provider type to use. Must be one of: "centrify", "facebook", "google-apps", "oidc", "github", "google", "saml", "linkedin", "azureAD", "okta", "onetimepin", "onelogin", "yandex".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AccessPolicy

class AccessPolicy extends CustomResource

Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Allowing access to `test@example.com` email address only
const testPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyAccessPolicy", {
    applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    name: "staging policy",
    precedence: "1",
    decision: "allow",
    include: [{
        emails: ["test@example.com"],
    }],
});
// Allowing `test@example.com` to access but only when coming from a
// specific IP.
const testPolicyIndex_accessPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", {
    applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    name: "staging policy",
    precedence: "1",
    decision: "allow",
    include: [{
        emails: ["test@example.com"],
    }],
    requires: {
        ips: [_var.office_ip],
    },
});

constructor

new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessPolicyState, opts?: pulumi.CustomResourceOptions): AccessPolicy

Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccessPolicy

Returns true if the given object is an instance of AccessPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property applicationId

public applicationId: pulumi.Output<string>;

The ID of the application the policy is associated with.

property decision

public decision: pulumi.Output<string>;

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, nonIdentity, bypass

property excludes

public excludes: pulumi.Output<AccessPolicyExclude[] | undefined>;

A series of access conditions, see Access Groups.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property includes

public includes: pulumi.Output<AccessPolicyInclude[]>;

A series of access conditions, see Access Groups.

property name

public name: pulumi.Output<string>;

Friendly name of the Access Application.

property precedence

public precedence: pulumi.Output<number | undefined>;

The unique precedence for policies on a single application. Integer.

property requires

public requires: pulumi.Output<AccessPolicyRequire[] | undefined>;

A series of access conditions, see Access Groups.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone to which the access rule should be added.

Resource AccessRule

class AccessRule extends CustomResource

Provides a Cloudflare IP Firewall Access Rule resource. Access control can be applied on basis of IP addresses, IP ranges, AS numbers or countries.

constructor

new AccessRule(name: string, args: AccessRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessRuleState, opts?: pulumi.CustomResourceOptions): AccessRule

Get an existing AccessRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccessRule

Returns true if the given object is an instance of AccessRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property configuration

public configuration: pulumi.Output<AccessRuleConfiguration>;

Rule configuration to apply to a matched request. It’s a complex value. See description below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mode

public mode: pulumi.Output<string>;

The action to apply to a matched request. Allowed values: “block”, “challenge”, “whitelist”, “jsChallenge”

property notes

public notes: pulumi.Output<string | undefined>;

A personal note about the rule. Typically used as a reminder or explanation for the rule.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone to which the access rule should be added.

Resource AccessServiceToken

class AccessServiceToken extends CustomResource

Access Service Tokens are used for service-to-service communication when an application is behind Cloudflare Access.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const myApp = new cloudflare.AccessServiceToken("myApp", {
    accountId: "d41d8cd98f00b204e9800998ecf8427e",
    name: "CI/CD app",
});

constructor

new AccessServiceToken(name: string, args: AccessServiceTokenArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessServiceToken resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessServiceTokenState, opts?: pulumi.CustomResourceOptions): AccessServiceToken

Get an existing AccessServiceToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccessServiceToken

Returns true if the given object is an instance of AccessServiceToken. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

The ID of the account where the Access Service is being created.

property clientId

public clientId: pulumi.Output<string>;

UUID client ID associated with the Service Token.

property clientSecret

public clientSecret: pulumi.Output<string>;

A secret for interacting with Access protocols.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Friendly name of the token’s intent.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AccountMember

class AccountMember extends CustomResource

Provides a resource which manages Cloudflare account members.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleUser = new cloudflare.AccountMember("exampleUser", {
    emailAddress: "user@example.com",
    roleIds: [
        "68b329da9893e34099c7d8ad5cb9c940",
        "d784fa8b6d98d27699781bd9a7cf19f0",
    ],
});

constructor

new AccountMember(name: string, args: AccountMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a AccountMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountMemberState, opts?: pulumi.CustomResourceOptions): AccountMember

Get an existing AccountMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccountMember

Returns true if the given object is an instance of AccountMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property emailAddress

public emailAddress: pulumi.Output<string>;

The email address of the user who you wish to manage. Note: Following creation, this field becomes read only via the API and cannot be updated.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property roleIds

public roleIds: pulumi.Output<string[]>;

Array of account role IDs that you want to assign to a member.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Argo

class Argo extends CustomResource

Cloudflare Argo controls the routing to your origin and tiered caching options to speed up your website browsing experience.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.Argo("example", {
    smartRouting: "on",
    tieredCaching: "on",
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
});

constructor

new Argo(name: string, args: ArgoArgs, opts?: pulumi.CustomResourceOptions)

Create a Argo resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ArgoState, opts?: pulumi.CustomResourceOptions): Argo

Get an existing Argo resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Argo

Returns true if the given object is an instance of Argo. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property smartRouting

public smartRouting: pulumi.Output<string | undefined>;

Whether smart routing is enabled. Valid values: on or off. Defaults to off.

property tieredCaching

public tieredCaching: pulumi.Output<string | undefined>;

Whether tiered caching is enabled. Valid values: on or off. Defaults to off.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID that you wish to manage Argo on.

Resource ByoIpPrefix

class ByoIpPrefix extends CustomResource

Provides the ability to manage Bring-Your-Own-IP prefixes (BYOIP) which are used with or without Magic Transit.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.ByoIpPrefix("example", {
    advertisement: "on",
    description: "Example IP Prefix",
    prefixId: "d41d8cd98f00b204e9800998ecf8427e",
});

constructor

new ByoIpPrefix(name: string, args: ByoIpPrefixArgs, opts?: pulumi.CustomResourceOptions)

Create a ByoIpPrefix resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ByoIpPrefixState, opts?: pulumi.CustomResourceOptions): ByoIpPrefix

Get an existing ByoIpPrefix resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ByoIpPrefix

Returns true if the given object is an instance of ByoIpPrefix. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property advertisement

public advertisement: pulumi.Output<string>;

Whether or not the prefix shall be announced. A prefix can be activated or deactivated once every 15 minutes (attempting more regular updates will trigger rate limiting). Valid values: on or off.

property description

public description: pulumi.Output<string>;

The description of the prefix.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property prefixId

public prefixId: pulumi.Output<string>;

The assigned Bring-Your-Own-IP prefix ID.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource CustomPages

class CustomPages extends CustomResource

Provides a resource which manages Cloudflare custom error pages.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const basicChallenge = new cloudflare.CustomPages("basicChallenge", {
    state: "customized",
    type: "basicChallenge",
    url: "https://example.com/challenge.html",
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
});

constructor

new CustomPages(name: string, args: CustomPagesArgs, opts?: pulumi.CustomResourceOptions)

Create a CustomPages resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CustomPagesState, opts?: pulumi.CustomResourceOptions): CustomPages

Get an existing CustomPages resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CustomPages

Returns true if the given object is an instance of CustomPages. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string | undefined>;

The account ID where the custom pages should be updated. Either accountId or zoneId must be provided. If accountId is present, it will override the zone setting.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property state

public state: pulumi.Output<string | undefined>;

property type

public type: pulumi.Output<string>;

The type of custom page you wish to update. Must be one of basicChallenge, wafChallenge, wafBlock, ratelimitBlock, countryChallenge, ipBlock, underAttack, 500Errors, 1000Errors, alwaysOnline.

property url

public url: pulumi.Output<string>;

URL of where the custom page source is located.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string | undefined>;

The zone ID where the custom pages should be updated. Either zoneId or accountId must be provided.

Resource CustomSsl

class CustomSsl extends CustomResource

Provides a Cloudflare custom ssl resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const config = new pulumi.Config();
const cloudflareZoneId = config.get("cloudflareZoneId") || "1d5fdc9e88c8a8c4518b068cd94331fe";

// Add a custom ssl certificate to the domain
const foossl = new cloudflare.CustomSsl("foossl", {
    customSslOptions: {
        bundle_method: "ubiquitous",
        certificate: "-----INSERT CERTIFICATE-----",
        geo_restrictions: "us",
        private_key: "-----INSERT PRIVATE KEY-----",
        type: "legacyCustom",
    },
    zoneId: cloudflareZoneId,
});

constructor

new CustomSsl(name: string, args: CustomSslArgs, opts?: pulumi.CustomResourceOptions)

Create a CustomSsl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CustomSslState, opts?: pulumi.CustomResourceOptions): CustomSsl

Get an existing CustomSsl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CustomSsl

Returns true if the given object is an instance of CustomSsl. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property customSslOptions

public customSslOptions: pulumi.Output<CustomSslCustomSslOptions | undefined>;

The certificate, private key and associated optional parameters, such as bundle_method, geo_restrictions, and type.

property customSslPriorities

public customSslPriorities: pulumi.Output<CustomSslCustomSslPriority[] | undefined>;

property expiresOn

public expiresOn: pulumi.Output<string>;

property hosts

public hosts: pulumi.Output<string[]>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property issuer

public issuer: pulumi.Output<string>;

property modifiedOn

public modifiedOn: pulumi.Output<string>;

property priority

public priority: pulumi.Output<number>;

property signature

public signature: pulumi.Output<string>;

property status

public status: pulumi.Output<string>;

property uploadedOn

public uploadedOn: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone id to the custom ssl cert should be added.

Resource Filter

class Filter extends CustomResource

Filter expressions that can be referenced across multiple features, e.g. Firewall Rule. The expression format is similar to Wireshark Display Filter.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const wordpress = new cloudflare.Filter("wordpress", {
    description: "Wordpress break-in attempts that are outside of the office",
    expression: "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.src ne 192.0.2.1",
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
});

constructor

new Filter(name: string, args: FilterArgs, opts?: pulumi.CustomResourceOptions)

Create a Filter resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FilterState, opts?: pulumi.CustomResourceOptions): Filter

Get an existing Filter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Filter

Returns true if the given object is an instance of Filter. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

A note that you can use to describe the purpose of the filter.

property expression

public expression: pulumi.Output<string>;

The filter expression to be used.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property paused

public paused: pulumi.Output<boolean | undefined>;

Whether this filter is currently paused. Boolean value.

property ref

public ref: pulumi.Output<string | undefined>;

Short reference tag to quickly select related rules.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone to which the Filter should be added.

Resource FirewallRule

class FirewallRule extends CustomResource

Define Firewall rules using filter expressions for more control over how traffic is matched to the rule. A filter expression permits selecting traffic by multiple criteria allowing greater freedom in rule creation.

Filter expressions needs to be created first before using Firewall Rule. See Filter.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const wordpressFilter = new cloudflare.Filter("wordpressFilter", {
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    description: "Wordpress break-in attempts that are outside of the office",
    expression: "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.src ne 192.0.2.1",
});
const wordpressFirewallRule = new cloudflare.FirewallRule("wordpressFirewallRule", {
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    description: "Block wordpress break-in attempts",
    filterId: wordpressFilter.id,
    action: "block",
});

constructor

new FirewallRule(name: string, args: FirewallRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a FirewallRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FirewallRuleState, opts?: pulumi.CustomResourceOptions): FirewallRule

Get an existing FirewallRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is FirewallRule

Returns true if the given object is an instance of FirewallRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property action

public action: pulumi.Output<string>;

The action to apply to a matched request. Allowed values: “block”, “challenge”, “allow”, “jsChallenge”, “bypass”. Enterprise plan also allows “log”.

property description

public description: pulumi.Output<string | undefined>;

A description of the rule to help identify it.

property filterId

public filterId: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property paused

public paused: pulumi.Output<boolean | undefined>;

Whether this filter based firewall rule is currently paused. Boolean value.

property priority

public priority: pulumi.Output<number | undefined>;

The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.

property products

public products: pulumi.Output<string[] | undefined>;

List of products to bypass for a request when the bypass action is used. Allowed values: “zoneLockdown”, “uaBlock”, “bic”, “hot”, “securityLevel”, “rateLimit”, “waf”.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone to which the Filter should be added.

Resource Healthcheck

class Healthcheck extends CustomResource

Standalone Health Checks provide a way to monitor origin servers without needing a Cloudflare Load Balancer.

Example Usage

HTTPS Health Check
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const httpHealthCheck = new cloudflare.Healthcheck("httpHealthCheck", {
    zoneId: _var.cloudflare_zone_id,
    name: "http-health-check",
    description: "example http health check",
    address: "example.com",
    suspended: false,
    checkRegions: [
        "WEU",
        "EEU",
    ],
    notificationSuspended: false,
    notificationEmailAddresses: ["hostmaster@example.com"],
    type: "HTTPS",
    port: "443",
    method: "GET",
    path: "/health",
    expectedBody: "alive",
    expectedCodes: [
        "2xx",
        "301",
    ],
    followRedirects: true,
    allowInsecure: false,
    header: [{
        header: "Host",
        values: ["example.com"],
    }],
    timeout: 10,
    retries: 2,
    interval: 60,
    consecutiveFails: 3,
    consecutiveSuccesses: 2,
});
TCP Monitor
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const tcpHealthCheck = new cloudflare.Healthcheck("tcpHealthCheck", {
    zoneId: _var.cloudflare_zone_id,
    name: "tcp-health-check",
    description: "example tcp health check",
    address: "example.com",
    suspended: false,
    checkRegions: [
        "WEU",
        "EEU",
    ],
    notificationSuspended: false,
    notificationEmailAddresses: ["hostmaster@example.com"],
    type: "TCP",
    port: "22",
    method: "connectionEstablished",
    timeout: 10,
    retries: 2,
    interval: 60,
    consecutiveFails: 3,
    consecutiveSuccesses: 2,
});

constructor

new Healthcheck(name: string, args: HealthcheckArgs, opts?: pulumi.CustomResourceOptions)

Create a Healthcheck resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: HealthcheckState, opts?: pulumi.CustomResourceOptions): Healthcheck

Get an existing Healthcheck resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Healthcheck

Returns true if the given object is an instance of Healthcheck. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property address

public address: pulumi.Output<string>;

The hostname or IP address of the origin server to run health checks on.

property allowInsecure

public allowInsecure: pulumi.Output<boolean | undefined>;

Do not validate the certificate when the health check uses HTTPS. Valid values: true or false (Default: false).

property checkRegions

public checkRegions: pulumi.Output<string[]>;

A list of regions from which to run health checks. If not set Cloudflare will pick a default region. Valid values: WNAM, ENAM, WEU, EEU, NSAM, SSAM, OC, ME, NAF, SAF, IN, SEAS, NEAS, ALL_REGIONS.

