fastly-sync¶
fastly-sync synchronises Fastly configuration on demand: it reads an OpenAPI
(openapi.json) document (local or remote) to drive the CDN cache and rate
limiters, and a text blocklist to drive WAF IP blacklisting (an Edge ACL).
Install¶
Usage¶
export FASTLY_API_TOKEN=...
export FASTLY_SERVICE_ID=...
# Everything: CDN cache + rate limiters AND the WAF blocklist:
fastly-sync sync all --openapi ./openapi.json --blocklist ./blocklist.txt
fastly-sync sync all --openapi ./openapi.json --blocklist ./blocklist.txt --dry-run
# A single target:
fastly-sync sync cdn --openapi ./openapi.json
fastly-sync sync rate-limiter --openapi ./openapi.json
fastly-sync sync waf --blocklist ./blocklist.txt
# WAF IP blacklisting from a text blocklist (one IP/CIDR per line):
fastly-sync sync waf --blocklist ./blocklist.txt --bootstrap
fastly-sync sync waf --blocklist ./blocklist.txt --dry-run
# Show the live config (text/csv/terraform); sync can render the desired
# config the same way, offline, without applying:
fastly-sync show all
fastly-sync show all --format csv
fastly-sync show all --format terraform -o fastly.tf # Fastly Terraform resources
fastly-sync sync cdn --openapi ./openapi.json --format terraform -o cdn.tf
sync is declarative: by default it also prunes managed objects no longer in
the spec (--no-prune to keep additive). It prints a plan and asks for
confirmation before applying (--no-confirm to skip).
Each path in the spec becomes a CDN cache setting: GET/HEAD-only paths are
cached, paths with mutating methods pass, and the policy can be tuned per path
with an x-fastly-cache extension (action, ttl, stale_while_revalidate,
stale_if_error). A path carrying an x-fastly-ratelimit extension
({ "name": ..., "limit": N, "window": S }) becomes a Fastly rate limiter.
See the navigation for the stability and deprecation policy.