Connect Cloudflare Without Breaking the Audit Trail

Use this guide to connect Cloudflare or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary

Connection typeDirect connection

CategoryEdge Security

Checklist4 steps

Want help with rollout?

We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Cloudflare and make sure the first collection lands cleanly.

1
Create a Cloudflare API token. Grant these read scopes: Account Settings, Memberships, Audit Logs, Zones, Zone Settings, and Firewall Services. Where available, also grant SSO Connector / Access:Read.
2
Enter api_token and account_id in Aurora's secure fields, or use an external vault reference if your policy requires it.
3
Configure approved_admin_emails (optional) to enforce admin allowlisting.
4
Run validate; then enable incremental cadence.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

api_token

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.