CloudConnectorRules

Source: src/Cloudflare/CloudConnector/Rules.ts

The ordered list of Cloud Connector rules for a Cloudflare zone.

Cloud Connector routes matching traffic directly from Cloudflare’s edge to a cloud-provider object-storage bucket (Cloudflare R2, Amazon S3, Google Cloud Storage, or Azure Blob Storage) without an origin server. Each rule pairs a Rules-language expression with the target bucket host.

The zone has exactly one rule list — the API only supports replacing the whole list — so this resource owns it in its entirety (PUT-replace semantics) and there should be at most one CloudConnectorRules resource per zone. Destroying the resource clears the list.

Safety: when there is no prior state and the zone already has a non-empty rule list, read reports it as Unowned and the engine refuses to take it over unless --adopt (or adopt(true)) is set.

Note: Cloud Connector only takes effect on proxied (orange-cloud) DNS records, and the number of rules per zone is plan-limited.

Routing to object storage

Serve a path prefix from an S3 bucket

yield* Cloudflare.CloudConnectorRules("Rules", {
  zoneId: zone.zoneId,
  rules: [
    {
      provider: "aws_s3",
      expression: 'http.request.uri.path wildcard "/images/*"',
      host: "mybucket.s3.amazonaws.com",
      description: "serve images from S3",
    },
  ],
});

Serve static assets from an R2 bucket

const bucket = yield* Cloudflare.R2Bucket("Assets", {});

yield* Cloudflare.CloudConnectorRules("Rules", {
  zoneId: zone.zoneId,
  rules: [
    {
      provider: "cloudflare_r2",
      expression: 'http.request.uri.path wildcard "/assets/*"',
      // public R2 bucket host (r2.dev or a custom domain)
      host: publicBucketHost,
      description: "static assets from R2",
    },
  ],
});