Skip to content

Latest commit

 

History

History
1938 lines (1232 loc) · 83.7 KB

dnsFirewall.python.md

File metadata and controls

1938 lines (1232 loc) · 83.7 KB

dnsFirewall Submodule

Constructs

DnsFirewall

Represents a {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall cloudflare_dns_firewall}.

Initializers 

from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewall(
  scope: Construct,
  id: str,
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  account_id: str,
  attack_mitigation: DnsFirewallAttackMitigation = None,
  deprecate_any_requests: typing.Union[bool, IResolvable] = None,
  ecs_fallback: typing.Union[bool, IResolvable] = None,
  maximum_cache_ttl: typing.Union[int, float] = None,
  minimum_cache_ttl: typing.Union[int, float] = None,
  name: str = None,
  negative_cache_ttl: typing.Union[int, float] = None,
  ratelimit: typing.Union[int, float] = None,
  retries: typing.Union[int, float] = None,
  upstream_ips: typing.List[str] = None
)
Name Type Description
scope constructs.Construct The scope in which to define this construct.
id str The scoped construct ID.
connection typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] No description.
count typing.Union[typing.Union[int, float], cdktf.TerraformCount] No description.
depends_on typing.List[cdktf.ITerraformDependable] No description.
for_each cdktf.ITerraformIterator No description.
lifecycle cdktf.TerraformResourceLifecycle No description.
provider cdktf.TerraformProvider No description.
provisioners typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] No description.
account_id str Identifier.
attack_mitigation DnsFirewallAttackMitigation Attack mitigation settings.
deprecate_any_requests typing.Union[bool, cdktf.IResolvable] Whether to refuse to answer queries for the ANY type.
ecs_fallback typing.Union[bool, cdktf.IResolvable] Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent.
maximum_cache_ttl typing.Union[int, float] Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.
minimum_cache_ttl typing.Union[int, float] Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.
name str DNS Firewall cluster name.
negative_cache_ttl typing.Union[int, float] Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
ratelimit typing.Union[int, float] Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster).
retries typing.Union[int, float] Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt).
upstream_ips typing.List[str] Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#upstream_ips DnsFirewall#upstream_ips}.
scopeRequired
  • Type: constructs.Construct

The scope in which to define this construct.

idRequired
  • Type: str

The scoped construct ID.

Must be unique amongst siblings in the same scope

connectionOptional
  • Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
countOptional
  • Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_onOptional
  • Type: typing.List[cdktf.ITerraformDependable]
for_eachOptional
  • Type: cdktf.ITerraformIterator
lifecycleOptional
  • Type: cdktf.TerraformResourceLifecycle
providerOptional
  • Type: cdktf.TerraformProvider
provisionersOptional
  • Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
account_idRequired
  • Type: str

Identifier.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#account_id DnsFirewall#account_id}

attack_mitigationOptional

Attack mitigation settings.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#attack_mitigation DnsFirewall#attack_mitigation}

deprecate_any_requestsOptional
  • Type: typing.Union[bool, cdktf.IResolvable]

Whether to refuse to answer queries for the ANY type.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#deprecate_any_requests DnsFirewall#deprecate_any_requests}

ecs_fallbackOptional
  • Type: typing.Union[bool, cdktf.IResolvable]

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#ecs_fallback DnsFirewall#ecs_fallback}

maximum_cache_ttlOptional
  • Type: typing.Union[int, float]

Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.

Higher TTLs will be decreased to the maximum defined here for caching purposes.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#maximum_cache_ttl DnsFirewall#maximum_cache_ttl}

minimum_cache_ttlOptional
  • Type: typing.Union[int, float]

Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.

Lower TTLs will be increased to the minimum defined here for caching purposes.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#minimum_cache_ttl DnsFirewall#minimum_cache_ttl}

nameOptional
  • Type: str

DNS Firewall cluster name.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#name DnsFirewall#name}

negative_cache_ttlOptional
  • Type: typing.Union[int, float]

Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#negative_cache_ttl DnsFirewall#negative_cache_ttl}

ratelimitOptional
  • Type: typing.Union[int, float]

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#ratelimit DnsFirewall#ratelimit}

retriesOptional
  • Type: typing.Union[int, float]

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#retries DnsFirewall#retries}

upstream_ipsOptional
  • Type: typing.List[str]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#upstream_ips DnsFirewall#upstream_ips}.