property consecutiveFails

public consecutiveFails: pulumi.Output<number | undefined>;

The number of consecutive fails required from a health check before changing the health to unhealthy. (Default: 1)

property consecutiveSuccesses

public consecutiveSuccesses: pulumi.Output<number | undefined>;

The number of consecutive successes required from a health check before changing the health to healthy. (Default: 1)

property createdOn

public createdOn: pulumi.Output<string>;

property description

public description: pulumi.Output<string | undefined>;

A human-readable description of the health check.

property expectedBody

public expectedBody: pulumi.Output<string | undefined>;

A case-insensitive sub-string to look for in the response body. If this string is not found, the origin will be marked as unhealthy.

property expectedCodes

public expectedCodes: pulumi.Output<string[] | undefined>;

The expected HTTP response codes (e.g. “200”) or code ranges (e.g. “2xx” for all codes starting with 2) of the health check. (Default: ["200"])

property followRedirects

public followRedirects: pulumi.Output<boolean | undefined>;

Follow redirects if the origin returns a 3xx status code. Valid values: true or false (Default: false).

property headers

public headers: pulumi.Output<HealthcheckHeader[] | undefined>;

The header name.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property interval

public interval: pulumi.Output<number | undefined>;

The interval between each health check. Shorter intervals may give quicker notifications if the origin status changes, but will increase load on the origin as we check from multiple locations. (Default: 60)

property method

public method: pulumi.Output<string>;

The TCP connection method to use for the health check. Valid values: connectionEstablished (Default: connectionEstablished).

property modifiedOn

public modifiedOn: pulumi.Output<string>;

property name

public name: pulumi.Output<string>;

A short name to identify the health check. Only alphanumeric characters, hyphens and underscores are allowed.

property notificationEmailAddresses

public notificationEmailAddresses: pulumi.Output<string[] | undefined>;

A list of email addresses we want to send the notifications to.

property notificationSuspended

public notificationSuspended: pulumi.Output<boolean | undefined>;

Whether the notifications are suspended or not. Useful for maintenance periods. Valid values: true or false (Default: false).

property path

public path: pulumi.Output<string | undefined>;

The endpoint path to health check against. (Default: /)

property port

public port: pulumi.Output<number | undefined>;

Port number to connect to for the health check. Valid values are in the rage 0-65535 (Default: 80).

property retries

public retries: pulumi.Output<number | undefined>;

The number of retries to attempt in case of a timeout before marking the origin as unhealthy. Retries are attempted immediately. (Default: 2)

property suspended

public suspended: pulumi.Output<boolean | undefined>;

If suspended, no health checks are sent to the origin. Valid values: true or false (Default: false).

property timeout

public timeout: pulumi.Output<number | undefined>;

The timeout (in seconds) before marking the health check as failed. (Default: 5)

property type

public type: pulumi.Output<string>;

The protocol to use for the health check. Valid values: HTTP, HTTPS, TCP.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to which apply settings.

Resource LoadBalancer

class LoadBalancer extends CustomResource

Provides a Cloudflare Load Balancer resource. This sits in front of a number of defined pools of origins and provides various options for geographically-aware load balancing. Note that the load balancing feature must be enabled in your Cloudflare account before you can use this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const foo = new cloudflare.LoadBalancerPool("foo", {
    name: "example-lb-pool",
    origins: [{
        name: "example-1",
        address: "192.0.2.1",
        enabled: false,
    }],
});
// Define a load balancer which always points to a pool we define below
// In normal usage, would have different pools set for different pops (cloudflare points-of-presence) and/or for different regions
// Within each pop or region we can define multiple pools in failover order
const bar = new cloudflare.LoadBalancer("bar", {
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    name: "example-load-balancer",
    fallbackPoolId: foo.id,
    defaultPoolIds: [foo.id],
    description: "example load balancer using geo-balancing",
    proxied: true,
    steeringPolicy: "geo",
    pop_pools: [{
        pop: "LAX",
        poolIds: [foo.id],
    }],
    region_pools: [{
        region: "WNAM",
        poolIds: [foo.id],
    }],
});

constructor

new LoadBalancer(name: string, args: LoadBalancerArgs, opts?: pulumi.CustomResourceOptions)

Create a LoadBalancer resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LoadBalancerState, opts?: pulumi.CustomResourceOptions): LoadBalancer

Get an existing LoadBalancer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LoadBalancer

Returns true if the given object is an instance of LoadBalancer. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property createdOn

public createdOn: pulumi.Output<string>;

The RFC3339 timestamp of when the load balancer was created.

property defaultPoolIds

public defaultPoolIds: pulumi.Output<string[]>;

A list of pool IDs ordered by their failover priority. Used whenever region/pop pools are not defined.

property description

public description: pulumi.Output<string | undefined>;

Free text description.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Enable or disable the load balancer. Defaults to true (enabled).

property fallbackPoolId

public fallbackPoolId: pulumi.Output<string>;

The pool ID to use when all other pools are detected as unhealthy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property modifiedOn

public modifiedOn: pulumi.Output<string>;

The RFC3339 timestamp of when the load balancer was last modified.

property name

public name: pulumi.Output<string>;

The DNS name (FQDN, including the zone) to associate with the load balancer.

property popPools

public popPools: pulumi.Output<LoadBalancerPopPool[]>;

A set containing mappings of Cloudflare Point-of-Presence (PoP) identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). This feature is only available to enterprise customers. Fields documented below.

property proxied

public proxied: pulumi.Output<boolean | undefined>;

Whether the hostname gets Cloudflare’s origin protection. Defaults to false.

property regionPools

public regionPools: pulumi.Output<LoadBalancerRegionPool[]>;

A set containing mappings of region/country codes to a list of pool IDs (ordered by their failover priority) for the given region. Fields documented below.

property sessionAffinity

public sessionAffinity: pulumi.Output<string | undefined>;

Associates all requests coming from an end-user with a single origin. Cloudflare will set a cookie on the initial response to the client, such that consequent requests with the cookie in the request will go to the same origin, so long as it is available. Valid values are: "", "none", "cookie", and "ipCookie". Default is "".

property steeringPolicy

public steeringPolicy: pulumi.Output<string>;

Determine which method the load balancer uses to determine the fastest route to your origin. Valid values are: "off", "geo", "dynamicLatency", "random" or "". Default is "".

property ttl

public ttl: pulumi.Output<number>;

Time to live (TTL) of this load balancer’s DNS name. Conflicts with proxied - this cannot be set for proxied load balancers. Default is 30.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The zone ID to add the load balancer to.

Resource LoadBalancerMonitor

class LoadBalancerMonitor extends CustomResource

If you’re using Cloudflare’s Load Balancing to load-balance across multiple origin servers or data centers, you configure one of these Monitors to actively check the availability of those servers over HTTP(S) or TCP.

Example Usage

HTTP Monitor
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const httpMonitor = new cloudflare.LoadBalancerMonitor("httpMonitor", {
    allowInsecure: false,
    description: "example http load balancer",
    expectedBody: "alive",
    expectedCodes: "2xx",
    followRedirects: true,
    headers: [{
        header: "Host",
        values: ["example.com"],
    }],
    interval: 60,
    method: "GET",
    path: "/health",
    retries: 5,
    timeout: 7,
    type: "http",
});
TCP Monitor
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const tcpMonitor = new cloudflare.LoadBalancerMonitor("tcpMonitor", {
    description: "example tcp load balancer",
    interval: 60,
    method: "connectionEstablished",
    retries: 5,
    timeout: 7,
    type: "tcp",
});

constructor

new LoadBalancerMonitor(name: string, args?: LoadBalancerMonitorArgs, opts?: pulumi.CustomResourceOptions)

Create a LoadBalancerMonitor resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LoadBalancerMonitorState, opts?: pulumi.CustomResourceOptions): LoadBalancerMonitor

Get an existing LoadBalancerMonitor resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LoadBalancerMonitor

Returns true if the given object is an instance of LoadBalancerMonitor. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowInsecure

public allowInsecure: pulumi.Output<boolean | undefined>;

Do not validate the certificate when monitor use HTTPS. Only valid if type is “http” or “https”.

property createdOn

public createdOn: pulumi.Output<string>;

The RFC3339 timestamp of when the load balancer monitor was created.

property description

public description: pulumi.Output<string | undefined>;

Free text description.

property expectedBody

public expectedBody: pulumi.Output<string | undefined>;

A case-insensitive sub-string to look for in the response body. If this string is not found, the origin will be marked as unhealthy. Only valid if type is “http” or “https”. Default: “”.

property expectedCodes

public expectedCodes: pulumi.Output<string | undefined>;

The expected HTTP response code or code range of the health check. Eg 2xx. Only valid and required if type is “http” or “https”.

property followRedirects

public followRedirects: pulumi.Output<boolean | undefined>;

Follow redirects if returned by the origin. Only valid if type is “http” or “https”.

property headers

public headers: pulumi.Output<LoadBalancerMonitorHeader[] | undefined>;

The header name.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property interval

public interval: pulumi.Output<number | undefined>;

The interval between each health check. Shorter intervals may improve failover time, but will increase load on the origins as we check from multiple locations. Default: 60.

property method

public method: pulumi.Output<string>;

The method to use for the health check. Valid values are any valid HTTP verb if type is “http” or “https”, or connectionEstablished if type is “tcp”. Default: “GET” if type is “http” or “https”, or “connectionEstablished” if type is “tcp” .

property modifiedOn

public modifiedOn: pulumi.Output<string>;

The RFC3339 timestamp of when the load balancer monitor was last modified.

property path

public path: pulumi.Output<string>;

The endpoint path to health check against. Default: “/”. Only valid if type is “http” or “https”.

property port

public port: pulumi.Output<number | undefined>;

property retries

public retries: pulumi.Output<number | undefined>;

The number of retries to attempt in case of a timeout before marking the origin as unhealthy. Retries are attempted immediately. Default: 2.

property timeout

public timeout: pulumi.Output<number | undefined>;

The timeout (in seconds) before marking the health check as failed. Default: 5.

property type

public type: pulumi.Output<string | undefined>;

The protocol to use for the healthcheck. Currently supported protocols are ‘HTTP’, ‘HTTPS’ and ‘TCP’. Default: “http”.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource LoadBalancerPool

class LoadBalancerPool extends CustomResource

Provides a Cloudflare Load Balancer pool resource. This provides a pool of origins that can be used by a Cloudflare Load Balancer. Note that the load balancing feature must be enabled in your Cloudflare account before you can use this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const foo = new cloudflare.LoadBalancerPool("foo", {
    description: "example load balancer pool",
    enabled: false,
    minimumOrigins: 1,
    name: "example-pool",
    notificationEmail: "someone@example.com",
    origins: [
        {
            address: "192.0.2.1",
            enabled: false,
            name: "example-1",
        },
        {
            address: "192.0.2.2",
            name: "example-2",
        },
    ],
});

constructor

new LoadBalancerPool(name: string, args: LoadBalancerPoolArgs, opts?: pulumi.CustomResourceOptions)

Create a LoadBalancerPool resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LoadBalancerPoolState, opts?: pulumi.CustomResourceOptions): LoadBalancerPool

Get an existing LoadBalancerPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LoadBalancerPool

Returns true if the given object is an instance of LoadBalancerPool. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property checkRegions

public checkRegions: pulumi.Output<string[]>;

A list of regions (specified by region code) from which to run health checks. Empty means every Cloudflare data center (the default), but requires an Enterprise plan. Region codes can be found here.

property createdOn

public createdOn: pulumi.Output<string>;

The RFC3339 timestamp of when the load balancer was created.

property description

public description: pulumi.Output<string | undefined>;

Free text description.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Whether to enable (the default) this origin within the Pool. Disabled origins will not receive traffic and are excluded from health checks. The origin will only be disabled for the current pool.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property minimumOrigins

public minimumOrigins: pulumi.Output<number | undefined>;

The minimum number of origins that must be healthy for this pool to serve traffic. If the number of healthy origins falls below this number, the pool will be marked unhealthy and we will failover to the next available pool. Default: 1.

property modifiedOn

public modifiedOn: pulumi.Output<string>;

The RFC3339 timestamp of when the load balancer was last modified.

property monitor

public monitor: pulumi.Output<string | undefined>;

The ID of the Monitor to use for health checking origins within this pool.

property name

public name: pulumi.Output<string>;

A human-identifiable name for the origin.

property notificationEmail

public notificationEmail: pulumi.Output<string | undefined>;

The email address to send health status notifications to. This can be an individual mailbox or a mailing list. Multiple emails can be supplied as a comma delimited list.

property origins

public origins: pulumi.Output<LoadBalancerPoolOrigin[]>;

The list of origins within this pool. Traffic directed at this pool is balanced across all currently healthy origins, provided the pool itself is healthy. It’s a complex value. See description below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource LogpullRetention

class LogpullRetention extends CustomResource

Allows management of the Logpull Retention settings used to control whether or not to retain HTTP request logs.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.LogpullRetention("example", {
    enabled: true,
    zoneId: "fb54f084ca7f7b732d3d3ecbd8ef7bf2",
});

constructor

new LogpullRetention(name: string, args: LogpullRetentionArgs, opts?: pulumi.CustomResourceOptions)

Create a LogpullRetention resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LogpullRetentionState, opts?: pulumi.CustomResourceOptions): LogpullRetention

Get an existing LogpullRetention resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LogpullRetention

Returns true if the given object is an instance of LogpullRetention. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property enabled

public enabled: pulumi.Output<boolean>;

Whether you wish to retain logs or not.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The zone ID to apply the log retention to.

Resource LogpushJob

class LogpushJob extends CustomResource

constructor

new LogpushJob(name: string, args: LogpushJobArgs, opts?: pulumi.CustomResourceOptions)

Create a LogpushJob resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LogpushJobState, opts?: pulumi.CustomResourceOptions): LogpushJob

Get an existing LogpushJob resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LogpushJob

Returns true if the given object is an instance of LogpushJob. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property dataset

public dataset: pulumi.Output<string>;

Which type of dataset resource to use. Available values are "firewallEvents", "httpRequests", and "spectrumEvents".

property destinationConf

public destinationConf: pulumi.Output<string>;

Uniquely identifies a resource (such as an s3 bucket) where data will be pushed. Additional configuration parameters supported by the destination may be included. See Logpush destination documentation.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logpullOptions

public logpullOptions: pulumi.Output<string | undefined>;

Configuration string for the Logshare API. It specifies things like requested fields and timestamp formats. See Logpull options documentation.

property name

public name: pulumi.Output<string | undefined>;

The name of the logpush job to create. Must match the regular expression ^[a-zA-Z0-9\-\.]*$.

property ownershipChallenge

public ownershipChallenge: pulumi.Output<string>;

Ownership challenge token to prove destination ownership. See Developer documentation.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The zone ID where the logpush job should be created.

