README.md

Cloudflare Source IPs AWS Security Group Ingress

This terraform module populates an AWS security group ingress rules with Cloudflare source IPs. By default module only allows access for 443/tcp (https), but additional ports can be added.

The Cloudflare provider requires an API. The IP lookup doesn't use the token to featch the values. Using export CLOUDFLARE_API_TOKEN="YQSn-xWAQiiEh9qM58wZNnyQS7FUdoqGIUAbrh7T" works. This invalid token that passes validation lifted from Cloudflare docs.

---

Requirements

Name	Version
terraform	>= 1.0.0
aws	~> 3.67.0
cloudflare	~> 3.4.0

Providers

Name	Version
aws	~> 3.67.0
cloudflare	~> 3.4.0

Inputs

Name	Description	Type	Default	Required
vpc_id	The ID of the VPC to place the security group within	string	n/a	yes
additional_ports	Any additional tcp ports that should be addred to the egress rules	list(number)	[]	no
name	The name of the security group	string	""	no
tags	The tags to apply to the security group and rules	map(any)	{}	no

Outputs

Name	Description
security_group	AWS security group containing ingress rules for Cloudflare services

Modules

No modules.

Resources

Name	Type
aws_security_group.this	resource
aws_security_group_rule.ingress_tcp	resource
cloudflare_ip_ranges.cloudflare	data source