Methods

Name Description
to_string Returns a string representation of this construct.
add_override No description.
override_logical_id Overrides the auto-generated logical ID with a specific ID.
reset_override_logical_id Resets a previously passed logical Id to use the auto-generated logical id again.
to_hcl_terraform No description.
to_metadata No description.
to_terraform Adds this resource to the terraform JSON output.
add_move_target Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
has_resource_move No description.
import_from No description.
interpolation_for_attribute No description.
move_from_id Move the resource corresponding to "id" to this resource.
move_to Moves this resource to the target resource given by moveTarget.
move_to_id Moves this resource to the resource corresponding to "id".
put_attack_mitigation No description.
reset_attack_mitigation No description.
reset_deprecate_any_requests No description.
reset_ecs_fallback No description.
reset_maximum_cache_ttl No description.
reset_minimum_cache_ttl No description.
reset_name No description.
reset_negative_cache_ttl No description.
reset_ratelimit No description.
reset_retries No description.
reset_upstream_ips No description.
to_string 
def to_string() -> str

Returns a string representation of this construct.

add_override 
def add_override(
  path: str,
  value: typing.Any
) -> None
pathRequired
  • Type: str
valueRequired
  • Type: typing.Any
override_logical_id 
def override_logical_id(
  new_logical_id: str
) -> None

Overrides the auto-generated logical ID with a specific ID.

new_logical_idRequired
  • Type: str

The new logical ID to use for this stack element.

reset_override_logical_id 
def reset_override_logical_id() -> None

Resets a previously passed logical Id to use the auto-generated logical id again.

to_hcl_terraform 
def to_hcl_terraform() -> typing.Any
to_metadata 
def to_metadata() -> typing.Any
to_terraform 
def to_terraform() -> typing.Any

Adds this resource to the terraform JSON output.

add_move_target 
def add_move_target(
  move_target: str
) -> None

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

move_targetRequired
  • Type: str

The string move target that will correspond to this resource.

get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
has_resource_move 
def has_resource_move() -> typing.Union[TerraformResourceMoveByTarget, TerraformResourceMoveById]
import_from 
def import_from(
  id: str,
  provider: TerraformProvider = None
) -> None
idRequired
  • Type: str
providerOptional
  • Type: cdktf.TerraformProvider
interpolation_for_attribute 
def interpolation_for_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
move_from_id 
def move_from_id(
  id: str
) -> None

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

idRequired
  • Type: str

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

move_to 
def move_to(
  move_target: str,
  index: typing.Union[str, typing.Union[int, float]] = None
) -> None

Moves this resource to the target resource given by moveTarget.

move_targetRequired
  • Type: str

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

indexOptional
  • Type: typing.Union[str, typing.Union[int, float]]

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

move_to_id 
def move_to_id(
  id: str
) -> None

Moves this resource to the resource corresponding to "id".

idRequired
  • Type: str

Full id of resource to move to, e.g. "aws_s3_bucket.example".

put_attack_mitigation 
def put_attack_mitigation(
  enabled: typing.Union[bool, IResolvable] = None,
  only_when_upstream_unhealthy: typing.Union[bool, IResolvable] = None
) -> None
enabledOptional
  • Type: typing.Union[bool, cdktf.IResolvable]

When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#enabled DnsFirewall#enabled}

only_when_upstream_unhealthyOptional
  • Type: typing.Union[bool, cdktf.IResolvable]

Only mitigate attacks when upstream servers seem unhealthy.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#only_when_upstream_unhealthy DnsFirewall#only_when_upstream_unhealthy}

reset_attack_mitigation 
def reset_attack_mitigation() -> None
reset_deprecate_any_requests 
def reset_deprecate_any_requests() -> None
reset_ecs_fallback 
def reset_ecs_fallback() -> None
reset_maximum_cache_ttl 
def reset_maximum_cache_ttl() -> None
reset_minimum_cache_ttl 
def reset_minimum_cache_ttl() -> None
reset_name 
def reset_name() -> None
reset_negative_cache_ttl 
def reset_negative_cache_ttl() -> None
reset_ratelimit 
def reset_ratelimit() -> None
reset_retries 
def reset_retries() -> None
reset_upstream_ips 
def reset_upstream_ips() -> None

Static Functions

Name Description
is_construct Checks if x is a construct.
is_terraform_element No description.
is_terraform_resource No description.
generate_config_for_import Generates CDKTF code for importing a DnsFirewall resource upon running "cdktf plan ".
is_construct 
from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewall.is_construct(
  x: typing.Any
)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: typing.Any

Any object.

