Skip to content

brainsik/terraform-cloudflare-dns-caa

BranchesTags

Repository files navigation

terraform-cloudflare-dns-caa

Create Cloudflare DNS CAA records.

The Zone ID can be found on the Cloudflare overview page for the domain you want to add records to.

Cloudflare v4

The latest version of this module supports the Cloudflare v5 provider. In order to use Cloudflare v4 (which changed the name of the resource used to create DNS records), pin to v2 of this module:

  source  = "brainsik/dns-caa/cloudflare"
  version = "~> 2"

Usage

To create a root example.com CAA record saying Let's Encrypt can issue hostname certificates and no CA can issue wildcards:

module "example_com_caa" {
  source = "brainsik/dns-caa/cloudflare"

  zone_id   = "313372600deadcodebea5751993defc0"
  name      = "example.com"
  issue     = ["letsencrypt.org"]
  issuewild = [";"]
}

The same record, but with ACME CAA Account and Method Bindings:

module "example_com_caa" {
  source = "brainsik/dns-caa/cloudflare"

  zone_id   = "313372600deadcodebea5751993defc0"
  name      = "example.com"
  issue     = ["letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/123456789; validationmethods=http-01"]
  issuewild = [";"]
}

To create a root example.com CAA record saying both Let's Encrypt and ZeroSSL can issue hostname certificates and no CA can issue wildcards:

module "example_com_caa" {
  source = "brainsik/dns-caa/cloudflare"

  zone_id   = "313372600deadcodebea5751993defc0"
  name      = "example.com"
  issue     = ["letsencrypt.org", "sectigo.com"]
  issuewild = [";"]
}

Requirements

Name Version
terraform >= 1.0
cloudflare >= 5

Providers

Name Version
cloudflare >= 5

Modules

No modules.

Resources

Name Type
cloudflare_dns_record.caa_iodef resource
cloudflare_dns_record.caa_issue resource
cloudflare_dns_record.caa_issuewild resource

Inputs

Name Description Type Default Required
iodef URL to send violation reports to set(string) [] no
issue Domain name of CA that can issue certificates for specific hostnames set(string) [] no
issuewild Domain name of CA that can issue wildcard certificates set(string) [] no
name The name of the record string n/a yes
zone_id The Cloudflare DNS zone ID to add the record to string n/a yes

Outputs

No outputs.

About

Create Cloudflare DNS CAA records

search.opentofu.org/module/brainsik/dns-caa/cloudflare/latest

Topics

dns terraform cloudflare terraform-modules caa opentofu opentofu-modules

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v2.1.1 Latest
Feb 6, 2025

Languages