Resource OriginCaCertificate

class OriginCaCertificate extends CustomResource

Provides a Cloudflare Origin CA certificate used to protect traffic to your origin without involving a third party Certificate Authority.

This resource requires you use your Origin CA Key as the apiUserServiceKey.

constructor

new OriginCaCertificate(name: string, args: OriginCaCertificateArgs, opts?: pulumi.CustomResourceOptions)

Create a OriginCaCertificate resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OriginCaCertificateState, opts?: pulumi.CustomResourceOptions): OriginCaCertificate

Get an existing OriginCaCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is OriginCaCertificate

Returns true if the given object is an instance of OriginCaCertificate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property certificate

public certificate: pulumi.Output<string>;

The Origin CA certificate

property csr

public csr: pulumi.Output<string>;

The Certificate Signing Request. Must be newline-encoded.

property expiresOn

public expiresOn: pulumi.Output<string>;

The datetime when the certificate will expire.

property hostnames

public hostnames: pulumi.Output<string[]>;

An array of hostnames or wildcard names bound to the certificate.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property requestType

public requestType: pulumi.Output<string>;

The signature type desired on the certificate.

property requestedValidity

public requestedValidity: pulumi.Output<number | undefined>;

The number of days for which the certificate should be valid.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource PageRule

class PageRule extends CustomResource

Provides a Cloudflare page rule resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Add a page rule to the domain
const foobar = new cloudflare.PageRule("foobar", {
    zoneId: _var.cloudflare_zone_id,
    target: `sub.${_var.cloudflare_zone}/page`,
    priority: 1,
    actions: {
        ssl: "flexible",
        emailObfuscation: "on",
        minify: [{
            html: "off",
            css: "on",
            js: "on",
        }],
    },
});

constructor

new PageRule(name: string, args: PageRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a PageRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PageRuleState, opts?: pulumi.CustomResourceOptions): PageRule

Get an existing PageRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is PageRule

Returns true if the given object is an instance of PageRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property actions

public actions: pulumi.Output<PageRuleActions>;

The actions taken by the page rule, options given below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property priority

public priority: pulumi.Output<number | undefined>;

The priority of the page rule among others for this target, the higher the number the higher the priority as per API documentation.

property status

public status: pulumi.Output<string | undefined>;

Whether the page rule is active or disabled.

property target

public target: pulumi.Output<string>;

The URL pattern to target with the page rule.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to which the page rule should be added.

Resource Provider

class Provider extends ProviderResource

The provider type for the cloudflare package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

constructor

new Provider(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions)

Create a Provider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Provider

Returns true if the given object is an instance of Provider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method register

static register(provider: ProviderResource | undefined): Promise<string | undefined>

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RateLimit

class RateLimit extends CustomResource

Provides a Cloudflare rate limit resource for a given zone. This can be used to limit the traffic you receive zone-wide, or matching more specific types of requests/responses.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.RateLimit("example", {
    zoneId: _var.cloudflare_zone_id,
    threshold: 2000,
    period: 2,
    match: {
        request: {
            urlPattern: `${_var.cloudflare_zone}/*`,
            schemes: [
                "HTTP",
                "HTTPS",
            ],
            methods: [
                "GET",
                "POST",
                "PUT",
                "DELETE",
                "PATCH",
                "HEAD",
            ],
        },
        response: {
            statuses: [
                200,
                201,
                202,
                301,
                429,
            ],
            originTraffic: false,
        },
    },
    action: {
        mode: "simulate",
        timeout: 43200,
        response: {
            contentType: "text/plain",
            body: "custom response body",
        },
    },
    correlate: {
        by: "nat",
    },
    disabled: false,
    description: "example rate limit for a zone",
    bypassUrlPatterns: [
        `${_var.cloudflare_zone}/bypass1`,
        `${_var.cloudflare_zone}/bypass2`,
    ],
});

constructor

new RateLimit(name: string, args: RateLimitArgs, opts?: pulumi.CustomResourceOptions)

Create a RateLimit resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RateLimitState, opts?: pulumi.CustomResourceOptions): RateLimit

Get an existing RateLimit resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RateLimit

Returns true if the given object is an instance of RateLimit. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property action

public action: pulumi.Output<RateLimitAction>;

The action to be performed when the threshold of matched traffic within the period defined is exceeded.

property bypassUrlPatterns

public bypassUrlPatterns: pulumi.Output<string[] | undefined>;

URLs matching the patterns specified here will be excluded from rate limiting.

property correlate

public correlate: pulumi.Output<RateLimitCorrelate | undefined>;

Determines how rate limiting is applied. By default if not specified, rate limiting applies to the clients IP address.

property description

public description: pulumi.Output<string | undefined>;

A note that you can use to describe the reason for a rate limit. This value is sanitized and all tags are removed.

property disabled

public disabled: pulumi.Output<boolean | undefined>;

Whether this ratelimit is currently disabled. Default: false.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property match

public match: pulumi.Output<RateLimitMatch>;

Determines which traffic the rate limit counts towards the threshold. By default matches all traffic in the zone. See definition below.

property period

public period: pulumi.Output<number>;

The time in seconds to count matching traffic. If the count exceeds threshold within this period the action will be performed (min: 1, max: 86,400).

property threshold

public threshold: pulumi.Output<number>;

The threshold that triggers the rate limit mitigations, combine with period. i.e. threshold per period (min: 2, max: 1,000,000).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to apply rate limiting to.

Resource Record

class Record extends CustomResource

constructor

new Record(name: string, args: RecordArgs, opts?: pulumi.CustomResourceOptions)

Create a Record resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RecordState, opts?: pulumi.CustomResourceOptions): Record

Get an existing Record resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Record

Returns true if the given object is an instance of Record. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property createdOn

public createdOn: pulumi.Output<string>;

The RFC3339 timestamp of when the record was created

property data

public data: pulumi.Output<RecordData | undefined>;

Map of attributes that constitute the record value. Primarily used for LOC and SRV record types. Either this or value must be specified

property hostname

public hostname: pulumi.Output<string>;

The FQDN of the record

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metadata

public metadata: pulumi.Output<{[key: string]: any}>;

A key-value map of string metadata Cloudflare associates with the record

property modifiedOn

public modifiedOn: pulumi.Output<string>;

The RFC3339 timestamp of when the record was last modified

property name

public name: pulumi.Output<string>;

The name of the record

property priority

public priority: pulumi.Output<number | undefined>;

The priority of the record

property proxiable

public proxiable: pulumi.Output<boolean>;

Shows whether this record can be proxied, must be true if setting proxied=true

property proxied

public proxied: pulumi.Output<boolean | undefined>;

Whether the record gets Cloudflare’s origin protection; defaults to false.

property ttl

public ttl: pulumi.Output<number>;

The TTL of the record (automatic: ‘1’)

property type

public type: pulumi.Output<string>;

The type of the record

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The (string) value of the record. Either this or data must be specified

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to add the record to

Resource SpectrumApplication

class SpectrumApplication extends CustomResource

Provides a Cloudflare Spectrum Application. You can extend the power of Cloudflare’s DDoS, TLS, and IP Firewall to your other TCP-based services.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Define a spectrum application proxies ssh traffic
const sshProxy = new cloudflare.SpectrumApplication("sshProxy", {
    zoneId: _var.cloudflare_zone_id,
    protocol: "tcp/22",
    trafficType: "direct",
    dns: {
        type: "CNAME",
        name: "ssh.example.com",
    },
    originDirects: ["tcp://109.151.40.129:22"],
});

constructor

new SpectrumApplication(name: string, args: SpectrumApplicationArgs, opts?: pulumi.CustomResourceOptions)

Create a SpectrumApplication resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SpectrumApplicationState, opts?: pulumi.CustomResourceOptions): SpectrumApplication

Get an existing SpectrumApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SpectrumApplication

Returns true if the given object is an instance of SpectrumApplication. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property argoSmartRouting

public argoSmartRouting: pulumi.Output<boolean | undefined>;

. Enables Argo Smart Routing. Defaults to false.

property dns

public dns: pulumi.Output<SpectrumApplicationDns>;

The name and type of DNS record for the Spectrum application. Fields documented below.

property edgeIpConnectivity

public edgeIpConnectivity: pulumi.Output<string | undefined>;

. Choose which types of IP addresses will be provisioned for this subdomain. Valid values are: all, ipv4, ipv6. Defaults to all.

property edgeIps

public edgeIps: pulumi.Output<string[] | undefined>;

. A list of edge IPs (IPv4 and/or IPv6) to configure Spectrum application to. Requires Bring Your Own IP provisioned.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipFirewall

public ipFirewall: pulumi.Output<boolean | undefined>;

Enables the IP Firewall for this application. Defaults to true.

property originDirects

public originDirects: pulumi.Output<string[] | undefined>;

A list of destination addresses to the origin. e.g. tcp://192.0.2.1:22.

property originDns

public originDns: pulumi.Output<SpectrumApplicationOriginDns | undefined>;

A destination DNS addresses to the origin. Fields documented below.

property originPort

public originPort: pulumi.Output<number | undefined>;

If using originDns this is a required attribute. Origin port to proxy traffice to e.g. 22.

property protocol

public protocol: pulumi.Output<string>;

The port configuration at Cloudflare’s edge. e.g. tcp/22.

property proxyProtocol

public proxyProtocol: pulumi.Output<string | undefined>;

Enables a proxy protocol to the origin. Valid values are: off, v1, v2, and simple. Defaults to off.

property tls

public tls: pulumi.Output<string | undefined>;

TLS configuration option for Cloudflare to connect to your origin. Valid values are: off, flexible, full and strict. Defaults to off.

property trafficType

public trafficType: pulumi.Output<string | undefined>;

Sets application type. Valid values are: direct, http, https. Defaults to direct.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to add the application to

Resource WafGroup

class WafGroup extends CustomResource

Provides a Cloudflare WAF rule group resource for a particular zone. This can be used to configure firewall behaviour for pre-defined firewall groups.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const honeyPot = new cloudflare.WafGroup("honeyPot", {
    groupId: "de677e5818985db1285d0e80225f06e5",
    mode: "on",
    zoneId: "ae36f999674d196762efcc5abb06b345",
});

constructor

new WafGroup(name: string, args: WafGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a WafGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WafGroupState, opts?: pulumi.CustomResourceOptions): WafGroup

Get an existing WafGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WafGroup

Returns true if the given object is an instance of WafGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupId

public groupId: pulumi.Output<string>;

The WAF Rule Group ID.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mode

public mode: pulumi.Output<string | undefined>;

The mode of the group, can be one of [“on”, “off”].

property packageId

public packageId: pulumi.Output<string>;

The ID of the WAF Rule Package that contains the group.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to apply to.

Resource WafPackage

class WafPackage extends CustomResource

Provides a Cloudflare WAF rule package resource for a particular zone. This can be used to configure firewall behaviour for pre-defined firewall packages.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const owasp = new cloudflare.WafPackage("owasp", {
    actionMode: "simulate",
    packageId: "a25a9a7e9c00afc1fb2e0245519d725b",
    sensitivity: "medium",
    zoneId: "ae36f999674d196762efcc5abb06b345",
});

constructor

new WafPackage(name: string, args: WafPackageArgs, opts?: pulumi.CustomResourceOptions)

Create a WafPackage resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WafPackageState, opts?: pulumi.CustomResourceOptions): WafPackage

Get an existing WafPackage resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WafPackage

Returns true if the given object is an instance of WafPackage. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property actionMode

public actionMode: pulumi.Output<string | undefined>;

The action mode of the package, can be one of [“block”, “challenge”, “simulate”].

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property packageId

public packageId: pulumi.Output<string>;

The WAF Package ID.

property sensitivity

public sensitivity: pulumi.Output<string | undefined>;

The sensitivity of the package, can be one of [“high”, “medium”, “low”, “off”].

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to apply to.

Resource WafRule

class WafRule extends CustomResource

Provides a Cloudflare WAF rule resource for a particular zone. This can be used to configure firewall behaviour for pre-defined firewall rules.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const _100000 = new cloudflare.WafRule("100000", {
    mode: "simulate",
    ruleId: "100000",
    zoneId: "ae36f999674d196762efcc5abb06b345",
});

constructor

new WafRule(name: string, args: WafRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a WafRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WafRuleState, opts?: pulumi.CustomResourceOptions): WafRule

Get an existing WafRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WafRule

Returns true if the given object is an instance of WafRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupId

public groupId: pulumi.Output<string>;

The ID of the WAF Rule Group that contains the rule.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mode

public mode: pulumi.Output<string>;

The mode of the rule, can be one of [“block”, “challenge”, “default”, “disable”, “simulate”].

property packageId

public packageId: pulumi.Output<string>;

The ID of the WAF Rule Package that contains the rule.

property ruleId

public ruleId: pulumi.Output<string>;

The WAF Rule ID.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to apply to.

Resource WorkerRoute

class WorkerRoute extends CustomResource

Provides a Cloudflare worker route resource. A route will also require a cloudflare..WorkerScript. NOTE: This resource uses the Cloudflare account APIs. This requires setting the CLOUDFLARE_ACCOUNT_ID environment variable or accountId provider argument.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const myScript = new cloudflare.WorkerScript("myScript", {});
// see "cloudflare..WorkerScript" documentation ...
// Runs the specified worker script for all URLs that match `example.com/*`
const myRoute = new cloudflare.WorkerRoute("myRoute", {
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    pattern: "example.com/*",
    scriptName: myScript.name,
});

constructor

new WorkerRoute(name: string, args: WorkerRouteArgs, opts?: pulumi.CustomResourceOptions)

Create a WorkerRoute resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkerRouteState, opts?: pulumi.CustomResourceOptions): WorkerRoute

Get an existing WorkerRoute resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WorkerRoute

Returns true if the given object is an instance of WorkerRoute. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property pattern

public pattern: pulumi.Output<string>;

The route pattern

property scriptName

public scriptName: pulumi.Output<string | undefined>;

Which worker script to run for requests that match the route pattern. If scriptName is empty, workers will be skipped for matching requests.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The zone ID to add the route to.