is_terraform_element 
from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewall.is_terraform_element(
  x: typing.Any
)
xRequired
  • Type: typing.Any
is_terraform_resource 
from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewall.is_terraform_resource(
  x: typing.Any
)
xRequired
  • Type: typing.Any
generate_config_for_import 
from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewall.generate_config_for_import(
  scope: Construct,
  import_to_id: str,
  import_from_id: str,
  provider: TerraformProvider = None
)

Generates CDKTF code for importing a DnsFirewall resource upon running "cdktf plan ".

scopeRequired
  • Type: constructs.Construct

The scope in which to define this construct.

import_to_idRequired
  • Type: str

The construct id used in the generated config for the DnsFirewall to import.

import_from_idRequired
  • Type: str

The id of the existing DnsFirewall that should be imported.

Refer to the {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#import import section} in the documentation of this resource for the id to use

providerOptional
  • Type: cdktf.TerraformProvider

? Optional instance of the provider where the DnsFirewall to import is found.

Properties

Name Type Description
node constructs.Node The tree node.
cdktf_stack cdktf.TerraformStack No description.
fqn str No description.
friendly_unique_id str No description.
terraform_meta_arguments typing.Mapping[typing.Any] No description.
terraform_resource_type str No description.
terraform_generator_metadata cdktf.TerraformProviderGeneratorMetadata No description.
connection typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] No description.
count typing.Union[typing.Union[int, float], cdktf.TerraformCount] No description.
depends_on typing.List[str] No description.
for_each cdktf.ITerraformIterator No description.
lifecycle cdktf.TerraformResourceLifecycle No description.
provider cdktf.TerraformProvider No description.
provisioners typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] No description.
attack_mitigation DnsFirewallAttackMitigationOutputReference No description.
dns_firewall_ips typing.List[str] No description.
id str No description.
modified_on str No description.
account_id_input str No description.
attack_mitigation_input typing.Union[cdktf.IResolvable, DnsFirewallAttackMitigation] No description.
deprecate_any_requests_input typing.Union[bool, cdktf.IResolvable] No description.
ecs_fallback_input typing.Union[bool, cdktf.IResolvable] No description.
maximum_cache_ttl_input typing.Union[int, float] No description.
minimum_cache_ttl_input typing.Union[int, float] No description.
name_input str No description.
negative_cache_ttl_input typing.Union[int, float] No description.
ratelimit_input typing.Union[int, float] No description.
retries_input typing.Union[int, float] No description.
upstream_ips_input typing.List[str] No description.
account_id str No description.
deprecate_any_requests typing.Union[bool, cdktf.IResolvable] No description.
ecs_fallback typing.Union[bool, cdktf.IResolvable] No description.
maximum_cache_ttl typing.Union[int, float] No description.
minimum_cache_ttl typing.Union[int, float] No description.
name str No description.
negative_cache_ttl typing.Union[int, float] No description.
ratelimit typing.Union[int, float] No description.
retries typing.Union[int, float] No description.
upstream_ips typing.List[str] No description.
nodeRequired 
node: Node
  • Type: constructs.Node

The tree node.

