diff --git a/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx b/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx
index c1b7cf3d437c5bb..e184dea80244a15 100644
--- a/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx
+++ b/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx
@@ -36,6 +36,8 @@ For more information on DDoS managed rulesets, refer to [Managed rulesets](/ddos
This example configures the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/) managed ruleset for a zone using Terraform, changing the sensitivity level of rule with ID fdfdac75430c4c47a959592f0aa5e68a to `low`.
+
+
```tf
resource "cloudflare_ruleset" "zone_level_http_ddos_config" {
zone_id = ""
@@ -77,6 +79,8 @@ This example configures the [Network-layer DDoS Attack Protection](/ddos-protect
:::
+
+
```tf
resource "cloudflare_ruleset" "account_level_network_ddos_config" {
account_id = ""
@@ -126,6 +130,8 @@ The order of the rules is important: the rule with the highest sensitivity level
:::
+
+
```tf
variable "zone_id" {
default = ""
diff --git a/src/content/docs/terraform/additional-configurations/rate-limiting-rules.mdx b/src/content/docs/terraform/additional-configurations/rate-limiting-rules.mdx
index 8b016058c0e6ce6..2fbec939b875fd3 100644
--- a/src/content/docs/terraform/additional-configurations/rate-limiting-rules.mdx
+++ b/src/content/docs/terraform/additional-configurations/rate-limiting-rules.mdx
@@ -35,6 +35,8 @@ For more information on configuring the previous version of rate limiting rules
This example creates a rate limiting rule in zone with ID `` blocking traffic that exceeds the configured rate:
+
+
```tf
resource "cloudflare_ruleset" "zone_rl" {
zone_id = ""
@@ -71,6 +73,8 @@ resource "cloudflare_ruleset" "zone_rl" {
This example defines a [custom ruleset](/ruleset-engine/custom-rulesets/) with a single rate limiting rule in account with ID `` that blocks traffic for the `/api/` path exceeding the configured rate. The second `cloudflare_ruleset` resource defines an `execute` rule that deploys the custom ruleset for traffic addressed at `example.com`.
+
+
```tf
resource "cloudflare_ruleset" "account_rl" {
account_id =
@@ -125,6 +129,8 @@ This example creates a rate limiting rule in zone with ID `` with:
- A custom counting expression that includes a response field (`http.response.code`).
- A custom JSON response for rate limited requests.
+
+
```tf
resource "cloudflare_ruleset" "zone_rl_custom_response" {
zone_id = ""
diff --git a/src/content/docs/terraform/additional-configurations/transform-rules.mdx b/src/content/docs/terraform/additional-configurations/transform-rules.mdx
index 9f01101b5cd2cef..8b78537b90ac9c0 100644
--- a/src/content/docs/terraform/additional-configurations/transform-rules.mdx
+++ b/src/content/docs/terraform/additional-configurations/transform-rules.mdx
@@ -33,6 +33,8 @@ For more information on Transform Rules, refer to [Transform Rules](/rules/trans
The following example creates a Rewrite URL Rule that rewrites requests for `example.com/old-folder` to `example.com/new-folder`:
+
+
```tf
resource "cloudflare_ruleset" "transform_url_rewrite" {
zone_id = ""
@@ -69,6 +71,8 @@ The following configuration example performs the following adjustments to HTTP r
- Adds a `my-header-2` header to the request with a dynamic value defined by an expression.
- Deletes the `existing-header` header from the request, if it exists.
+
+
```tf
resource "cloudflare_ruleset" "transform_modify_request_headers" {
zone_id = ""
@@ -117,6 +121,8 @@ The following configuration example performs the following adjustments to HTTP r
- Adds a `my-header-2` header to the response with a dynamic value defined by an expression.
- Deletes the `existing-header` header from the response, if it exists.
+
+
```tf
resource "cloudflare_ruleset" "transform_modify_response_headers" {
zone_id = ""
diff --git a/src/content/docs/terraform/additional-configurations/waf-custom-rules.mdx b/src/content/docs/terraform/additional-configurations/waf-custom-rules.mdx
index eb753d4838127c4..b1569df2a434adb 100644
--- a/src/content/docs/terraform/additional-configurations/waf-custom-rules.mdx
+++ b/src/content/docs/terraform/additional-configurations/waf-custom-rules.mdx
@@ -40,6 +40,8 @@ For more information on custom rules, refer to [Custom rules](/waf/custom-rules/
The following example configures a custom rule in the zone entry point ruleset for the `http_request_firewall_custom` phase for zone with ID ``. The rule will block all traffic on non-standard HTTP(S) ports:
+
+
```tf
resource "cloudflare_ruleset" "zone_custom_firewall" {
zone_id = ""
@@ -67,6 +69,8 @@ For more information on enabling leaked credentials detection using Terraform, r
This example adds a custom rule that challenges requests with leaked credentials by using one of the [leaked credentials fields](/waf/detections/leaked-credentials/#leaked-credentials-fields) in the rule expression.