Resource WorkerScript

class WorkerScript extends CustomResource

Provides a Cloudflare worker script resource. In order for a script to be active, you’ll also need to setup a cloudflare..WorkerRoute. NOTE: This resource uses the Cloudflare account APIs. This requires setting the CLOUDFLARE_ACCOUNT_ID environment variable or accountId provider argument.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
import * from "fs";

const myNamespace = new cloudflare.WorkersKvNamespace("myNamespace", {title: "example"});
// Sets the script with the name "script1"
const myScript = new cloudflare.WorkerScript("myScript", {
    name: "script1",
    content: fs.readFileSync("script.js"),
    kv_namespace_binding: [{
        name: "myBinding",
        namespaceId: myNamespace.id,
    }],
});

constructor

new WorkerScript(name: string, args: WorkerScriptArgs, opts?: pulumi.CustomResourceOptions)

Create a WorkerScript resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkerScriptState, opts?: pulumi.CustomResourceOptions): WorkerScript

Get an existing WorkerScript resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WorkerScript

Returns true if the given object is an instance of WorkerScript. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property content

public content: pulumi.Output<string>;

The script content.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property kvNamespaceBindings

public kvNamespaceBindings: pulumi.Output<WorkerScriptKvNamespaceBinding[] | undefined>;

property name

public name: pulumi.Output<string>;

The name for the binding.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WorkersKv

class WorkersKv extends CustomResource

Provides a Workers KV Pair. NOTE: This resource uses the Cloudflare account APIs. This requires setting the CLOUDFLARE_ACCOUNT_ID environment variable or accountId provider argument.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleNs = new cloudflare.WorkersKvNamespace("exampleNs", {title: "test-namespace"});
const example = new cloudflare.WorkersKv("example", {
    namespaceId: exampleNs.id,
    key: "test-key",
    value: "test value",
});

constructor

new WorkersKv(name: string, args: WorkersKvArgs, opts?: pulumi.CustomResourceOptions)

Create a WorkersKv resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkersKvState, opts?: pulumi.CustomResourceOptions): WorkersKv

Get an existing WorkersKv resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WorkersKv

Returns true if the given object is an instance of WorkersKv. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property key

public key: pulumi.Output<string>;

The key name

property namespaceId

public namespaceId: pulumi.Output<string>;

The ID of the Workers KV namespace in which you want to create the KV pair

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The string value to be stored in the key

Resource WorkersKvNamespace

class WorkersKvNamespace extends CustomResource

Provides a Workers KV Namespace

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.WorkersKvNamespace("example", {
    title: "test-namespace",
});

constructor

new WorkersKvNamespace(name: string, args: WorkersKvNamespaceArgs, opts?: pulumi.CustomResourceOptions)

Create a WorkersKvNamespace resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkersKvNamespaceState, opts?: pulumi.CustomResourceOptions): WorkersKvNamespace

Get an existing WorkersKvNamespace resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WorkersKvNamespace

Returns true if the given object is an instance of WorkersKvNamespace. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property title

public title: pulumi.Output<string>;

The name of the namespace you wish to create.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Zone

class Zone extends CustomResource

Provides a Cloudflare Zone resource. Zone is the basic resource for working with Cloudflare and is roughly equivalent to a domain name that the user purchases.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.Zone("example", {
    zone: "example.com",
});

constructor

new Zone(name: string, args: ZoneArgs, opts?: pulumi.CustomResourceOptions)

Create a Zone resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ZoneState, opts?: pulumi.CustomResourceOptions): Zone

Get an existing Zone resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Zone

Returns true if the given object is an instance of Zone. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property jumpStart

public jumpStart: pulumi.Output<boolean | undefined>;

Boolean of whether to scan for DNS records on creation. Ignored after zone is created. Default: false.

property meta

public meta: pulumi.Output<ZoneMeta>;

property nameServers

public nameServers: pulumi.Output<string[]>;

Cloudflare-assigned name servers. This is only populated for zones that use Cloudflare DNS.

property paused

public paused: pulumi.Output<boolean | undefined>;

Boolean of whether this zone is paused (traffic bypasses Cloudflare). Default: false.

property plan

public plan: pulumi.Output<string>;

The name of the commercial plan to apply to the zone, can be updated once the one is created; one of free, pro, business, enterprise.

property status

public status: pulumi.Output<string>;

Status of the zone. Valid values: active, pending, initializing, moved, deleted, deactivated.

property type

public type: pulumi.Output<string | undefined>;

A full zone implies that DNS is hosted with Cloudflare. A partial zone is typically a partner-hosted zone or a CNAME setup. Valid values: full, partial. Default is full.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vanityNameServers

public vanityNameServers: pulumi.Output<string[]>;

List of Vanity Nameservers (if set). * meta.wildcard_proxiable - Indicates whether wildcard DNS records can receive Cloudflare security and performance features. * meta.phishing_detected - Indicates if URLs on the zone have been identified as hosting phishing content.

property verificationKey

public verificationKey: pulumi.Output<string>;

Contains the TXT record value to validate domain ownership. This is only populated for zones of type partial.

property zone

public zone: pulumi.Output<string>;

The DNS zone name which will be added.

Resource ZoneLockdown

class ZoneLockdown extends CustomResource

Provides a Cloudflare Zone Lockdown resource. Zone Lockdown allows you to define one or more URLs (with wildcard matching on the domain or path) that will only permit access if the request originates from an IP address that matches a safelist of one or more IP addresses and/or IP ranges.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Restrict access to these endpoints to requests from a known IP address.
const endpointLockdown = new cloudflare.ZoneLockdown("endpointLockdown", {
    configurations: [{
        target: "ip",
        value: "198.51.100.4",
    }],
    description: "Restrict access to these endpoints to requests from a known IP address",
    paused: false,
    urls: ["api.mysite.com/some/endpoint*"],
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
});

constructor

new ZoneLockdown(name: string, args: ZoneLockdownArgs, opts?: pulumi.CustomResourceOptions)

Create a ZoneLockdown resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ZoneLockdownState, opts?: pulumi.CustomResourceOptions): ZoneLockdown

Get an existing ZoneLockdown resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ZoneLockdown

Returns true if the given object is an instance of ZoneLockdown. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property configurations

public configurations: pulumi.Output<ZoneLockdownConfiguration[]>;

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

property description

public description: pulumi.Output<string | undefined>;

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property paused

public paused: pulumi.Output<boolean | undefined>;

Boolean of whether this zone lockdown is currently paused. Default: false.

property priority

public priority: pulumi.Output<number | undefined>;

property urls

public urls: pulumi.Output<string[]>;

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to which the access rule should be added.

Resource ZoneSettingsOverride

class ZoneSettingsOverride extends CustomResource

Provides a resource which customizes Cloudflare zone settings. Note that after destroying this resource Zone Settings will be reset to their initial values.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const test = new cloudflare.ZoneSettingsOverride("test", {
    zoneId: _var.cloudflare_zone_id,
    settings: {
        brotli: "on",
        challengeTtl: 2700,
        securityLevel: "high",
        opportunisticEncryption: "on",
        automaticHttpsRewrites: "on",
        mirage: "on",
        waf: "on",
        minify: {
            css: "on",
            js: "off",
            html: "off",
        },
        security_header: {
            enabled: true,
        },
    },
});

constructor

new ZoneSettingsOverride(name: string, args: ZoneSettingsOverrideArgs, opts?: pulumi.CustomResourceOptions)

Create a ZoneSettingsOverride resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ZoneSettingsOverrideState, opts?: pulumi.CustomResourceOptions): ZoneSettingsOverride

Get an existing ZoneSettingsOverride resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ZoneSettingsOverride

Returns true if the given object is an instance of ZoneSettingsOverride. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property initialSettings

public initialSettings: pulumi.Output<ZoneSettingsOverrideInitialSettings>;

Settings present in the zone at the time the resource is created. This will be used to restore the original settings when this resource is destroyed. Shares the same schema as the settings attribute (Above).

property initialSettingsReadAt

public initialSettingsReadAt: pulumi.Output<string>;

property readonlySettings

public readonlySettings: pulumi.Output<string[]>;

Which of the current settings are not able to be set by the user. Which settings these are is determined by plan level and user permissions. * zoneStatus. A full zone implies that DNS is hosted with Cloudflare. A partial zone is typically a partner-hosted zone or a CNAME setup. * zoneType. Status of the zone. Valid values: active, pending, initializing, moved, deleted, deactivated.

property settings

public settings: pulumi.Output<ZoneSettingsOverrideSettings>;

Settings overrides that will be applied to the zone. If a setting is not specified the existing setting will be used. For a full list of available settings see below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zoneId

public zoneId: pulumi.Output<string>;

The DNS zone ID to which apply settings.

property zoneStatus

public zoneStatus: pulumi.Output<string>;

property zoneType

public zoneType: pulumi.Output<string>;

Functions

Function getIpRanges

getIpRanges(opts?: pulumi.InvokeOptions): Promise<GetIpRangesResult>

Use this data source to get the IP ranges of Cloudflare edge nodes.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
import * as gcp from "@pulumi/gcp";

const cloudflare = cloudflare.getIpRanges({});
const allowCloudflareIngress = new gcp.compute.Firewall("allowCloudflareIngress", {
    network: "default",
    sourceRanges: cloudflare.then(cloudflare => cloudflare.ipv4CidrBlocks),
    allow: [{
        ports: "443",
        protocol: "tcp",
    }],
});

Function getWafGroups

getWafGroups(args: GetWafGroupsArgs, opts?: pulumi.InvokeOptions): Promise<GetWafGroupsResult>

Use this data source to look up WAF Rule Groups.

Function getWafPackages

getWafPackages(args: GetWafPackagesArgs, opts?: pulumi.InvokeOptions): Promise<GetWafPackagesResult>

Use this data source to look up WAF Rule Packages.

Function getWafRules

getWafRules(args: GetWafRulesArgs, opts?: pulumi.InvokeOptions): Promise<GetWafRulesResult>

Use this data source to look up WAF Rules.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const test = cloudflare.getWafRules({
    zoneId: "ae36f999674d196762efcc5abb06b345",
    packageId: "a25a9a7e9c00afc1fb2e0245519d725b",
    filter: {
        description: ".*example.*",
        mode: "on",
        groupId: "de677e5818985db1285d0e80225f06e5",
    },
});
export const wafRules = test.then(test => test.rules);

Function getZones

getZones(args: GetZonesArgs, opts?: pulumi.InvokeOptions): Promise<GetZonesResult>

Use this data source to look up Zone records.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const test = pulumi.output(cloudflare.getZones({
    filter: {
        name: "example.*",
        paused: false,
        status: "active",
    },
}, { async: true }));
const endpointLockdown = new cloudflare.ZoneLockdown("endpointLockdown", {
    configurations: [{
        target: "ip",
        value: "198.51.100.4",
    }],
    description: "Restrict access to these endpoints to requests from a known IP address",
    paused: false,
    urls: ["api.mysite.com/some/endpoint*"],
    zone: test.apply(test => (<any>test.zones[0])["name"]),
});

Others

interface AccessApplicationArgs

interface AccessApplicationArgs

The set of arguments for constructing a AccessApplication resource.

property domain

domain: pulumi.Input<string>;

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

property name

name: pulumi.Input<string>;

Friendly name of the Access Application.

property sessionDuration

sessionDuration?: pulumi.Input<string>;

How often a user will be forced to re-authorise. Must be one of 30m, 6h, 12h, 24h, 168h, 730h.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone to which the access rule should be added.

interface AccessApplicationState

interface AccessApplicationState

Input properties used for looking up and filtering AccessApplication resources.

property aud

aud?: pulumi.Input<string>;

Application Audience (AUD) Tag of the application

property domain

domain?: pulumi.Input<string>;

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

property name

name?: pulumi.Input<string>;

Friendly name of the Access Application.

property sessionDuration

sessionDuration?: pulumi.Input<string>;

How often a user will be forced to re-authorise. Must be one of 30m, 6h, 12h, 24h, 168h, 730h.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone to which the access rule should be added.

interface AccessGroupArgs

interface AccessGroupArgs

The set of arguments for constructing a AccessGroup resource.

property accountId

accountId: pulumi.Input<string>;

The ID of the account the group is associated with.

property excludes

excludes?: pulumi.Input<pulumi.Input<AccessGroupExclude>[]>;

A series of access conditions, see below for full list.

property includes

includes: pulumi.Input<pulumi.Input<AccessGroupInclude>[]>;

A series of access conditions, see below for full list.

property name

name: pulumi.Input<string>;

Friendly name of the Access Group.

property requires

requires?: pulumi.Input<pulumi.Input<AccessGroupRequire>[]>;

A series of access conditions, see below for full list.

interface AccessGroupState

interface AccessGroupState

Input properties used for looking up and filtering AccessGroup resources.

property accountId

accountId?: pulumi.Input<string>;

The ID of the account the group is associated with.

property excludes

excludes?: pulumi.Input<pulumi.Input<AccessGroupExclude>[]>;

A series of access conditions, see below for full list.

property includes

includes?: pulumi.Input<pulumi.Input<AccessGroupInclude>[]>;

A series of access conditions, see below for full list.

property name

name?: pulumi.Input<string>;

Friendly name of the Access Group.

property requires

requires?: pulumi.Input<pulumi.Input<AccessGroupRequire>[]>;

A series of access conditions, see below for full list.

interface AccessIdentityProviderArgs

interface AccessIdentityProviderArgs

The set of arguments for constructing a AccessIdentityProvider resource.

property accountId

accountId: pulumi.Input<string>;

property configs

configs?: pulumi.Input<pulumi.Input<AccessIdentityProviderConfig>[]>;

Provider configuration from the [developer documentation][accessIdentityProviderGuide].

property name

name: pulumi.Input<string>;

Friendly name of the Access Identity Provider configuration.

property type

type: pulumi.Input<string>;

The provider type to use. Must be one of: "centrify", "facebook", "google-apps", "oidc", "github", "google", "saml", "linkedin", "azureAD", "okta", "onetimepin", "onelogin", "yandex".

interface AccessIdentityProviderState

interface AccessIdentityProviderState

Input properties used for looking up and filtering AccessIdentityProvider resources.

property accountId

accountId?: pulumi.Input<string>;

property configs

configs?: pulumi.Input<pulumi.Input<AccessIdentityProviderConfig>[]>;

Provider configuration from the [developer documentation][accessIdentityProviderGuide].

property name

name?: pulumi.Input<string>;

Friendly name of the Access Identity Provider configuration.

property type

type?: pulumi.Input<string>;

The provider type to use. Must be one of: "centrify", "facebook", "google-apps", "oidc", "github", "google", "saml", "linkedin", "azureAD", "okta", "onetimepin", "onelogin", "yandex".

interface AccessPolicyArgs

interface AccessPolicyArgs

The set of arguments for constructing a AccessPolicy resource.

property applicationId

applicationId: pulumi.Input<string>;

The ID of the application the policy is associated with.

property decision

decision: pulumi.Input<string>;

