1

I get this message after terraform apply:

Error: Error creating zone "example.com": HTTP status 400: Permission denied (1068)

Here's the content of both provider.tf and zone.tf

terraform {
  required_providers {
    cloudflare = {
      source = "terraform-providers/cloudflare"
    }
  }
  required_version = ">= 0.13"
}

provider "cloudflare" {
  version = "~> 2.0"
  account_id = var.cloudflare_account_id
  api_token = var.cloudflare_api_token
}

and

resource "cloudflare_zone" "example_zone" {
  zone = "example.com"
}

resource "cloudflare_zone_settings_override" "general" {
  zone_id = cloudflare_zone.example_zone.id
}

and these are the properties of the API token created at Cloudflare

enter image description here

bulkmoustache
  • 1,875
  • 3
  • 20
  • 24
  • Does it work when you use the global API key? – Ked Mardemootoo Jun 02 '21 at 09:36
  • @KedMardemootoo yes, it does work. For reference, I followed this example: https://api.cloudflare.com/#zone-create-zone – bulkmoustache Jun 02 '21 at 09:58
  • Tried with the provider settings mentioned here: https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs#terraform--013 Using the global API key, and it worked. However, I'd like to use an API Token instead, – bulkmoustache Jun 02 '21 at 10:16
  • It should work with "DNS -> Zone (Edit)" and "DNS -> Zone Settings (Edit)" permissions, here is a working demo: https://github.com/kriasoft/terraform-starter-kit https://github.com/kriasoft/terraform-starter-kit/blob/75442f223255071d9a79731e9c947d49669f8e87/infra/variables.tf#L18-L24 – Konstantin Tarkus Jan 28 '22 at 18:01
  • If you really tried to create a zone for the example.com domain, then you won't be able to do it. You will now get a more specific error such as: "Error: error creating zone "example.com": This web property cannot be added to Cloudflare at this time. If you are an Enterprise customer, please contact your Customer Success Manager. Otherwise, please email abusereply@cloudflare.com with the name of the web property and a detailed explanation of your association with this web property. (1097)". You can't add to Cloudflare the zones used for the examples. – fallincode Aug 10 '22 at 07:03

0 Answers0