+
+
```tf
resource "cloudflare_ruleset" "zone_custom_firewall_leaked_creds" {
zone_id = ""
@@ -94,6 +98,8 @@ For more information on enabling malicious uploads detection using Terraform, re
This example adds a custom rule that blocks requests with one or more content objects considered malicious by using one of the [content scanning fields](/waf/detections/malicious-uploads/#content-scanning-fields) in the rule expression.
+
+
```tf
resource "cloudflare_ruleset" "zone_custom_firewall_malicious_uploads" {
zone_id = ""
@@ -125,6 +131,8 @@ You can only create and deploy custom rulesets at the account level.
The following configuration creates the custom ruleset with a single rule:
+
+
```tf
resource "cloudflare_ruleset" "account_firewall_custom_ruleset" {
account_id = ""
@@ -149,6 +157,8 @@ resource "cloudflare_ruleset" "account_firewall_custom_ruleset" {
The following configuration deploys the custom ruleset at the account level. It defines a dependency on the `account_firewall_custom_ruleset` resource and uses the ID of the created custom ruleset in `action_parameters`:
+
+
```tf
resource "cloudflare_ruleset" "account_firewall_custom_entrypoint" {
account_id = ""
@@ -181,6 +191,8 @@ The following configuration creates a custom ruleset with a single rule that [ch
You can only add exposed credential checks to rules in a custom ruleset (that is, a ruleset with `kind = "custom"`).
+
+
```tf
resource "cloudflare_ruleset" "account_firewall_custom_ruleset_exposed_creds" {
account_id = ""
@@ -213,6 +225,8 @@ resource "cloudflare_ruleset" "account_firewall_custom_ruleset_exposed_creds" {
The following configuration deploys the custom ruleset. It defines a dependency on the `account_firewall_custom_ruleset_exposed_creds` resource and obtains the ID of the created custom ruleset:
+
+
```tf
resource "cloudflare_ruleset" "account_firewall_custom_entrypoint" {
account_id = ""
diff --git a/src/content/docs/terraform/additional-configurations/waf-managed-rulesets.mdx b/src/content/docs/terraform/additional-configurations/waf-managed-rulesets.mdx
index 338ff132e2aa3ce..31e4aeb376e1e63 100644
--- a/src/content/docs/terraform/additional-configurations/waf-managed-rulesets.mdx
+++ b/src/content/docs/terraform/additional-configurations/waf-managed-rulesets.mdx
@@ -36,6 +36,8 @@ For more information on WAF Managed Rules, refer to [WAF Managed Rules](/waf/man
The following example deploys two managed rulesets to the zone with ID `` using Terraform, using a `cloudflare_ruleset` resource with two rules that execute the managed rulesets.
+
+
```tf
# Configure a ruleset at the zone level for the "http_request_firewall_managed" phase
resource "cloudflare_ruleset" "zone_level_managed_waf" {
@@ -80,6 +82,8 @@ resource "cloudflare_ruleset" "zone_level_managed_waf" {
The following example deploys two managed rulesets to the account with ID `` using Terraform, using a `cloudflare_ruleset` resource with two rules that execute the managed rulesets for two hostnames belonging to Enterprise zones.
+
+
```tf
resource "cloudflare_ruleset" "account_level_managed_waf" {
account_id = ""
@@ -123,6 +127,8 @@ The following example adds two [skip rules](/waf/managed-rules/waf-exceptions/)
Add the two skip rules to the `cloudflare_ruleset` resource before the rule that deploys the Cloudflare Managed Ruleset:
+
+
```tf null {4-13,15-27}
resource "cloudflare_ruleset" "zone_level_managed_waf" {
# (...)
@@ -184,6 +190,8 @@ The following example adds three [overrides](/ruleset-engine/managed-rulesets/ov
The following configuration includes the three overrides in the rule that executes the Cloudflare Managed Ruleset:
+
+
```tf null {9-24}
# (...)
@@ -223,6 +231,8 @@ This example enables [payload logging](/waf/managed-rules/payload-logging/) for
Building upon the rule that deploys the Cloudflare Managed Ruleset, the following rule configuration adds the `matched_data` object with the public key used to encrypt the payload:
+
+
```tf null {9-11}
# (...)
@@ -262,6 +272,8 @@ The following example rule of a `cloudflare_ruleset` Terraform resource performs
- Sets the score threshold to `60` (_Low_).
- Sets the ruleset action to `log`.