cdktf_stackRequired 
cdktf_stack: TerraformStack
  • Type: cdktf.TerraformStack
fqnRequired 
fqn: str
  • Type: str
friendly_unique_idRequired 
friendly_unique_id: str
  • Type: str
terraform_meta_argumentsRequired 
terraform_meta_arguments: typing.Mapping[typing.Any]
  • Type: typing.Mapping[typing.Any]
terraform_resource_typeRequired 
terraform_resource_type: str
  • Type: str
terraform_generator_metadataOptional 
terraform_generator_metadata: TerraformProviderGeneratorMetadata
  • Type: cdktf.TerraformProviderGeneratorMetadata
connectionOptional 
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
  • Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
countOptional 
count: typing.Union[typing.Union[int, float], TerraformCount]
  • Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_onOptional 
depends_on: typing.List[str]
  • Type: typing.List[str]
for_eachOptional 
for_each: ITerraformIterator
  • Type: cdktf.ITerraformIterator
lifecycleOptional 
lifecycle: TerraformResourceLifecycle
  • Type: cdktf.TerraformResourceLifecycle
providerOptional 
provider: TerraformProvider
  • Type: cdktf.TerraformProvider
provisionersOptional 
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
  • Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
attack_mitigationRequired 
attack_mitigation: DnsFirewallAttackMitigationOutputReference
dns_firewall_ipsRequired 
dns_firewall_ips: typing.List[str]
  • Type: typing.List[str]
idRequired 
id: str
  • Type: str
modified_onRequired 
modified_on: str
  • Type: str
account_id_inputOptional 
account_id_input: str
  • Type: str
attack_mitigation_inputOptional 
attack_mitigation_input: typing.Union[IResolvable, DnsFirewallAttackMitigation]
deprecate_any_requests_inputOptional 
deprecate_any_requests_input: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
ecs_fallback_inputOptional 
ecs_fallback_input: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
maximum_cache_ttl_inputOptional 
maximum_cache_ttl_input: typing.Union[int, float]
  • Type: typing.Union[int, float]
minimum_cache_ttl_inputOptional 
minimum_cache_ttl_input: typing.Union[int, float]
  • Type: typing.Union[int, float]
name_inputOptional 
name_input: str
  • Type: str
negative_cache_ttl_inputOptional 
negative_cache_ttl_input: typing.Union[int, float]
  • Type: typing.Union[int, float]
ratelimit_inputOptional 
ratelimit_input: typing.Union[int, float]
  • Type: typing.Union[int, float]
retries_inputOptional 
retries_input: typing.Union[int, float]
  • Type: typing.Union[int, float]
upstream_ips_inputOptional 
upstream_ips_input: typing.List[str]
  • Type: typing.List[str]
account_idRequired 
account_id: str
  • Type: str
deprecate_any_requestsRequired 
deprecate_any_requests: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
ecs_fallbackRequired 
ecs_fallback: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
maximum_cache_ttlRequired 
maximum_cache_ttl: typing.Union[int, float]
  • Type: typing.Union[int, float]
minimum_cache_ttlRequired 
minimum_cache_ttl: typing.Union[int, float]
  • Type: typing.Union[int, float]
nameRequired 
name: str
  • Type: str
negative_cache_ttlRequired 
negative_cache_ttl: typing.Union[int, float]
  • Type: typing.Union[int, float]
ratelimitRequired 
ratelimit: typing.Union[int, float]
  • Type: typing.Union[int, float]
retriesRequired 
retries: typing.Union[int, float]
  • Type: typing.Union[int, float]
upstream_ipsRequired 
upstream_ips: typing.List[str]
  • Type: typing.List[str]

Constants

Name Type Description
tfResourceType str No description.
tfResourceTypeRequired 
tfResourceType: str
  • Type: str

Structs

DnsFirewallAttackMitigation

Initializer 

from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewallAttackMitigation(
  enabled: typing.Union[bool, IResolvable] = None,
  only_when_upstream_unhealthy: typing.Union[bool, IResolvable] = None
)

Properties

Name Type Description
enabled typing.Union[bool, cdktf.IResolvable] When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers.
only_when_upstream_unhealthy typing.Union[bool, cdktf.IResolvable] Only mitigate attacks when upstream servers seem unhealthy.
enabledOptional 
enabled: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]

When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#enabled DnsFirewall#enabled}

only_when_upstream_unhealthyOptional 
only_when_upstream_unhealthy: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]

Only mitigate attacks when upstream servers seem unhealthy.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#only_when_upstream_unhealthy DnsFirewall#only_when_upstream_unhealthy}

DnsFirewallConfig

Initializer 

from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewallConfig(
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  account_id: str,
  attack_mitigation: DnsFirewallAttackMitigation = None,
  deprecate_any_requests: typing.Union[bool, IResolvable] = None,
  ecs_fallback: typing.Union[bool, IResolvable] = None,
  maximum_cache_ttl: typing.Union[int, float] = None,
  minimum_cache_ttl: typing.Union[int, float] = None,
  name: str = None,
  negative_cache_ttl: typing.Union[int, float] = None,
  ratelimit: typing.Union[int, float] = None,
  retries: typing.Union[int, float] = None,
  upstream_ips: typing.List[str] = None
)

