Manage API Shield with Terraform

Get started with API Shield using Terraform from the examples below. For more information on how to use Terraform with Cloudflare, refer to the Terraform documentation.

The following resources are available to configure through Terraform:

Session identifiers

api_shield for configuring session identifiers in API Shield.

Endpoint Management

api_shield_operation for configuring endpoints in Endpoint Management.

Schema Validation 2.0

api_shield_schema for configuring a schema in Schema Validation 2.0.
api_shield_schema_validation_settings for configuring zone-level Schema Validation 2.0 settings.
api_shield_operation_schema_validation_settings for configuring operation-level Schema Validation 2.0 settings.

Manage API Shield session identifiers

Refer to the example configuration below to set up session identifiers on your zone.

Example configurationresource "cloudflare_api_shield" "my_api_shield" {  zone_id  = var.zone_id  auth_id_characteristics {    name = "authorization"    type = "header"  }
}

Manage API Shield Endpoint Management

Refer to the example configuration below to manage endpoints on your zone.

Example configurationresource "cloudflare_api_shield_operation" "get_image" {  zone_id  = var.zone_id  method   = "GET"  host     = "example.com"  endpoint = "/api/images/{var1}"
} resource "cloudflare_api_shield_operation" "post_image" {  zone_id  = var.zone_id  method   = "POST"  host     = "example.com"  endpoint = "/api/images/{var1}"
}

Manage Schema Validation 2.0

Refer to the example configuration below to manage Schema Validation 2.0 on your zone.

Example configuration# Schema that should be used for schema validation 2.0
resource "cloudflare_api_shield_schema" "example_schema" {  zone_id                   = var.zone_id  name                      = "example-schema"  kind                      = "openapi_v3"  validation_enabled        = true  source                    = file("./schemas/example-schema.json")} # Block all requests that violate schema by default
resource "cloudflare_api_shield_schema_validation_settings" "zone_level_settings" {  zone_id                               = var.zone_id  validation_default_mitigation_action  = "block"
} # For endpoint post_image - only log requests that violate schema
resource "cloudflare_api_shield_operation_schema_validation_settings" "post_image_log_only" {  zone_id           = var.zone_id  operation_id      = cloudflare_api_shield_operation.post_image.id  mitigation_action = "log"
}

Manage API Shield with Terraform

​​ Manage API Shield session identifiers

​​ Manage API Shield Endpoint Management

​​ Manage Schema Validation 2.0

Manage API Shield session identifiers

Manage API Shield Endpoint Management

Manage Schema Validation 2.0