+
+
```tf null {8-25}
# (...)
diff --git a/src/content/docs/terraform/advanced-topics/import-cloudflare-resources.mdx b/src/content/docs/terraform/advanced-topics/import-cloudflare-resources.mdx
index c6dd4a234daf49e..f5e8f8c2473f583 100644
--- a/src/content/docs/terraform/advanced-topics/import-cloudflare-resources.mdx
+++ b/src/content/docs/terraform/advanced-topics/import-cloudflare-resources.mdx
@@ -3,6 +3,8 @@ pcx_content_type: tutorial
title: Import Cloudflare resources
---
+import { Render } from "~/components";
+
An important point to understand about Terraform is that it can only manage configuration it created or was explicitly told about after the fact. The reason for this limitation is that Terraform expects to be authoritative for the resources it manages. It relies on two types of files to understand what resources it controls and what state they are in. Terraform determines when and how to make changes from the following:
- A [configuration file](https://developer.hashicorp.com/terraform/language) (ending in `.tf`) that defines the configuration of resources for Terraform to manage. This is what you worked with in the tutorial steps.
@@ -54,6 +56,8 @@ To start managing existing Cloudflare resources in Terraform, for example, DNS r
If you do not have a Terraform configuration file defined, you need the `provider` block defined as follows:
+
+
```hcl
provider 'cloudflare' {
# Cloudflare email saved in $CLOUDFLARE_EMAIL
@@ -71,6 +75,8 @@ cf-terraforming generate --email $CLOUDFLARE_EMAIL --token $CLOUDFLARE_API_TOKEN
If you had not redirected the output to the `importing-example.tf` file, the result displayed in the standard output (your terminal window) would look like the following:
+
+
```tf
resource "cloudflare_record" "terraform_managed_resource_3c0b456bc2aa443089c5f40f45f51b31" {
name = "@"
diff --git a/src/content/docs/terraform/advanced-topics/remote-backend.mdx b/src/content/docs/terraform/advanced-topics/remote-backend.mdx
index cd5060cbf81376c..3c8192b247c972c 100644
--- a/src/content/docs/terraform/advanced-topics/remote-backend.mdx
+++ b/src/content/docs/terraform/advanced-topics/remote-backend.mdx
@@ -38,6 +38,8 @@ After your token has been successfully created, review your **Secret Access Key*
Update your [`cloudflare.tf`](/terraform/tutorial/initialize-terraform/) file to include a [backend](https://developer.hashicorp.com/terraform/language/settings/backends/configuration) for the `` bucket you created above.
+
+
```tf
terraform {
backend "s3" {
diff --git a/src/content/docs/terraform/tutorial/add-page-rules.mdx b/src/content/docs/terraform/tutorial/add-page-rules.mdx
index a992f51965573f4..d2090f042cdeb69 100644
--- a/src/content/docs/terraform/tutorial/add-page-rules.mdx
+++ b/src/content/docs/terraform/tutorial/add-page-rules.mdx
@@ -8,10 +8,14 @@ head:
content: Add exceptions with Page Rules
---
+import { Render } from "~/components";
+
In the [Configure HTTPS settings](/terraform/tutorial/configure-https-settings/) tutorial, you configured zone settings that apply to all incoming requests for `example.com`. In this tutorial, you will add an exception to these settings using [Page Rules](/rules/page-rules/).
Specifically, you will increase the security level for a URL known to be expensive to render and cannot be cached: `https://www.example.com/expensive-db-call`. Additionally, you will add a redirect from the previous URL used to host this page.
+
+
## 1. Create a new branch and append the page rule
Create a new branch and append the configuration.
diff --git a/src/content/docs/terraform/tutorial/configure-https-settings.mdx b/src/content/docs/terraform/tutorial/configure-https-settings.mdx
index d141ad3ff90cd17..92449c6c6b077c0 100644
--- a/src/content/docs/terraform/tutorial/configure-https-settings.mdx
+++ b/src/content/docs/terraform/tutorial/configure-https-settings.mdx
@@ -8,10 +8,14 @@ head:
content: Configure HTTPS settings
---
+import { Render } from "~/components";
+
After proxying a basic website through Cloudflare, you can use Terraform to adjust zone settings. In this tutorial, you will configure some optional HTTPS settings and then push the updated configuration to GitHub for posterity.
You will use a new Git branch for the changes and then merge it into the `master` branch before applying. On a team, you might consider using this step as an opportunity for others to review your change before merging and deploying it. You can also integrate Terraform into your CI/CD system to perform tests automatically using another Cloudflare domain.
