Skip to main content
Cloudflare Connection

Making the initial connection to Cloudflare

Updated over 2 months ago

Connecting Cloudflare to Drata allows for the automated, continuous monitoring and evidence collection of the dozens of infrastructure security controls required for compliance.

BEFORE DIVING IN

Make sure you have Administrator or Super Administrator access to your company's Cloudflare account. Specifically, you'll need the ability to create new roles.

HERE'S HOW

Follow these instructions to connect Cloudflare to Drata:

  1. Select Connections on the side navigation menu.

  2. Select the Available connections tab, search for Cloudflare, and select Connect.

  3. Follow the instructions in the slide-out panel carefully. Take your time and complete one step entirely before moving on to the next.

Overview of what we're going to set up

  • Create a new Custom API Token

  • Set the Read Permissions

  • Decide to include all of the domains or specific ones

  • Input the new API Token into Drata


Create a new Custom API Token

  1. Log in to the Cloudflare Dashboard with the account you want the new API Token to be associated with.

  2. Click on the user menu on the top right of the page, and click on My Profile, then click on the tab titled API Tokens.

  3. Click on the Create Token button, then on the bottom of the page under the Custom token section, click on the Get started button to create a custom token.

  4. In the Token name field, use the following name

Token name:

Drata

Set the Read Permissions

Next we're going to add the minimal amount of Read Only permissions that Drata needs to review your Cloudflare configuration for compliance verification. There will be eight in total. Click on the + Add more link seven times so there are a total of eight permissions.

Type

Scope

Access

Account

Access: Organizations, Identity Providers, and Groups

Read

Account

Account Firewall Access Rules

Read

Account

Account Settings

Read

Zone

Zone Settings

Read

Zone

Zone

Read

Zone

Firewall Services

Read

Zone

Access: Apps and Policies

Read

Zone

Zone WAF

Read

Users

Memberships

Read

Users

User Details

Read

Decide to include all of the domains or specific ones

  1. Next, under the Account Resources section, select the account(s) you want to grant Drata access to. You can select All accounts, or you can scope it down to just a specific account (recommended).

Note, if you want to select more than one specific account, once you select the first one, click on the + Add more link to add another.

2. Under Zone Resources, you can select All zones, or filter down to a Specific zone (recommended if you use just one domain for your production data).

Note, if you want to select more than one specific zone, once you select the first one, click on the + Add more link to add another.

3. Leave the Client IP Address Filtering and TTL sections alone, then click on the Continue to summary button

4. Click the Create token button.

Input the new API Token into Drata

  1. Make sure to copy the API token, as it will never be shown again after this screen.

  2. Copy and paste the API token value into the API Token field on Drata.


πŸŽ‰ You have just successfully setup proper read-only access for Drata πŸŽ‰

Did this answer your question?