Cloudflare Fundamentals, Terraform – Terraform v5.17.0 now available

In January 2025, we announced the launch of the new Terraform v5 Provider. We greatly appreciate the proactive engagement and valuable feedback from the Cloudflare community following the v5 release. In response, we have established a consistent and rapid 2-3 week cadence for releasing targeted improvements, demonstrating our commitment to stability and reliability.

With the help of the community, we have a growing number of resources that we have marked as stable, with that list continuing to grow with every release. The most used resources are on track to be stable by the end of March 2026, when we will also be releasing a new migration tool to help you migrate from v4 to v5 with ease.

This release brings new capabilities for AI Search, enhanced Workers Script placement controls, and numerous bug fixes based on community feedback. We also begun laying foundational work for improving the v4 to v5 migration process. Stay tuned for more details as we approach the March 2026 release timeline.

Thank you for continuing to raise issues. They make our provider stronger and help us build products that reflect your needs.

Features

• ai_search_instance: add data source for querying AI Search instances
• ai_search_token: add data source for querying AI Search tokens
• account: add support for tenant unit management with new unit field
• account: add automatic mapping from managed_by.parent_org_id to unit.id
• authenticated_origin_pulls_certificate: add data source for querying authenticated origin pull certificates
• authenticated_origin_pulls_hostname_certificate: add data source for querying hostname-specific authenticated origin pull certificates
• authenticated_origin_pulls_settings: add data source for querying authenticated origin pull settings
• workers_kv: add value field to data source to retrieve KV values directly
• workers_script: add script field to data source to retrieve script content
• workers_script: add support for simple rate limit binding
• workers_script: add support for targeted placement mode with placement.target array for specifying placement targets (region, hostname, host)
• workers_script: add placement_mode and placement_status computed fields
• zero_trust_dex_test: add data source with filter support for finding specific tests
• zero_trust_dlp_predefined_profile: add enabled_entries field for flexible entry management

Bug Fixes

• account: map managed_by.parent_org_id to unit.id in unmarshall and add acceptance tests
• authenticated_origin_pulls_certificate: add certificate normalization to prevent drift
• authenticated_origin_pulls: handle array response and implement full lifecycle
• authenticated_origin_pulls_hostname_certificate: fix resource and tests
• cloudforce_one_request_message: use correct request_id field instead of id in API calls
• dns_zone_transfers_incoming: use correct zone_id field instead of id in API calls
• dns_zone_transfers_outgoing: use correct zone_id field instead of id in API calls
• email_routing_settings: use correct zone_id field instead of id in API calls
• hyperdrive_config: add proper handling for write-only fields to prevent state drift
• hyperdrive_config: add normalization for empty mtls objects to prevent unnecessary diffs
• magic_network_monitoring_rule: use correct account_id field instead of id in API calls
• mtls_certificates: fix resource and test
• pages_project: revert build_config to computed optional
• stream_key: use correct account_id field instead of id in API calls
• total_tls: use upsert pattern for singleton zone setting
• waiting_room_rules: use correct waiting_room_id field instead of id in API calls
• workers_script: add support for placement mode/status
• zero_trust_access_application: update v4 version on migration tests
• zero_trust_device_posture_rule: update tests to match API
• zero_trust_dlp_integration_entry: use correct entry_id field instead of id in API calls
• zero_trust_dlp_predefined_entry: use correct entry_id field instead of id in API calls
• zero_trust_organization: fix plan issues

Chores

• add state upgraders to 95+ resources to lay the foundation for replacing Grit (still under active development)
• certificate_pack: add state migration handler for SDKv2 to Framework conversion
• custom_hostname_fallback_origin: add comprehensive lifecycle test and migration support
• dns_record: add state migration handler for SDKv2 to Framework conversion
• leaked_credential_check: add import functionality and tests
• load_balancer_pool: add state migration handler with detection for v4 vs v5 format
• pages_project: add state migration handlers
• tiered_cache: add state migration handlers
• zero_trust_dlp_predefined_profile: deprecate entries field in favor of enabled_entries

For more information

• Terraform Provider
• Documentation on using Terraform with Cloudflare
• List of stabilized resources

Source: Cloudflare

Latest Posts