From this comment: https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10675#note_387472157 Looking to capture requirements and definition of done for our first increment on new tooling for managing Cloudflare config. Decisions to make and validate for managing Cloudflare config: 1. Decide what Cloudflare configuration is changed in Terraform vs UI 2. Make everything a WAF rule by default 3. Come up with a way to manage ordering of WAF rules 4. Next is allow lists if a WAF rule will not work (example customer IP exclusions) 5. The audit tool is our capture/checkpoint that gathers all config Definition of Done: - Runbooks updated with specific workflows - Demo and discussion with SIRT and Trust Teams - documentation on how we use the Cloudflare audit tool - Make sure we give our feedback to Cloudflare with issues we have found Notes: - we are still planning to use Terraform to manage DNS.