Terraform module to create a Cloudflare API token that have bucket scope permissions.
Example:
module "r2-api-token" {
source = "Cyb3r-Jak3/r2-api-token/cloudflare"
version = "<version>"
account_id = "<account>"
buckets = ["bucket-1", "bucket-2"]
write = false
}| Name | Version |
|---|---|
| terraform | >= 1.2.0 |
| cloudflare | >= 4.13.0 |
| Name | Version |
|---|---|
| cloudflare | >= 4.13.0 |
No modules.
| Name | Type |
|---|---|
| cloudflare_api_token.token | resource |
| cloudflare_api_token_permission_groups.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_id | Cloudflare Account ID | string |
n/a | yes |
| bucket_read | If true, grant read access to the bucket(s) | bool |
true |
no |
| bucket_write | If true, grant write access to the bucket(s) | bool |
true |
no |
| buckets | List of R2 buckets to grant access to. If empty, all buckets will be granted access. | list(string) |
[] |
no |
| condition_ip_in | List of IP addresses or CIDR notation where the token may be used from. If not specified, the token will be valid for all IP addresses. | list(string) |
[] |
no |
| condition_ip_not_in | List of IP addresses or CIDR notation where the token should not be used from. | list(string) |
[] |
no |
| expires_on | The expiration time on or after which the token MUST NOT be accepted for processing. If not specified, the token will not expire. | string |
"" |
no |
| not_before | The time before which the token MUST NOT be accepted for processing. If not specified, the token will be valid immediately. | string |
"" |
no |
| token_name | Name of the API token. If none given then the fomart is: R2-<comma seperate names>-<Read if 'bucket-read'>-<Write if 'bucket-write'> |
string |
"" |
no |
| Name | Description |
|---|---|
| id | API Token ID. Used as the Access Key ID |
| name | Name of the API Token |
| secret | Secret Access Key |
| value | API Token Value |