Access Service Tokens are used for service-to-service communication when an application is behind Cloudflare Access.
resource "cloudflare_access_service_token" "my_app" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "CI/CD app"
}
# Generate a service token that will renew if terraform is ran within 30 days of expiration
resource "cloudflare_access_service_token" "my_app" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "CI/CD app renewed"
min_days_for_renewal = 30
# This flag is important to set if min_days_for_renewal is defined otherwise
# there will be a brief period where the service relying on that token
# will not have access due to the resource being deleted
lifecycle {
create_before_destroy = true
}
}
name
(String) Friendly name of the token's intent.account_id
(String) The account identifier to target for the resource. Conflicts with zone_id
.duration
(String) Length of time the service token is valid for. Available values: 8760h
, 17520h
, 43800h
, 87600h
, forever
.min_days_for_renewal
(Number) Refresh the token if terraform is run within the specified amount of days before expiration. Defaults to 0
.zone_id
(String) The zone identifier to target for the resource. Conflicts with account_id
.client_id
(String) Client ID associated with the Service Token. Modifying this attribute will force creation of a new resource.client_secret
(String, Sensitive) A secret for interacting with Access protocols. Modifying this attribute will force creation of a new resource.expires_at
(String) Date when the token expires.id
(String) The ID of this resource.Import is supported using the following syntax:
# If you are importing an Access Service Token you will not have the
# client_secret available in the state for use. The client_secret is only
# available once, at creation. In most cases, it is better to just create a new
# resource should you need to reference it in other resources.
$ terraform import cloudflare_access_service_token.example <account_id>/<service_token_id>