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, nonIdentity, bypass

property excludes

excludes?: pulumi.Input<pulumi.Input<AccessPolicyExclude>[]>;

A series of access conditions, see Access Groups.

property includes

includes: pulumi.Input<pulumi.Input<AccessPolicyInclude>[]>;

A series of access conditions, see Access Groups.

property name

name: pulumi.Input<string>;

Friendly name of the Access Application.

property precedence

precedence?: pulumi.Input<number>;

The unique precedence for policies on a single application. Integer.

property requires

requires?: pulumi.Input<pulumi.Input<AccessPolicyRequire>[]>;

A series of access conditions, see Access Groups.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone to which the access rule should be added.

interface AccessPolicyState

interface AccessPolicyState

Input properties used for looking up and filtering AccessPolicy resources.

property applicationId

applicationId?: pulumi.Input<string>;

The ID of the application the policy is associated with.

property decision

decision?: pulumi.Input<string>;

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, nonIdentity, bypass

property excludes

excludes?: pulumi.Input<pulumi.Input<AccessPolicyExclude>[]>;

A series of access conditions, see Access Groups.

property includes

includes?: pulumi.Input<pulumi.Input<AccessPolicyInclude>[]>;

A series of access conditions, see Access Groups.

property name

name?: pulumi.Input<string>;

Friendly name of the Access Application.

property precedence

precedence?: pulumi.Input<number>;

The unique precedence for policies on a single application. Integer.

property requires

requires?: pulumi.Input<pulumi.Input<AccessPolicyRequire>[]>;

A series of access conditions, see Access Groups.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone to which the access rule should be added.

interface AccessRuleArgs

interface AccessRuleArgs

The set of arguments for constructing a AccessRule resource.

property configuration

configuration: pulumi.Input<AccessRuleConfiguration>;

Rule configuration to apply to a matched request. It’s a complex value. See description below.

property mode

mode: pulumi.Input<string>;

The action to apply to a matched request. Allowed values: “block”, “challenge”, “whitelist”, “jsChallenge”

property notes

notes?: pulumi.Input<string>;

A personal note about the rule. Typically used as a reminder or explanation for the rule.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone to which the access rule should be added.

interface AccessRuleState

interface AccessRuleState

Input properties used for looking up and filtering AccessRule resources.

property configuration

configuration?: pulumi.Input<AccessRuleConfiguration>;

Rule configuration to apply to a matched request. It’s a complex value. See description below.

property mode

mode?: pulumi.Input<string>;

The action to apply to a matched request. Allowed values: “block”, “challenge”, “whitelist”, “jsChallenge”

property notes

notes?: pulumi.Input<string>;

A personal note about the rule. Typically used as a reminder or explanation for the rule.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone to which the access rule should be added.

interface AccessServiceTokenArgs

interface AccessServiceTokenArgs

The set of arguments for constructing a AccessServiceToken resource.

property accountId

accountId: pulumi.Input<string>;

The ID of the account where the Access Service is being created.

property name

name: pulumi.Input<string>;

Friendly name of the token’s intent.

interface AccessServiceTokenState

interface AccessServiceTokenState

Input properties used for looking up and filtering AccessServiceToken resources.

property accountId

accountId?: pulumi.Input<string>;

The ID of the account where the Access Service is being created.

property clientId

clientId?: pulumi.Input<string>;

UUID client ID associated with the Service Token.

property clientSecret

clientSecret?: pulumi.Input<string>;

A secret for interacting with Access protocols.

property name

name?: pulumi.Input<string>;

Friendly name of the token’s intent.

interface AccountMemberArgs

interface AccountMemberArgs

The set of arguments for constructing a AccountMember resource.

property emailAddress

emailAddress: pulumi.Input<string>;

The email address of the user who you wish to manage. Note: Following creation, this field becomes read only via the API and cannot be updated.

property roleIds

roleIds: pulumi.Input<pulumi.Input<string>[]>;

Array of account role IDs that you want to assign to a member.

interface AccountMemberState

interface AccountMemberState

Input properties used for looking up and filtering AccountMember resources.

property emailAddress

emailAddress?: pulumi.Input<string>;

The email address of the user who you wish to manage. Note: Following creation, this field becomes read only via the API and cannot be updated.

property roleIds

roleIds?: pulumi.Input<pulumi.Input<string>[]>;

Array of account role IDs that you want to assign to a member.

interface ArgoArgs

interface ArgoArgs

The set of arguments for constructing a Argo resource.

property smartRouting

smartRouting?: pulumi.Input<string>;

Whether smart routing is enabled. Valid values: on or off. Defaults to off.

property tieredCaching

tieredCaching?: pulumi.Input<string>;

Whether tiered caching is enabled. Valid values: on or off. Defaults to off.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID that you wish to manage Argo on.

interface ArgoState

interface ArgoState

Input properties used for looking up and filtering Argo resources.

property smartRouting

smartRouting?: pulumi.Input<string>;

Whether smart routing is enabled. Valid values: on or off. Defaults to off.

property tieredCaching

tieredCaching?: pulumi.Input<string>;

Whether tiered caching is enabled. Valid values: on or off. Defaults to off.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID that you wish to manage Argo on.

interface ByoIpPrefixArgs

interface ByoIpPrefixArgs

The set of arguments for constructing a ByoIpPrefix resource.

property advertisement

advertisement?: pulumi.Input<string>;

Whether or not the prefix shall be announced. A prefix can be activated or deactivated once every 15 minutes (attempting more regular updates will trigger rate limiting). Valid values: on or off.

property description

description?: pulumi.Input<string>;

The description of the prefix.

property prefixId

prefixId: pulumi.Input<string>;

The assigned Bring-Your-Own-IP prefix ID.

interface ByoIpPrefixState

interface ByoIpPrefixState

Input properties used for looking up and filtering ByoIpPrefix resources.

property advertisement

advertisement?: pulumi.Input<string>;

Whether or not the prefix shall be announced. A prefix can be activated or deactivated once every 15 minutes (attempting more regular updates will trigger rate limiting). Valid values: on or off.

property description

description?: pulumi.Input<string>;

The description of the prefix.

property prefixId

prefixId?: pulumi.Input<string>;

The assigned Bring-Your-Own-IP prefix ID.

interface CustomPagesArgs

interface CustomPagesArgs

The set of arguments for constructing a CustomPages resource.

property accountId

accountId?: pulumi.Input<string>;

The account ID where the custom pages should be updated. Either accountId or zoneId must be provided. If accountId is present, it will override the zone setting.

property state

state?: pulumi.Input<string>;

property type

type: pulumi.Input<string>;

The type of custom page you wish to update. Must be one of basicChallenge, wafChallenge, wafBlock, ratelimitBlock, countryChallenge, ipBlock, underAttack, 500Errors, 1000Errors, alwaysOnline.

property url

url: pulumi.Input<string>;

URL of where the custom page source is located.

property zoneId

zoneId?: pulumi.Input<string>;

The zone ID where the custom pages should be updated. Either zoneId or accountId must be provided.

interface CustomPagesState

interface CustomPagesState

Input properties used for looking up and filtering CustomPages resources.

property accountId

accountId?: pulumi.Input<string>;

The account ID where the custom pages should be updated. Either accountId or zoneId must be provided. If accountId is present, it will override the zone setting.

property state

state?: pulumi.Input<string>;

property type

type?: pulumi.Input<string>;

The type of custom page you wish to update. Must be one of basicChallenge, wafChallenge, wafBlock, ratelimitBlock, countryChallenge, ipBlock, underAttack, 500Errors, 1000Errors, alwaysOnline.

property url

url?: pulumi.Input<string>;

URL of where the custom page source is located.

property zoneId

zoneId?: pulumi.Input<string>;

The zone ID where the custom pages should be updated. Either zoneId or accountId must be provided.

interface CustomSslArgs

interface CustomSslArgs

The set of arguments for constructing a CustomSsl resource.

property customSslOptions

customSslOptions?: pulumi.Input<CustomSslCustomSslOptions>;

The certificate, private key and associated optional parameters, such as bundle_method, geo_restrictions, and type.

property customSslPriorities

customSslPriorities?: pulumi.Input<pulumi.Input<CustomSslCustomSslPriority>[]>;

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone id to the custom ssl cert should be added.

interface CustomSslState

interface CustomSslState

Input properties used for looking up and filtering CustomSsl resources.

property customSslOptions

customSslOptions?: pulumi.Input<CustomSslCustomSslOptions>;

The certificate, private key and associated optional parameters, such as bundle_method, geo_restrictions, and type.

property customSslPriorities

customSslPriorities?: pulumi.Input<pulumi.Input<CustomSslCustomSslPriority>[]>;

property expiresOn

expiresOn?: pulumi.Input<string>;

property hosts

hosts?: pulumi.Input<pulumi.Input<string>[]>;

property issuer

issuer?: pulumi.Input<string>;

property modifiedOn

modifiedOn?: pulumi.Input<string>;

property priority

priority?: pulumi.Input<number>;

property signature

signature?: pulumi.Input<string>;

property status

status?: pulumi.Input<string>;

property uploadedOn

uploadedOn?: pulumi.Input<string>;

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone id to the custom ssl cert should be added.

interface FilterArgs

interface FilterArgs

The set of arguments for constructing a Filter resource.

property description

description?: pulumi.Input<string>;

A note that you can use to describe the purpose of the filter.

property expression

expression: pulumi.Input<string>;

The filter expression to be used.

property paused

paused?: pulumi.Input<boolean>;

Whether this filter is currently paused. Boolean value.

property ref

ref?: pulumi.Input<string>;

Short reference tag to quickly select related rules.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone to which the Filter should be added.

interface FilterState

interface FilterState

Input properties used for looking up and filtering Filter resources.

property description

description?: pulumi.Input<string>;

A note that you can use to describe the purpose of the filter.

property expression

expression?: pulumi.Input<string>;

The filter expression to be used.

property paused

paused?: pulumi.Input<boolean>;

Whether this filter is currently paused. Boolean value.

property ref

ref?: pulumi.Input<string>;

Short reference tag to quickly select related rules.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone to which the Filter should be added.

interface FirewallRuleArgs

interface FirewallRuleArgs

The set of arguments for constructing a FirewallRule resource.

property action

action: pulumi.Input<string>;

The action to apply to a matched request. Allowed values: “block”, “challenge”, “allow”, “jsChallenge”, “bypass”. Enterprise plan also allows “log”.

property description

description?: pulumi.Input<string>;

A description of the rule to help identify it.

property filterId

filterId: pulumi.Input<string>;

property paused

paused?: pulumi.Input<boolean>;

Whether this filter based firewall rule is currently paused. Boolean value.

property priority

priority?: pulumi.Input<number>;

The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.

property products

products?: pulumi.Input<pulumi.Input<string>[]>;

List of products to bypass for a request when the bypass action is used. Allowed values: “zoneLockdown”, “uaBlock”, “bic”, “hot”, “securityLevel”, “rateLimit”, “waf”.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone to which the Filter should be added.

interface FirewallRuleState

interface FirewallRuleState

Input properties used for looking up and filtering FirewallRule resources.

property action

action?: pulumi.Input<string>;

The action to apply to a matched request. Allowed values: “block”, “challenge”, “allow”, “jsChallenge”, “bypass”. Enterprise plan also allows “log”.

property description

description?: pulumi.Input<string>;

A description of the rule to help identify it.

property filterId

filterId?: pulumi.Input<string>;

property paused

paused?: pulumi.Input<boolean>;

Whether this filter based firewall rule is currently paused. Boolean value.

property priority

priority?: pulumi.Input<number>;

The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.

property products

products?: pulumi.Input<pulumi.Input<string>[]>;

List of products to bypass for a request when the bypass action is used. Allowed values: “zoneLockdown”, “uaBlock”, “bic”, “hot”, “securityLevel”, “rateLimit”, “waf”.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone to which the Filter should be added.

function getEnv

getEnv(vars: string[]): string | undefined

function getEnvBoolean

getEnvBoolean(vars: string[]): boolean | undefined

function getEnvNumber

getEnvNumber(vars: string[]): number | undefined

interface GetIpRangesResult

interface GetIpRangesResult

A collection of values returned by getIpRanges.

property cidrBlocks

cidrBlocks: string[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ipv4CidrBlocks

ipv4CidrBlocks: string[];

property ipv6CidrBlocks

ipv6CidrBlocks: string[];

function getVersion

getVersion(): string

interface GetWafGroupsArgs

interface GetWafGroupsArgs

A collection of arguments for invoking getWafGroups.

property filter

filter?: inputs.GetWafGroupsFilter;

property packageId

packageId?: undefined | string;

property zoneId

zoneId: string;

interface GetWafGroupsResult

interface GetWafGroupsResult

A collection of values returned by getWafGroups.

property filter

filter?: outputs.GetWafGroupsFilter;

property groups

groups: GetWafGroupsGroup[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property packageId

packageId?: undefined | string;

property zoneId

zoneId: string;

interface GetWafPackagesArgs

interface GetWafPackagesArgs

A collection of arguments for invoking getWafPackages.

property filter

filter?: inputs.GetWafPackagesFilter;

property zoneId

zoneId: string;

interface GetWafPackagesResult

interface GetWafPackagesResult

A collection of values returned by getWafPackages.

property filter

filter?: outputs.GetWafPackagesFilter;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property packages

packages: GetWafPackagesPackage[];

property zoneId

zoneId: string;

interface GetWafRulesArgs

interface GetWafRulesArgs

A collection of arguments for invoking getWafRules.

property filter

filter?: inputs.GetWafRulesFilter;

property packageId

packageId?: undefined | string;

property zoneId

zoneId: string;

interface GetWafRulesResult

interface GetWafRulesResult

A collection of values returned by getWafRules.

property filter

filter?: outputs.GetWafRulesFilter;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property packageId

packageId?: undefined | string;

property rules

rules: GetWafRulesRule[];

property zoneId

zoneId: string;

interface GetZonesArgs

interface GetZonesArgs

A collection of arguments for invoking getZones.

property filter

filter: GetZonesFilter;

interface GetZonesResult

interface GetZonesResult

A collection of values returned by getZones.

property filter

filter: GetZonesFilter;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property zones

zones: GetZonesZone[];

interface HealthcheckArgs

interface HealthcheckArgs

The set of arguments for constructing a Healthcheck resource.

property address

address: pulumi.Input<string>;

The hostname or IP address of the origin server to run health checks on.

property allowInsecure

allowInsecure?: pulumi.Input<boolean>;

Do not validate the certificate when the health check uses HTTPS. Valid values: true or false (Default: false).

property checkRegions

checkRegions?: pulumi.Input<pulumi.Input<string>[]>;

