willswire · March 15, 2025 23:17
diff --git a/main.tf b/main.tf
 # Account ID
 variable "cloudflare_account_id" {
  type    = string
  default = ""
 }

 # An R2 bucket
 resource "cloudflare_r2_bucket" "this" {
  account_id = var.cloudflare_account_id
  name       = "bucket"
 }

 # Account permissions
 data "cloudflare_api_token_permission_groups" "all" {}

 # Token allowed to access R2 bucket
 resource "cloudflare_api_token" "r2" {
  name = "bucket"

  policy {
    permission_groups = [
      data.cloudflare_api_token_permission_groups.all.r2["Workers R2 Storage Bucket Item Read"],
      data.cloudflare_api_token_permission_groups.all.r2["Workers R2 Storage Bucket Item Write"],
    ]
    resources = {
      "com.cloudflare.edge.r2.bucket.${var.cloudflare_account_id}_default_${cloudflare_r2_bucket.this.name}" = "*"
    }
  }
 }

 output "r2_access_key_id" {
  value = cloudflare_api_token.r2.id
 }

 output "r2_secret_access_key" {
  value     = sha256(cloudflare_api_token.r2.value)
  sensitive = true
 }
	# Account ID
	variable "cloudflare_account_id" {
	type = string
	default = ""
	}

	# An R2 bucket
	resource "cloudflare_r2_bucket" "this" {
	account_id = var.cloudflare_account_id
	name = "bucket"
	}

	# Account permissions
	data "cloudflare_api_token_permission_groups" "all" {}

	# Token allowed to access R2 bucket
	resource "cloudflare_api_token" "r2" {
	name = "bucket"

	policy {
	permission_groups = [
	data.cloudflare_api_token_permission_groups.all.r2["Workers R2 Storage Bucket Item Read"],
	data.cloudflare_api_token_permission_groups.all.r2["Workers R2 Storage Bucket Item Write"],
	]
	resources = {
	"com.cloudflare.edge.r2.bucket.${var.cloudflare_account_id}_default_${cloudflare_r2_bucket.this.name}" = "*"
	}
	}
	}

	output "r2_access_key_id" {
	value = cloudflare_api_token.r2.id
	}

	output "r2_secret_access_key" {
	value = sha256(cloudflare_api_token.r2.value)
	sensitive = true
	}