+
+
## 1. Create a new branch and append the new zone settings
In this step, modify the Terraform configuration to enable the following settings:
diff --git a/src/content/docs/terraform/tutorial/initialize-terraform.mdx b/src/content/docs/terraform/tutorial/initialize-terraform.mdx
index ed9ddcfa7ee7815..160eab4f24954b0 100644
--- a/src/content/docs/terraform/tutorial/initialize-terraform.mdx
+++ b/src/content/docs/terraform/tutorial/initialize-terraform.mdx
@@ -8,10 +8,14 @@ head:
content: Introduction to Terraform init
---
+import { Render } from "~/components";
+
This tutorial shows you how to get started with Terraform. The tutorial uses an example scenario where you have a web server for your domain, accessible on `203.0.113.10`, and you just signed up your domain (`example.com`) on Cloudflare to manage everything in Terraform.
Before you begin, ensure you have [installed Terraform](/terraform/installing/). You will also need to [create an API Token](/fundamentals/api/get-started/create-token/) with permissions to edit resources for this tutorial.
+
+
## 1. Define your first Terraform config file
Create an initial Terraform config file, filling in your own values for the [API token](/fundamentals/api/get-started/create-token/), [zone ID](/fundamentals/setup/find-account-and-zone-ids/), [account ID](/fundamentals/setup/find-account-and-zone-ids/), and [domain](/fundamentals/setup/manage-domains/add-site/).
diff --git a/src/content/docs/terraform/tutorial/revert-configuration.mdx b/src/content/docs/terraform/tutorial/revert-configuration.mdx
index 51dbc05d0b82574..ca747a9a46a9d60 100644
--- a/src/content/docs/terraform/tutorial/revert-configuration.mdx
+++ b/src/content/docs/terraform/tutorial/revert-configuration.mdx
@@ -8,10 +8,14 @@ head:
content: Revert configuration
---
+import { Render } from "~/components";
+
Sometimes, you may have to roll back configuration changes. For example, you might want to run performance tests on a new configuration or maybe you mistyped an IP address and brought your entire site down.
To revert your configuration, check out the desired branch and ask Terraform to move your Cloudflare settings back in time. If you accidentally brought your site down, consider establishing a good strategy for peer reviewing pull requests rather than merging directly to `master` as done in the tutorials for brevity.
+
+
## 1. Review your configuration history
Before determining how far back to revert, review the versioned history:
diff --git a/src/content/docs/terraform/tutorial/track-history.mdx b/src/content/docs/terraform/tutorial/track-history.mdx
index ef257be9f012252..953ffa4bdea50a6 100644
--- a/src/content/docs/terraform/tutorial/track-history.mdx
+++ b/src/content/docs/terraform/tutorial/track-history.mdx
@@ -8,6 +8,8 @@ head:
content: Track your history
---
+import { Render } from "~/components";
+
In the [Initialize Terraform](/terraform/tutorial/initialize-terraform/) tutorial, you created and applied some basic Cloudflare configuration. Terraform applied this configuration to your zone because you provided your API token at the top of the `cloudflare.tf` file that has access to this zone.
```sh
@@ -19,6 +21,8 @@ provider "cloudflare" {
In this tutorial, you will store your configuration in GitHub where it can be tracked, peer-reviewed, and rolled back to as needed. First, you will remove your credentials from the Terraform config file to prevent committing them to a repository.
+:
+
## 1. Use environment variables for authentication
As a good security practice, remove your Cloudflare credentials from anything that will be committed to a repository. The Cloudflare Terraform provider supports reading the credentials (and other configuration) [from environment variables](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs#schema), as in the following example:
diff --git a/src/content/docs/terraform/tutorial/use-load-balancing.mdx b/src/content/docs/terraform/tutorial/use-load-balancing.mdx
index 112531a8d823a2d..8dca7c593380540 100644
--- a/src/content/docs/terraform/tutorial/use-load-balancing.mdx
+++ b/src/content/docs/terraform/tutorial/use-load-balancing.mdx
@@ -8,8 +8,12 @@ head:
content: Improve performance and reliability
---
+import { Render } from "~/components";
+
In this tutorial, you will add a second origin for some basic round robining, and then use the [Cloudflare Load Balancing](/load-balancing/) product to fail traffic over as needed. You will also enhance your load balancing configuration through the use of "geo steering" to serve results from an origin server that is geographically closest to your end users.
+
+
## 1. Add another DNS record for `www`
To get started, add a DNS record for a second web server, located in Asia. The IP address for this server is `198.51.100.15`.
diff --git a/src/content/partials/terraform/v4-code-snippets.mdx b/src/content/partials/terraform/v4-code-snippets.mdx
new file mode 100644
index 000000000000000..99de18e73442fe3
--- /dev/null
+++ b/src/content/partials/terraform/v4-code-snippets.mdx
@@ -0,0 +1,8 @@
+---
+{}
+
+---
+
+:::note
+Terraform code snippets below refer to the v4 SDK only.
+:::
\ No newline at end of file