A list of regions from which to run health checks. If not set Cloudflare will pick a default region. Valid values: WNAM, ENAM, WEU, EEU, NSAM, SSAM, OC, ME, NAF, SAF, IN, SEAS, NEAS, ALL_REGIONS.

property consecutiveFails

consecutiveFails?: pulumi.Input<number>;

The number of consecutive fails required from a health check before changing the health to unhealthy. (Default: 1)

property consecutiveSuccesses

consecutiveSuccesses?: pulumi.Input<number>;

The number of consecutive successes required from a health check before changing the health to healthy. (Default: 1)

property description

description?: pulumi.Input<string>;

A human-readable description of the health check.

property expectedBody

expectedBody?: pulumi.Input<string>;

A case-insensitive sub-string to look for in the response body. If this string is not found, the origin will be marked as unhealthy.

property expectedCodes

expectedCodes?: pulumi.Input<pulumi.Input<string>[]>;

The expected HTTP response codes (e.g. “200”) or code ranges (e.g. “2xx” for all codes starting with 2) of the health check. (Default: ["200"])

property followRedirects

followRedirects?: pulumi.Input<boolean>;

Follow redirects if the origin returns a 3xx status code. Valid values: true or false (Default: false).

property headers

headers?: pulumi.Input<pulumi.Input<HealthcheckHeader>[]>;

The header name.

property interval

interval?: pulumi.Input<number>;

The interval between each health check. Shorter intervals may give quicker notifications if the origin status changes, but will increase load on the origin as we check from multiple locations. (Default: 60)

property method

method?: pulumi.Input<string>;

The TCP connection method to use for the health check. Valid values: connectionEstablished (Default: connectionEstablished).

property name

name: pulumi.Input<string>;

A short name to identify the health check. Only alphanumeric characters, hyphens and underscores are allowed.

property notificationEmailAddresses

notificationEmailAddresses?: pulumi.Input<pulumi.Input<string>[]>;

A list of email addresses we want to send the notifications to.

property notificationSuspended

notificationSuspended?: pulumi.Input<boolean>;

Whether the notifications are suspended or not. Useful for maintenance periods. Valid values: true or false (Default: false).

property path

path?: pulumi.Input<string>;

The endpoint path to health check against. (Default: /)

property port

port?: pulumi.Input<number>;

Port number to connect to for the health check. Valid values are in the rage 0-65535 (Default: 80).

property retries

retries?: pulumi.Input<number>;

The number of retries to attempt in case of a timeout before marking the origin as unhealthy. Retries are attempted immediately. (Default: 2)

property suspended

suspended?: pulumi.Input<boolean>;

If suspended, no health checks are sent to the origin. Valid values: true or false (Default: false).

property timeout

timeout?: pulumi.Input<number>;

The timeout (in seconds) before marking the health check as failed. (Default: 5)

property type

type: pulumi.Input<string>;

The protocol to use for the health check. Valid values: HTTP, HTTPS, TCP.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to which apply settings.

interface HealthcheckState

interface HealthcheckState

Input properties used for looking up and filtering Healthcheck resources.

property address

address?: pulumi.Input<string>;

The hostname or IP address of the origin server to run health checks on.

property allowInsecure

allowInsecure?: pulumi.Input<boolean>;

Do not validate the certificate when the health check uses HTTPS. Valid values: true or false (Default: false).

property checkRegions

checkRegions?: pulumi.Input<pulumi.Input<string>[]>;

A list of regions from which to run health checks. If not set Cloudflare will pick a default region. Valid values: WNAM, ENAM, WEU, EEU, NSAM, SSAM, OC, ME, NAF, SAF, IN, SEAS, NEAS, ALL_REGIONS.

property consecutiveFails

consecutiveFails?: pulumi.Input<number>;

The number of consecutive fails required from a health check before changing the health to unhealthy. (Default: 1)

property consecutiveSuccesses

consecutiveSuccesses?: pulumi.Input<number>;

The number of consecutive successes required from a health check before changing the health to healthy. (Default: 1)

property createdOn

createdOn?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

A human-readable description of the health check.

property expectedBody

expectedBody?: pulumi.Input<string>;

A case-insensitive sub-string to look for in the response body. If this string is not found, the origin will be marked as unhealthy.

property expectedCodes

expectedCodes?: pulumi.Input<pulumi.Input<string>[]>;

The expected HTTP response codes (e.g. “200”) or code ranges (e.g. “2xx” for all codes starting with 2) of the health check. (Default: ["200"])

property followRedirects

followRedirects?: pulumi.Input<boolean>;

Follow redirects if the origin returns a 3xx status code. Valid values: true or false (Default: false).

property headers

headers?: pulumi.Input<pulumi.Input<HealthcheckHeader>[]>;

The header name.

property interval

interval?: pulumi.Input<number>;

The interval between each health check. Shorter intervals may give quicker notifications if the origin status changes, but will increase load on the origin as we check from multiple locations. (Default: 60)

property method

method?: pulumi.Input<string>;

The TCP connection method to use for the health check. Valid values: connectionEstablished (Default: connectionEstablished).

property modifiedOn

modifiedOn?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

A short name to identify the health check. Only alphanumeric characters, hyphens and underscores are allowed.

property notificationEmailAddresses

notificationEmailAddresses?: pulumi.Input<pulumi.Input<string>[]>;

A list of email addresses we want to send the notifications to.

property notificationSuspended

notificationSuspended?: pulumi.Input<boolean>;

Whether the notifications are suspended or not. Useful for maintenance periods. Valid values: true or false (Default: false).

property path

path?: pulumi.Input<string>;

The endpoint path to health check against. (Default: /)

property port

port?: pulumi.Input<number>;

Port number to connect to for the health check. Valid values are in the rage 0-65535 (Default: 80).

property retries

retries?: pulumi.Input<number>;

The number of retries to attempt in case of a timeout before marking the origin as unhealthy. Retries are attempted immediately. (Default: 2)

property suspended

suspended?: pulumi.Input<boolean>;

If suspended, no health checks are sent to the origin. Valid values: true or false (Default: false).

property timeout

timeout?: pulumi.Input<number>;

The timeout (in seconds) before marking the health check as failed. (Default: 5)

property type

type?: pulumi.Input<string>;

The protocol to use for the health check. Valid values: HTTP, HTTPS, TCP.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to which apply settings.

interface LoadBalancerArgs

interface LoadBalancerArgs

The set of arguments for constructing a LoadBalancer resource.

property defaultPoolIds

defaultPoolIds: pulumi.Input<pulumi.Input<string>[]>;

A list of pool IDs ordered by their failover priority. Used whenever region/pop pools are not defined.

property description

description?: pulumi.Input<string>;

Free text description.

property enabled

enabled?: pulumi.Input<boolean>;

Enable or disable the load balancer. Defaults to true (enabled).

property fallbackPoolId

fallbackPoolId: pulumi.Input<string>;

The pool ID to use when all other pools are detected as unhealthy.

property name

name: pulumi.Input<string>;

The DNS name (FQDN, including the zone) to associate with the load balancer.

property popPools

popPools?: pulumi.Input<pulumi.Input<LoadBalancerPopPool>[]>;

A set containing mappings of Cloudflare Point-of-Presence (PoP) identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). This feature is only available to enterprise customers. Fields documented below.

property proxied

proxied?: pulumi.Input<boolean>;

Whether the hostname gets Cloudflare’s origin protection. Defaults to false.

property regionPools

regionPools?: pulumi.Input<pulumi.Input<LoadBalancerRegionPool>[]>;

A set containing mappings of region/country codes to a list of pool IDs (ordered by their failover priority) for the given region. Fields documented below.

property sessionAffinity

sessionAffinity?: pulumi.Input<string>;

Associates all requests coming from an end-user with a single origin. Cloudflare will set a cookie on the initial response to the client, such that consequent requests with the cookie in the request will go to the same origin, so long as it is available. Valid values are: "", "none", "cookie", and "ipCookie". Default is "".

property steeringPolicy

steeringPolicy?: pulumi.Input<string>;

Determine which method the load balancer uses to determine the fastest route to your origin. Valid values are: "off", "geo", "dynamicLatency", "random" or "". Default is "".

property ttl

ttl?: pulumi.Input<number>;

Time to live (TTL) of this load balancer’s DNS name. Conflicts with proxied - this cannot be set for proxied load balancers. Default is 30.

property zoneId

zoneId: pulumi.Input<string>;

The zone ID to add the load balancer to.

interface LoadBalancerMonitorArgs

interface LoadBalancerMonitorArgs

The set of arguments for constructing a LoadBalancerMonitor resource.

property allowInsecure

allowInsecure?: pulumi.Input<boolean>;

Do not validate the certificate when monitor use HTTPS. Only valid if type is “http” or “https”.

property description

description?: pulumi.Input<string>;

Free text description.

property expectedBody

expectedBody?: pulumi.Input<string>;

A case-insensitive sub-string to look for in the response body. If this string is not found, the origin will be marked as unhealthy. Only valid if type is “http” or “https”. Default: “”.

property expectedCodes

expectedCodes?: pulumi.Input<string>;

The expected HTTP response code or code range of the health check. Eg 2xx. Only valid and required if type is “http” or “https”.

property followRedirects

followRedirects?: pulumi.Input<boolean>;

Follow redirects if returned by the origin. Only valid if type is “http” or “https”.

property headers

headers?: pulumi.Input<pulumi.Input<LoadBalancerMonitorHeader>[]>;

The header name.

property interval

interval?: pulumi.Input<number>;

The interval between each health check. Shorter intervals may improve failover time, but will increase load on the origins as we check from multiple locations. Default: 60.

property method

method?: pulumi.Input<string>;

The method to use for the health check. Valid values are any valid HTTP verb if type is “http” or “https”, or connectionEstablished if type is “tcp”. Default: “GET” if type is “http” or “https”, or “connectionEstablished” if type is “tcp” .

property path

path?: pulumi.Input<string>;

The endpoint path to health check against. Default: “/”. Only valid if type is “http” or “https”.

property port

port?: pulumi.Input<number>;

property retries

retries?: pulumi.Input<number>;

The number of retries to attempt in case of a timeout before marking the origin as unhealthy. Retries are attempted immediately. Default: 2.

property timeout

timeout?: pulumi.Input<number>;

The timeout (in seconds) before marking the health check as failed. Default: 5.

property type

type?: pulumi.Input<string>;

The protocol to use for the healthcheck. Currently supported protocols are ‘HTTP’, ‘HTTPS’ and ‘TCP’. Default: “http”.

interface LoadBalancerMonitorState

interface LoadBalancerMonitorState

Input properties used for looking up and filtering LoadBalancerMonitor resources.

property allowInsecure

allowInsecure?: pulumi.Input<boolean>;

Do not validate the certificate when monitor use HTTPS. Only valid if type is “http” or “https”.

property createdOn

createdOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the load balancer monitor was created.

property description

description?: pulumi.Input<string>;

Free text description.

property expectedBody

expectedBody?: pulumi.Input<string>;

A case-insensitive sub-string to look for in the response body. If this string is not found, the origin will be marked as unhealthy. Only valid if type is “http” or “https”. Default: “”.

property expectedCodes

expectedCodes?: pulumi.Input<string>;

The expected HTTP response code or code range of the health check. Eg 2xx. Only valid and required if type is “http” or “https”.

property followRedirects

followRedirects?: pulumi.Input<boolean>;

Follow redirects if returned by the origin. Only valid if type is “http” or “https”.

property headers

headers?: pulumi.Input<pulumi.Input<LoadBalancerMonitorHeader>[]>;

The header name.

property interval

interval?: pulumi.Input<number>;

The interval between each health check. Shorter intervals may improve failover time, but will increase load on the origins as we check from multiple locations. Default: 60.

property method

method?: pulumi.Input<string>;

The method to use for the health check. Valid values are any valid HTTP verb if type is “http” or “https”, or connectionEstablished if type is “tcp”. Default: “GET” if type is “http” or “https”, or “connectionEstablished” if type is “tcp” .

property modifiedOn

modifiedOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the load balancer monitor was last modified.

property path

path?: pulumi.Input<string>;

The endpoint path to health check against. Default: “/”. Only valid if type is “http” or “https”.

property port

port?: pulumi.Input<number>;

property retries

retries?: pulumi.Input<number>;

The number of retries to attempt in case of a timeout before marking the origin as unhealthy. Retries are attempted immediately. Default: 2.

property timeout

timeout?: pulumi.Input<number>;

The timeout (in seconds) before marking the health check as failed. Default: 5.

property type

type?: pulumi.Input<string>;

The protocol to use for the healthcheck. Currently supported protocols are ‘HTTP’, ‘HTTPS’ and ‘TCP’. Default: “http”.

interface LoadBalancerPoolArgs

interface LoadBalancerPoolArgs

The set of arguments for constructing a LoadBalancerPool resource.

property checkRegions

checkRegions?: pulumi.Input<pulumi.Input<string>[]>;

A list of regions (specified by region code) from which to run health checks. Empty means every Cloudflare data center (the default), but requires an Enterprise plan. Region codes can be found here.

property description

description?: pulumi.Input<string>;

Free text description.

property enabled

enabled?: pulumi.Input<boolean>;

Whether to enable (the default) this origin within the Pool. Disabled origins will not receive traffic and are excluded from health checks. The origin will only be disabled for the current pool.

property minimumOrigins

minimumOrigins?: pulumi.Input<number>;

The minimum number of origins that must be healthy for this pool to serve traffic. If the number of healthy origins falls below this number, the pool will be marked unhealthy and we will failover to the next available pool. Default: 1.

property monitor

monitor?: pulumi.Input<string>;

The ID of the Monitor to use for health checking origins within this pool.

property name

name: pulumi.Input<string>;

A human-identifiable name for the origin.

property notificationEmail

notificationEmail?: pulumi.Input<string>;

The email address to send health status notifications to. This can be an individual mailbox or a mailing list. Multiple emails can be supplied as a comma delimited list.

property origins

origins: pulumi.Input<pulumi.Input<LoadBalancerPoolOrigin>[]>;

The list of origins within this pool. Traffic directed at this pool is balanced across all currently healthy origins, provided the pool itself is healthy. It’s a complex value. See description below.

interface LoadBalancerPoolState

interface LoadBalancerPoolState

Input properties used for looking up and filtering LoadBalancerPool resources.

property checkRegions

checkRegions?: pulumi.Input<pulumi.Input<string>[]>;

A list of regions (specified by region code) from which to run health checks. Empty means every Cloudflare data center (the default), but requires an Enterprise plan. Region codes can be found here.

property createdOn

createdOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the load balancer was created.

