I am attempting to deploy an account level WAF custom ruleset using Terraform and I am having a difficult time understanding how to deploy the rule once it has been created:
First here is the terraform I am using to create the customer ruleset that contains one rule to log all incoming traffic:
resource "cloudflare_ruleset" "account_custom_firewall" {
account_id = "<ACCOUNT_ID_HERE>"
name = "Custom WAF rule"
description = "Custom WAF rulesets"
kind = "custom"
phase = "http_request_firewall_custom"
# Rule that Logs all incoming traffic
rules {
action = "log"
expression = "(ip.src in {0.0.0.0/0})"
description = "Log all traffic at account level"
enabled = false
}
}
The above terraform works and also returns the ID of the ruleset that was created.
Now here is where I get confused. Now that the ruleset has been created I then need to deploy it. In this case because I have the ID of the ruleset I attempted this
resource "cloudflare_ruleset" "deploy_custom_ruleset" {
account_id = "<ACCOUNT_ID_HERE>"
name = "Log All"
description = "Deploy the WAF rulesets"
kind = "custom"
phase = "http_request_firewall_custom"
rules {
action = "execute"
action_parameters {
id = "<RULESET_ID_RETURNED_BY_CREATE>"
}
expression = "(http.host eq \"dev.example.com\")"
description = "Log All Incoming Traffic"
enabled = false
}
}
This ultimately produces an error of:
Error: error creating ruleset Log All: cannot reference <RULESET_ID_RETURNED_BY_CREATE>" because it would violate the invariants on referencing
I am having a difficult time understanding the API examples listed in the documentation and how they map to what I am attempting to do.
Could someone please provide me with a basic example of creating a custom ruleset and show how to then deploy it?