Cloudflare API token permissions for cloudflare_rate_limit Terraform resource


I am migrating my infrastructure repositories away from global API key to API token. I have identified some permissions I need and I am using “cloudflare_api_token_permission_groups” data object to translate these names to IDs as seen in example here: x

Creating DNS entries, purging cache and zone settings override were easy to indentify, but I stuck on this resource: x I have tried to add these permissions:

    data.cloudflare_api_token_permission_groups.all.permissions["Zone WAF Read"],
    data.cloudflare_api_token_permission_groups.all.permissions["Zone WAF Write"],
    data.cloudflare_api_token_permission_groups.all.permissions["Zone Write"],
    data.cloudflare_api_token_permission_groups.all.permissions["Account WAF Read"],
    data.cloudflare_api_token_permission_groups.all.permissions["Account WAF Write"],

But I still get Error 10000. As in x there is no “rate limit” permission I have headed to dashboards and found the existing rate limit rule under WAF, so I tried to add these WAF permissions, but it did not help.

Also, x was not really helpful, it shows example with API key, but I can’t really found binding between API methods and permissions anywhere.

Can anybody help me figure out which permission my token needs? Or is it documented somewhere and I wasn’t able to find it? Thanks for help