property description

description?: pulumi.Input<string>;

Free text description.

property enabled

enabled?: pulumi.Input<boolean>;

Whether to enable (the default) this origin within the Pool. Disabled origins will not receive traffic and are excluded from health checks. The origin will only be disabled for the current pool.

property minimumOrigins

minimumOrigins?: pulumi.Input<number>;

The minimum number of origins that must be healthy for this pool to serve traffic. If the number of healthy origins falls below this number, the pool will be marked unhealthy and we will failover to the next available pool. Default: 1.

property modifiedOn

modifiedOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the load balancer was last modified.

property monitor

monitor?: pulumi.Input<string>;

The ID of the Monitor to use for health checking origins within this pool.

property name

name?: pulumi.Input<string>;

A human-identifiable name for the origin.

property notificationEmail

notificationEmail?: pulumi.Input<string>;

The email address to send health status notifications to. This can be an individual mailbox or a mailing list. Multiple emails can be supplied as a comma delimited list.

property origins

origins?: pulumi.Input<pulumi.Input<LoadBalancerPoolOrigin>[]>;

The list of origins within this pool. Traffic directed at this pool is balanced across all currently healthy origins, provided the pool itself is healthy. It’s a complex value. See description below.

interface LoadBalancerState

interface LoadBalancerState

Input properties used for looking up and filtering LoadBalancer resources.

property createdOn

createdOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the load balancer was created.

property defaultPoolIds

defaultPoolIds?: pulumi.Input<pulumi.Input<string>[]>;

A list of pool IDs ordered by their failover priority. Used whenever region/pop pools are not defined.

property description

description?: pulumi.Input<string>;

Free text description.

property enabled

enabled?: pulumi.Input<boolean>;

Enable or disable the load balancer. Defaults to true (enabled).

property fallbackPoolId

fallbackPoolId?: pulumi.Input<string>;

The pool ID to use when all other pools are detected as unhealthy.

property modifiedOn

modifiedOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the load balancer was last modified.

property name

name?: pulumi.Input<string>;

The DNS name (FQDN, including the zone) to associate with the load balancer.

property popPools

popPools?: pulumi.Input<pulumi.Input<LoadBalancerPopPool>[]>;

A set containing mappings of Cloudflare Point-of-Presence (PoP) identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). This feature is only available to enterprise customers. Fields documented below.

property proxied

proxied?: pulumi.Input<boolean>;

Whether the hostname gets Cloudflare’s origin protection. Defaults to false.

property regionPools

regionPools?: pulumi.Input<pulumi.Input<LoadBalancerRegionPool>[]>;

A set containing mappings of region/country codes to a list of pool IDs (ordered by their failover priority) for the given region. Fields documented below.

property sessionAffinity

sessionAffinity?: pulumi.Input<string>;

Associates all requests coming from an end-user with a single origin. Cloudflare will set a cookie on the initial response to the client, such that consequent requests with the cookie in the request will go to the same origin, so long as it is available. Valid values are: "", "none", "cookie", and "ipCookie". Default is "".

property steeringPolicy

steeringPolicy?: pulumi.Input<string>;

Determine which method the load balancer uses to determine the fastest route to your origin. Valid values are: "off", "geo", "dynamicLatency", "random" or "". Default is "".

property ttl

ttl?: pulumi.Input<number>;

Time to live (TTL) of this load balancer’s DNS name. Conflicts with proxied - this cannot be set for proxied load balancers. Default is 30.

property zoneId

zoneId?: pulumi.Input<string>;

The zone ID to add the load balancer to.

interface LogpullRetentionArgs

interface LogpullRetentionArgs

The set of arguments for constructing a LogpullRetention resource.

property enabled

enabled: pulumi.Input<boolean>;

Whether you wish to retain logs or not.

property zoneId

zoneId: pulumi.Input<string>;

The zone ID to apply the log retention to.

interface LogpullRetentionState

interface LogpullRetentionState

Input properties used for looking up and filtering LogpullRetention resources.

property enabled

enabled?: pulumi.Input<boolean>;

Whether you wish to retain logs or not.

property zoneId

zoneId?: pulumi.Input<string>;

The zone ID to apply the log retention to.

interface LogpushJobArgs

interface LogpushJobArgs

The set of arguments for constructing a LogpushJob resource.

property dataset

dataset: pulumi.Input<string>;

Which type of dataset resource to use. Available values are "firewallEvents", "httpRequests", and "spectrumEvents".

property destinationConf

destinationConf: pulumi.Input<string>;

Uniquely identifies a resource (such as an s3 bucket) where data will be pushed. Additional configuration parameters supported by the destination may be included. See Logpush destination documentation.

property enabled

enabled?: pulumi.Input<boolean>;

property logpullOptions

logpullOptions?: pulumi.Input<string>;

Configuration string for the Logshare API. It specifies things like requested fields and timestamp formats. See Logpull options documentation.

property name

name?: pulumi.Input<string>;

The name of the logpush job to create. Must match the regular expression ^[a-zA-Z0-9\-\.]*$.

property ownershipChallenge

ownershipChallenge: pulumi.Input<string>;

Ownership challenge token to prove destination ownership. See Developer documentation.

property zoneId

zoneId: pulumi.Input<string>;

The zone ID where the logpush job should be created.

interface LogpushJobState

interface LogpushJobState

Input properties used for looking up and filtering LogpushJob resources.

property dataset

dataset?: pulumi.Input<string>;

Which type of dataset resource to use. Available values are "firewallEvents", "httpRequests", and "spectrumEvents".

property destinationConf

destinationConf?: pulumi.Input<string>;

Uniquely identifies a resource (such as an s3 bucket) where data will be pushed. Additional configuration parameters supported by the destination may be included. See Logpush destination documentation.

property enabled

enabled?: pulumi.Input<boolean>;

property logpullOptions

logpullOptions?: pulumi.Input<string>;

Configuration string for the Logshare API. It specifies things like requested fields and timestamp formats. See Logpull options documentation.

property name

name?: pulumi.Input<string>;

The name of the logpush job to create. Must match the regular expression ^[a-zA-Z0-9\-\.]*$.

property ownershipChallenge

ownershipChallenge?: pulumi.Input<string>;

Ownership challenge token to prove destination ownership. See Developer documentation.

property zoneId

zoneId?: pulumi.Input<string>;

The zone ID where the logpush job should be created.

interface OriginCaCertificateArgs

interface OriginCaCertificateArgs

The set of arguments for constructing a OriginCaCertificate resource.

property csr

csr: pulumi.Input<string>;

The Certificate Signing Request. Must be newline-encoded.

property hostnames

hostnames: pulumi.Input<pulumi.Input<string>[]>;

An array of hostnames or wildcard names bound to the certificate.

property requestType

requestType: pulumi.Input<string>;

The signature type desired on the certificate.

property requestedValidity

requestedValidity?: pulumi.Input<number>;

The number of days for which the certificate should be valid.

interface OriginCaCertificateState

interface OriginCaCertificateState

Input properties used for looking up and filtering OriginCaCertificate resources.

property certificate

certificate?: pulumi.Input<string>;

The Origin CA certificate

property csr

csr?: pulumi.Input<string>;

The Certificate Signing Request. Must be newline-encoded.

property expiresOn

expiresOn?: pulumi.Input<string>;

The datetime when the certificate will expire.

property hostnames

hostnames?: pulumi.Input<pulumi.Input<string>[]>;

An array of hostnames or wildcard names bound to the certificate.

property requestType

requestType?: pulumi.Input<string>;

The signature type desired on the certificate.

property requestedValidity

requestedValidity?: pulumi.Input<number>;

The number of days for which the certificate should be valid.

interface PageRuleArgs

interface PageRuleArgs

The set of arguments for constructing a PageRule resource.

property actions

actions: pulumi.Input<PageRuleActions>;

The actions taken by the page rule, options given below.

property priority

priority?: pulumi.Input<number>;

The priority of the page rule among others for this target, the higher the number the higher the priority as per API documentation.

property status

status?: pulumi.Input<string>;

Whether the page rule is active or disabled.

property target

target: pulumi.Input<string>;

The URL pattern to target with the page rule.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to which the page rule should be added.

interface PageRuleState

interface PageRuleState

Input properties used for looking up and filtering PageRule resources.

property actions

actions?: pulumi.Input<PageRuleActions>;

The actions taken by the page rule, options given below.

property priority

priority?: pulumi.Input<number>;

The priority of the page rule among others for this target, the higher the number the higher the priority as per API documentation.

property status

status?: pulumi.Input<string>;

Whether the page rule is active or disabled.

property target

target?: pulumi.Input<string>;

The URL pattern to target with the page rule.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to which the page rule should be added.

interface ProviderArgs

interface ProviderArgs

The set of arguments for constructing a Provider resource.

property accountId

accountId?: pulumi.Input<string>;

Configure API client to always use that account.

property apiClientLogging

apiClientLogging?: pulumi.Input<boolean>;

Whether to print logs from the API client (using the default log library logger)

property apiKey

apiKey?: pulumi.Input<string>;

The API key for operations.

property apiToken

apiToken?: pulumi.Input<string>;

The API Token for operations.

property apiUserServiceKey

apiUserServiceKey?: pulumi.Input<string>;

A special Cloudflare API key good for a restricted set of endpoints.

property email

email?: pulumi.Input<string>;

A registered Cloudflare email address.

property maxBackoff

maxBackoff?: pulumi.Input<number>;

Maximum backoff period in seconds after failed API calls

property minBackoff

minBackoff?: pulumi.Input<number>;

Minimum backoff period in seconds after failed API calls

property retries

retries?: pulumi.Input<number>;

Maximum number of retries to perform when an API request fails

property rps

rps?: pulumi.Input<number>;

RPS limit to apply when making calls to the API

interface RateLimitArgs

interface RateLimitArgs

The set of arguments for constructing a RateLimit resource.

property action

action: pulumi.Input<RateLimitAction>;

The action to be performed when the threshold of matched traffic within the period defined is exceeded.

property bypassUrlPatterns

bypassUrlPatterns?: pulumi.Input<pulumi.Input<string>[]>;

URLs matching the patterns specified here will be excluded from rate limiting.

property correlate

correlate?: pulumi.Input<RateLimitCorrelate>;

Determines how rate limiting is applied. By default if not specified, rate limiting applies to the clients IP address.

property description

description?: pulumi.Input<string>;

A note that you can use to describe the reason for a rate limit. This value is sanitized and all tags are removed.

property disabled

disabled?: pulumi.Input<boolean>;

Whether this ratelimit is currently disabled. Default: false.

property match

match?: pulumi.Input<RateLimitMatch>;

Determines which traffic the rate limit counts towards the threshold. By default matches all traffic in the zone. See definition below.

property period

period: pulumi.Input<number>;

The time in seconds to count matching traffic. If the count exceeds threshold within this period the action will be performed (min: 1, max: 86,400).

property threshold

threshold: pulumi.Input<number>;

The threshold that triggers the rate limit mitigations, combine with period. i.e. threshold per period (min: 2, max: 1,000,000).

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to apply rate limiting to.

interface RateLimitState

interface RateLimitState

Input properties used for looking up and filtering RateLimit resources.

property action

action?: pulumi.Input<RateLimitAction>;

The action to be performed when the threshold of matched traffic within the period defined is exceeded.

property bypassUrlPatterns

bypassUrlPatterns?: pulumi.Input<pulumi.Input<string>[]>;

URLs matching the patterns specified here will be excluded from rate limiting.

property correlate

correlate?: pulumi.Input<RateLimitCorrelate>;

Determines how rate limiting is applied. By default if not specified, rate limiting applies to the clients IP address.

property description

description?: pulumi.Input<string>;

A note that you can use to describe the reason for a rate limit. This value is sanitized and all tags are removed.

property disabled

disabled?: pulumi.Input<boolean>;

Whether this ratelimit is currently disabled. Default: false.

property match

match?: pulumi.Input<RateLimitMatch>;

Determines which traffic the rate limit counts towards the threshold. By default matches all traffic in the zone. See definition below.

property period

period?: pulumi.Input<number>;

The time in seconds to count matching traffic. If the count exceeds threshold within this period the action will be performed (min: 1, max: 86,400).

property threshold

threshold?: pulumi.Input<number>;

The threshold that triggers the rate limit mitigations, combine with period. i.e. threshold per period (min: 2, max: 1,000,000).

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to apply rate limiting to.

interface RecordArgs

interface RecordArgs

The set of arguments for constructing a Record resource.

property data

data?: pulumi.Input<RecordData>;

Map of attributes that constitute the record value. Primarily used for LOC and SRV record types. Either this or value must be specified

property name

name: pulumi.Input<string>;

The name of the record

property priority

priority?: pulumi.Input<number>;

The priority of the record

property proxied

proxied?: pulumi.Input<boolean>;

Whether the record gets Cloudflare’s origin protection; defaults to false.

property ttl

ttl?: pulumi.Input<number>;

The TTL of the record (automatic: ‘1’)

property type

type: pulumi.Input<string>;

The type of the record

property value

value?: pulumi.Input<string>;

The (string) value of the record. Either this or data must be specified

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to add the record to

interface RecordState

interface RecordState

Input properties used for looking up and filtering Record resources.

property createdOn

createdOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the record was created

property data

data?: pulumi.Input<RecordData>;

Map of attributes that constitute the record value. Primarily used for LOC and SRV record types. Either this or value must be specified

property hostname

hostname?: pulumi.Input<string>;

The FQDN of the record

property metadata

metadata?: pulumi.Input<{[key: string]: any}>;

A key-value map of string metadata Cloudflare associates with the record

property modifiedOn

modifiedOn?: pulumi.Input<string>;

The RFC3339 timestamp of when the record was last modified

property name

name?: pulumi.Input<string>;

The name of the record

property priority

priority?: pulumi.Input<number>;

The priority of the record

property proxiable

proxiable?: pulumi.Input<boolean>;

Shows whether this record can be proxied, must be true if setting proxied=true

property proxied

proxied?: pulumi.Input<boolean>;

Whether the record gets Cloudflare’s origin protection; defaults to false.

property ttl

ttl?: pulumi.Input<number>;

The TTL of the record (automatic: ‘1’)

property type

type?: pulumi.Input<string>;

The type of the record

property value

value?: pulumi.Input<string>;

The (string) value of the record. Either this or data must be specified

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to add the record to

interface SpectrumApplicationArgs

interface SpectrumApplicationArgs

The set of arguments for constructing a SpectrumApplication resource.

property argoSmartRouting

argoSmartRouting?: pulumi.Input<boolean>;

. Enables Argo Smart Routing. Defaults to false.

