Skip to content

Commit 2fea7eb

Browse files
ranbelranbel
committed
resolver policy
1 parent bde43d4 commit 2fea7eb

File tree

1 file changed

+46
-0
lines changed

1 file changed

+46
-0
lines changed

src/content/partials/cloudflare-one/gateway/create-resolver-policy.mdx

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,10 @@
22
{}
33
---
44

5+
import { TabItem, Tabs } from "~/components";
6+
7+
<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
8+
59
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Resolver policies**.
610
2. Select **Add a policy**.
711
3. Create an expression for your desired traffic. For example, you can resolve a hostname for an internal service:
@@ -23,6 +27,48 @@
2327

2428
Custom resolvers are saved to your account for future use. You can add up to 10 IPv4 and 10 IPv6 addresses to a policy.
2529

30+
</TabItem>
31+
<TabItem label="Terraform (v5)">
32+
33+
1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
34+
- `Zero Trust Write`
35+
36+
2. Create a resolver policy using the [`cloudflare_zero_trust_gateway_policy`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_gateway_policy) resource:
37+
38+
```tf
39+
resource "cloudflare_zero_trust_gateway_policy" "resolver_policy" {
40+
name = "Example resolver policy"
41+
enabled = true
42+
account_id = var.cloudflare_account_id
43+
description = "TERRAFORM MANAGED resolver policy"
44+
action = "resolve"
45+
traffic = "dns.fqdn in {\"internal.example.com\"}"
46+
identity = "identity.email in {\"[email protected]\"}"
47+
precedence = 1
48+
rule_settings = {
49+
dns_resolvers = {
50+
# You can add up to 10 IPv4 and 10 IPv6 addresses to a policy.
51+
ipv4 = [{
52+
ip = "192.0.2.24"
53+
port = 53
54+
route_through_private_network = true
55+
vnet_id = cloudflare_zero_trust_tunnel_cloudflared_virtual_network.staging_vnet.id
56+
}]
57+
ipv6 = [{
58+
ip = "2001:DB8::"
59+
port = 53
60+
route_through_private_network = true
61+
vnet_id = cloudflare_zero_trust_tunnel_cloudflared_virtual_network.staging_vnet.id
62+
}]
63+
}
64+
}
65+
}
66+
```
67+
68+
69+
</TabItem>
70+
</Tabs>
71+
2672
When a user's query matches a resolver policy, Gateway will send the query to your listed resolvers in the following order:
2773

2874
1. Public resolvers

0 commit comments

Comments
 (0)