Properties

Name Type Description
connection typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] No description.
count typing.Union[typing.Union[int, float], cdktf.TerraformCount] No description.
depends_on typing.List[cdktf.ITerraformDependable] No description.
for_each cdktf.ITerraformIterator No description.
lifecycle cdktf.TerraformResourceLifecycle No description.
provider cdktf.TerraformProvider No description.
provisioners typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] No description.
account_id str Identifier.
attack_mitigation DnsFirewallAttackMitigation Attack mitigation settings.
deprecate_any_requests typing.Union[bool, cdktf.IResolvable] Whether to refuse to answer queries for the ANY type.
ecs_fallback typing.Union[bool, cdktf.IResolvable] Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent.
maximum_cache_ttl typing.Union[int, float] Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.
minimum_cache_ttl typing.Union[int, float] Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.
name str DNS Firewall cluster name.
negative_cache_ttl typing.Union[int, float] Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
ratelimit typing.Union[int, float] Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster).
retries typing.Union[int, float] Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt).
upstream_ips typing.List[str] Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#upstream_ips DnsFirewall#upstream_ips}.
connectionOptional 
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
  • Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
countOptional 
count: typing.Union[typing.Union[int, float], TerraformCount]
  • Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_onOptional 
depends_on: typing.List[ITerraformDependable]
  • Type: typing.List[cdktf.ITerraformDependable]
for_eachOptional 
for_each: ITerraformIterator
  • Type: cdktf.ITerraformIterator
lifecycleOptional 
lifecycle: TerraformResourceLifecycle
  • Type: cdktf.TerraformResourceLifecycle
providerOptional 
provider: TerraformProvider
  • Type: cdktf.TerraformProvider
provisionersOptional 
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
  • Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
account_idRequired 
account_id: str
  • Type: str

Identifier.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#account_id DnsFirewall#account_id}

attack_mitigationOptional 
attack_mitigation: DnsFirewallAttackMitigation

Attack mitigation settings.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#attack_mitigation DnsFirewall#attack_mitigation}

deprecate_any_requestsOptional 
deprecate_any_requests: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]

Whether to refuse to answer queries for the ANY type.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#deprecate_any_requests DnsFirewall#deprecate_any_requests}

ecs_fallbackOptional 
ecs_fallback: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#ecs_fallback DnsFirewall#ecs_fallback}

maximum_cache_ttlOptional 
maximum_cache_ttl: typing.Union[int, float]
  • Type: typing.Union[int, float]

Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.

Higher TTLs will be decreased to the maximum defined here for caching purposes.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#maximum_cache_ttl DnsFirewall#maximum_cache_ttl}

minimum_cache_ttlOptional 
minimum_cache_ttl: typing.Union[int, float]
  • Type: typing.Union[int, float]

Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers.

Lower TTLs will be increased to the minimum defined here for caching purposes.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#minimum_cache_ttl DnsFirewall#minimum_cache_ttl}

nameOptional 
name: str
  • Type: str

DNS Firewall cluster name.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#name DnsFirewall#name}

negative_cache_ttlOptional 
negative_cache_ttl: typing.Union[int, float]
  • Type: typing.Union[int, float]

Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#negative_cache_ttl DnsFirewall#negative_cache_ttl}

ratelimitOptional 
ratelimit: typing.Union[int, float]
  • Type: typing.Union[int, float]

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#ratelimit DnsFirewall#ratelimit}

retriesOptional 
retries: typing.Union[int, float]
  • Type: typing.Union[int, float]

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#retries DnsFirewall#retries}

upstream_ipsOptional 
upstream_ips: typing.List[str]
  • Type: typing.List[str]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/cloudflare/cloudflare/5.0.0/docs/resources/dns_firewall#upstream_ips DnsFirewall#upstream_ips}.

Classes

DnsFirewallAttackMitigationOutputReference

Initializers 

from cdktf_cdktf_provider_cloudflare import dns_firewall

dnsFirewall.DnsFirewallAttackMitigationOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
reset_enabled No description.
reset_only_when_upstream_unhealthy No description.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

reset_enabled 
def reset_enabled() -> None
reset_only_when_upstream_unhealthy 
def reset_only_when_upstream_unhealthy() -> None

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
enabled_input typing.Union[bool, cdktf.IResolvable] No description.
only_when_upstream_unhealthy_input typing.Union[bool, cdktf.IResolvable] No description.
enabled typing.Union[bool, cdktf.IResolvable] No description.
only_when_upstream_unhealthy typing.Union[bool, cdktf.IResolvable] No description.
internal_value typing.Union[cdktf.IResolvable, DnsFirewallAttackMitigation] No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
enabled_inputOptional 
enabled_input: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
only_when_upstream_unhealthy_inputOptional 
only_when_upstream_unhealthy_input: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
enabledRequired 
enabled: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
only_when_upstream_unhealthyRequired 
only_when_upstream_unhealthy: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
internal_valueOptional 
internal_value: typing.Union[IResolvable, DnsFirewallAttackMitigation]