property dns

dns: pulumi.Input<SpectrumApplicationDns>;

The name and type of DNS record for the Spectrum application. Fields documented below.

property edgeIpConnectivity

edgeIpConnectivity?: pulumi.Input<string>;

. Choose which types of IP addresses will be provisioned for this subdomain. Valid values are: all, ipv4, ipv6. Defaults to all.

property edgeIps

edgeIps?: pulumi.Input<pulumi.Input<string>[]>;

. A list of edge IPs (IPv4 and/or IPv6) to configure Spectrum application to. Requires Bring Your Own IP provisioned.

property ipFirewall

ipFirewall?: pulumi.Input<boolean>;

Enables the IP Firewall for this application. Defaults to true.

property originDirects

originDirects?: pulumi.Input<pulumi.Input<string>[]>;

A list of destination addresses to the origin. e.g. tcp://192.0.2.1:22.

property originDns

originDns?: pulumi.Input<SpectrumApplicationOriginDns>;

A destination DNS addresses to the origin. Fields documented below.

property originPort

originPort?: pulumi.Input<number>;

If using originDns this is a required attribute. Origin port to proxy traffice to e.g. 22.

property protocol

protocol: pulumi.Input<string>;

The port configuration at Cloudflare’s edge. e.g. tcp/22.

property proxyProtocol

proxyProtocol?: pulumi.Input<string>;

Enables a proxy protocol to the origin. Valid values are: off, v1, v2, and simple. Defaults to off.

property tls

tls?: pulumi.Input<string>;

TLS configuration option for Cloudflare to connect to your origin. Valid values are: off, flexible, full and strict. Defaults to off.

property trafficType

trafficType?: pulumi.Input<string>;

Sets application type. Valid values are: direct, http, https. Defaults to direct.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to add the application to

interface SpectrumApplicationState

interface SpectrumApplicationState

Input properties used for looking up and filtering SpectrumApplication resources.

property argoSmartRouting

argoSmartRouting?: pulumi.Input<boolean>;

. Enables Argo Smart Routing. Defaults to false.

property dns

dns?: pulumi.Input<SpectrumApplicationDns>;

The name and type of DNS record for the Spectrum application. Fields documented below.

property edgeIpConnectivity

edgeIpConnectivity?: pulumi.Input<string>;

. Choose which types of IP addresses will be provisioned for this subdomain. Valid values are: all, ipv4, ipv6. Defaults to all.

property edgeIps

edgeIps?: pulumi.Input<pulumi.Input<string>[]>;

. A list of edge IPs (IPv4 and/or IPv6) to configure Spectrum application to. Requires Bring Your Own IP provisioned.

property ipFirewall

ipFirewall?: pulumi.Input<boolean>;

Enables the IP Firewall for this application. Defaults to true.

property originDirects

originDirects?: pulumi.Input<pulumi.Input<string>[]>;

A list of destination addresses to the origin. e.g. tcp://192.0.2.1:22.

property originDns

originDns?: pulumi.Input<SpectrumApplicationOriginDns>;

A destination DNS addresses to the origin. Fields documented below.

property originPort

originPort?: pulumi.Input<number>;

If using originDns this is a required attribute. Origin port to proxy traffice to e.g. 22.

property protocol

protocol?: pulumi.Input<string>;

The port configuration at Cloudflare’s edge. e.g. tcp/22.

property proxyProtocol

proxyProtocol?: pulumi.Input<string>;

Enables a proxy protocol to the origin. Valid values are: off, v1, v2, and simple. Defaults to off.

property tls

tls?: pulumi.Input<string>;

TLS configuration option for Cloudflare to connect to your origin. Valid values are: off, flexible, full and strict. Defaults to off.

property trafficType

trafficType?: pulumi.Input<string>;

Sets application type. Valid values are: direct, http, https. Defaults to direct.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to add the application to

interface WafGroupArgs

interface WafGroupArgs

The set of arguments for constructing a WafGroup resource.

property groupId

groupId: pulumi.Input<string>;

The WAF Rule Group ID.

property mode

mode?: pulumi.Input<string>;

The mode of the group, can be one of [“on”, “off”].

property packageId

packageId?: pulumi.Input<string>;

The ID of the WAF Rule Package that contains the group.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to apply to.

interface WafGroupState

interface WafGroupState

Input properties used for looking up and filtering WafGroup resources.

property groupId

groupId?: pulumi.Input<string>;

The WAF Rule Group ID.

property mode

mode?: pulumi.Input<string>;

The mode of the group, can be one of [“on”, “off”].

property packageId

packageId?: pulumi.Input<string>;

The ID of the WAF Rule Package that contains the group.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to apply to.

interface WafPackageArgs

interface WafPackageArgs

The set of arguments for constructing a WafPackage resource.

property actionMode

actionMode?: pulumi.Input<string>;

The action mode of the package, can be one of [“block”, “challenge”, “simulate”].

property packageId

packageId: pulumi.Input<string>;

The WAF Package ID.

property sensitivity

sensitivity?: pulumi.Input<string>;

The sensitivity of the package, can be one of [“high”, “medium”, “low”, “off”].

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to apply to.

interface WafPackageState

interface WafPackageState

Input properties used for looking up and filtering WafPackage resources.

property actionMode

actionMode?: pulumi.Input<string>;

The action mode of the package, can be one of [“block”, “challenge”, “simulate”].

property packageId

packageId?: pulumi.Input<string>;

The WAF Package ID.

property sensitivity

sensitivity?: pulumi.Input<string>;

The sensitivity of the package, can be one of [“high”, “medium”, “low”, “off”].

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to apply to.

interface WafRuleArgs

interface WafRuleArgs

The set of arguments for constructing a WafRule resource.

property mode

mode: pulumi.Input<string>;

The mode of the rule, can be one of [“block”, “challenge”, “default”, “disable”, “simulate”].

property packageId

packageId?: pulumi.Input<string>;

The ID of the WAF Rule Package that contains the rule.

property ruleId

ruleId: pulumi.Input<string>;

The WAF Rule ID.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to apply to.

interface WafRuleState

interface WafRuleState

Input properties used for looking up and filtering WafRule resources.

property groupId

groupId?: pulumi.Input<string>;

The ID of the WAF Rule Group that contains the rule.

property mode

mode?: pulumi.Input<string>;

The mode of the rule, can be one of [“block”, “challenge”, “default”, “disable”, “simulate”].

property packageId

packageId?: pulumi.Input<string>;

The ID of the WAF Rule Package that contains the rule.

property ruleId

ruleId?: pulumi.Input<string>;

The WAF Rule ID.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to apply to.

interface WorkerRouteArgs

interface WorkerRouteArgs

The set of arguments for constructing a WorkerRoute resource.

property pattern

pattern: pulumi.Input<string>;

The route pattern

property scriptName

scriptName?: pulumi.Input<string>;

Which worker script to run for requests that match the route pattern. If scriptName is empty, workers will be skipped for matching requests.

property zoneId

zoneId: pulumi.Input<string>;

The zone ID to add the route to.

interface WorkerRouteState

interface WorkerRouteState

Input properties used for looking up and filtering WorkerRoute resources.

property pattern

pattern?: pulumi.Input<string>;

The route pattern

property scriptName

scriptName?: pulumi.Input<string>;

Which worker script to run for requests that match the route pattern. If scriptName is empty, workers will be skipped for matching requests.

property zoneId

zoneId?: pulumi.Input<string>;

The zone ID to add the route to.

interface WorkerScriptArgs

interface WorkerScriptArgs

The set of arguments for constructing a WorkerScript resource.

property content

content: pulumi.Input<string>;

The script content.

property kvNamespaceBindings

kvNamespaceBindings?: pulumi.Input<pulumi.Input<WorkerScriptKvNamespaceBinding>[]>;

property name

name: pulumi.Input<string>;

The name for the binding.

interface WorkerScriptState

interface WorkerScriptState

Input properties used for looking up and filtering WorkerScript resources.

property content

content?: pulumi.Input<string>;

The script content.

property kvNamespaceBindings

kvNamespaceBindings?: pulumi.Input<pulumi.Input<WorkerScriptKvNamespaceBinding>[]>;

property name

name?: pulumi.Input<string>;

The name for the binding.

interface WorkersKvArgs

interface WorkersKvArgs

The set of arguments for constructing a WorkersKv resource.

property key

key: pulumi.Input<string>;

The key name

property namespaceId

namespaceId: pulumi.Input<string>;

The ID of the Workers KV namespace in which you want to create the KV pair

property value

value: pulumi.Input<string>;

The string value to be stored in the key

interface WorkersKvNamespaceArgs

interface WorkersKvNamespaceArgs

The set of arguments for constructing a WorkersKvNamespace resource.

property title

title: pulumi.Input<string>;

The name of the namespace you wish to create.

interface WorkersKvNamespaceState

interface WorkersKvNamespaceState

Input properties used for looking up and filtering WorkersKvNamespace resources.

property title

title?: pulumi.Input<string>;

The name of the namespace you wish to create.

interface WorkersKvState

interface WorkersKvState

Input properties used for looking up and filtering WorkersKv resources.

property key

key?: pulumi.Input<string>;

The key name

property namespaceId

namespaceId?: pulumi.Input<string>;

The ID of the Workers KV namespace in which you want to create the KV pair

property value

value?: pulumi.Input<string>;

The string value to be stored in the key

interface ZoneArgs

interface ZoneArgs

The set of arguments for constructing a Zone resource.

property jumpStart

jumpStart?: pulumi.Input<boolean>;

Boolean of whether to scan for DNS records on creation. Ignored after zone is created. Default: false.

property paused

paused?: pulumi.Input<boolean>;

Boolean of whether this zone is paused (traffic bypasses Cloudflare). Default: false.

property plan

plan?: pulumi.Input<string>;

The name of the commercial plan to apply to the zone, can be updated once the one is created; one of free, pro, business, enterprise.

property type

type?: pulumi.Input<string>;

A full zone implies that DNS is hosted with Cloudflare. A partial zone is typically a partner-hosted zone or a CNAME setup. Valid values: full, partial. Default is full.

property zone

zone: pulumi.Input<string>;

The DNS zone name which will be added.

interface ZoneLockdownArgs

interface ZoneLockdownArgs

The set of arguments for constructing a ZoneLockdown resource.

property configurations

configurations: pulumi.Input<pulumi.Input<ZoneLockdownConfiguration>[]>;

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

property description

description?: pulumi.Input<string>;

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

property paused

paused?: pulumi.Input<boolean>;

Boolean of whether this zone lockdown is currently paused. Default: false.

property priority

priority?: pulumi.Input<number>;

property urls

urls: pulumi.Input<pulumi.Input<string>[]>;

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to which the access rule should be added.

interface ZoneLockdownState

interface ZoneLockdownState

Input properties used for looking up and filtering ZoneLockdown resources.

property configurations

configurations?: pulumi.Input<pulumi.Input<ZoneLockdownConfiguration>[]>;

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

property description

description?: pulumi.Input<string>;

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

property paused

paused?: pulumi.Input<boolean>;

Boolean of whether this zone lockdown is currently paused. Default: false.

property priority

priority?: pulumi.Input<number>;

property urls

urls?: pulumi.Input<pulumi.Input<string>[]>;

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to which the access rule should be added.

interface ZoneSettingsOverrideArgs

interface ZoneSettingsOverrideArgs

The set of arguments for constructing a ZoneSettingsOverride resource.

property settings

settings?: pulumi.Input<ZoneSettingsOverrideSettings>;

Settings overrides that will be applied to the zone. If a setting is not specified the existing setting will be used. For a full list of available settings see below.

property zoneId

zoneId: pulumi.Input<string>;

The DNS zone ID to which apply settings.

interface ZoneSettingsOverrideState

interface ZoneSettingsOverrideState

Input properties used for looking up and filtering ZoneSettingsOverride resources.

property initialSettings

initialSettings?: pulumi.Input<ZoneSettingsOverrideInitialSettings>;

Settings present in the zone at the time the resource is created. This will be used to restore the original settings when this resource is destroyed. Shares the same schema as the settings attribute (Above).

property initialSettingsReadAt

initialSettingsReadAt?: pulumi.Input<string>;

property readonlySettings

readonlySettings?: pulumi.Input<pulumi.Input<string>[]>;

Which of the current settings are not able to be set by the user. Which settings these are is determined by plan level and user permissions. * zoneStatus. A full zone implies that DNS is hosted with Cloudflare. A partial zone is typically a partner-hosted zone or a CNAME setup. * zoneType. Status of the zone. Valid values: active, pending, initializing, moved, deleted, deactivated.

property settings

settings?: pulumi.Input<ZoneSettingsOverrideSettings>;

Settings overrides that will be applied to the zone. If a setting is not specified the existing setting will be used. For a full list of available settings see below.

property zoneId

zoneId?: pulumi.Input<string>;

The DNS zone ID to which apply settings.

property zoneStatus

zoneStatus?: pulumi.Input<string>;

property zoneType

zoneType?: pulumi.Input<string>;

interface ZoneState

interface ZoneState

Input properties used for looking up and filtering Zone resources.

property jumpStart

jumpStart?: pulumi.Input<boolean>;

Boolean of whether to scan for DNS records on creation. Ignored after zone is created. Default: false.

property meta

meta?: pulumi.Input<ZoneMeta>;

property nameServers

nameServers?: pulumi.Input<pulumi.Input<string>[]>;

Cloudflare-assigned name servers. This is only populated for zones that use Cloudflare DNS.

property paused

paused?: pulumi.Input<boolean>;

Boolean of whether this zone is paused (traffic bypasses Cloudflare). Default: false.

property plan

plan?: pulumi.Input<string>;

The name of the commercial plan to apply to the zone, can be updated once the one is created; one of free, pro, business, enterprise.

property status

status?: pulumi.Input<string>;

Status of the zone. Valid values: active, pending, initializing, moved, deleted, deactivated.

property type

type?: pulumi.Input<string>;

A full zone implies that DNS is hosted with Cloudflare. A partial zone is typically a partner-hosted zone or a CNAME setup. Valid values: full, partial. Default is full.

property vanityNameServers

vanityNameServers?: pulumi.Input<pulumi.Input<string>[]>;

List of Vanity Nameservers (if set). * meta.wildcard_proxiable - Indicates whether wildcard DNS records can receive Cloudflare security and performance features. * meta.phishing_detected - Indicates if URLs on the zone have been identified as hosting phishing content.

property verificationKey

verificationKey?: pulumi.Input<string>;

Contains the TXT record value to validate domain ownership. This is only populated for zones of type partial.

property zone

zone?: pulumi.Input<string>;

The DNS zone name which will be added.