turbot/cloudflare
steampipe plugin install cloudflare

Table: cloudflare_zone - Query Cloudflare Zones using SQL

A Cloudflare Zone represents a domain name that is registered with Cloudflare. It includes settings related to DNS, SSL/TLS, and other features that help protect and speed up your website. It is a crucial component in managing the performance and security of your web presence.

Table Usage Guide

The cloudflare_zone table provides insights into zones within Cloudflare. As a network administrator, explore zone-specific details through this table, including DNS settings, SSL/TLS configurations, and associated metadata. Utilize it to uncover information about zones, such as their security level, development mode status, and the original DNS servers.

Examples

Query all zones for the user

Explore all zones associated with your user account on Cloudflare. This allows you to see a comprehensive overview of all your zones, useful for managing multiple domains or subdomains.

select
*
from
cloudflare_zone;
select
*
from
cloudflare_zone;

List all settings for the zone

Explore the various settings for a specific zone to gain insights into its configuration and values. This can aid in understanding the zone's current setup and potentially identifying areas for optimization or troubleshooting.

select
name,
setting.key,
setting.value
from
cloudflare_zone,
jsonb_each_text(settings) as setting;
select
name,
setting.key,
setting.value
from
cloudflare_zone,
json_each(settings) as setting;

Get details of the TLS 1.3 setting

Explore the configuration of your Cloudflare zones to understand the status of the TLS 1.3 setting. This can help ensure your zones are utilizing the latest security protocols.

select
name,
settings ->> 'tls_1_3'
from
cloudflare_zone;
select
name,
json_extract(settings, '$.tls_1_3')
from
cloudflare_zone;

List all permissions available to the user for this zone

Discover the segments that outline the range of permissions a user has in a certain zone, giving a comprehensive overview of their access rights. This is beneficial in maintaining security and ensuring appropriate access levels.

select
name,
perm
from
cloudflare_zone,
jsonb_array_elements_text(permissions) as perm;
select
name,
perm.value
from
cloudflare_zone,
json_each(permissions) as perm;

Check DNSSEC status for zones

Analyze the security status of your domain zones to ensure DNSSEC, a crucial internet security protocol, is properly enabled. This is essential for protecting your website from DNS spoofing and other DNS-related attacks.

select
name,
dnssec ->> 'status'
from
cloudflare_zone;
select
name,
json_extract(dnssec, '$.status')
from
cloudflare_zone;

Schema for cloudflare_zone

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
betasjsonbBeta feature flags associated with the zone.
created_ontimestamp with time zoneWhen the zone was created.
deactivation_reasontextTODO
development_modebigintThe interval (in seconds) from when development mode expires (positive integer) or last expired (negative integer) for the domain. If development mode has never been enabled, this value is 0.
dnssecjsonbDNSSEC settings for the zone.
hostjsonbTODO
idtext=Zone identifier tag.
metajsonbMetadata associated with the zone.
modified_ontimestamp with time zoneWhen the zone was last modified.
nametextThe domain name.
name_serversjsonbCloudflare-assigned name servers. This is only populated for zones that use Cloudflare DNS.
original_dnshosttextDNS host at the time of switching to Cloudflare.
original_name_serversjsonbOriginal name servers before moving to Cloudflare.
original_registrartextRegistrar for the domain at the time of switching to Cloudflare.
ownerjsonbInformation about the user or organization that owns the zone.
pausedbooleanIndicates if the zone is only using Cloudflare DNS services. A true value means the zone will not receive security or performance benefits.
permissionsjsonbAvailable permissions on the zone for the current user requesting the item.
planjsonbCurrent plan associated with the zone.
plan_pendingjsonbPending plan change associated with the zone.
settingsjsonbSimple key value map of zone settings like advanced_ddos = on. Full settings details are in settings_src.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextStatus of the zone.
typetextA full zone implies that DNS is hosted with Cloudflare. A partial zone is typically a partner-hosted zone or a CNAME setup.
user_idtext=, !=, ~~, ~~*, !~~, !~~*ID of the current user.
vanity_name_serversjsonbCustom name servers for the zone.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- cloudflare

You can pass the configuration to the command with the --config argument:

steampipe_export_cloudflare --config '<your_config>' cloudflare_zone