Ready to level-up your engineering skills? Join a Pulumi Workshop. Register Now

AccessApplication

Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

class MyStack : Stack
{
    public MyStack()
    {
        // With CORS configuration
        var stagingApp = new Cloudflare.AccessApplication("stagingApp", new Cloudflare.AccessApplicationArgs
        {
            CorsHeaders = 
            {
                new Cloudflare.Inputs.AccessApplicationCorsHeaderArgs
                {
                    AllowCredentials = true,
                    AllowedMethods = 
                    {
                        "GET",
                        "POST",
                        "OPTIONS",
                    },
                    AllowedOrigins = 
                    {
                        "https://example.com",
                    },
                    MaxAge = 10,
                },
            },
            Domain = "staging.example.com",
            Name = "staging application",
            SessionDuration = "24h",
            ZoneId = "1d5fdc9e88c8a8c4518b068cd94331fe",
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-cloudflare/sdk/v2/go/cloudflare"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := cloudflare.NewAccessApplication(ctx, "stagingApp", &cloudflare.AccessApplicationArgs{
            CorsHeaders: cloudflare.AccessApplicationCorsHeaderArray{
                &cloudflare.AccessApplicationCorsHeaderArgs{
                    AllowCredentials: pulumi.Bool(true),
                    AllowedMethods: pulumi.StringArray{
                        pulumi.String("GET"),
                        pulumi.String("POST"),
                        pulumi.String("OPTIONS"),
                    },
                    AllowedOrigins: pulumi.StringArray{
                        pulumi.String("https://example.com"),
                    },
                    MaxAge: pulumi.Int(10),
                },
            },
            Domain:          pulumi.String("staging.example.com"),
            Name:            pulumi.String("staging application"),
            SessionDuration: pulumi.String("24h"),
            ZoneId:          pulumi.String("1d5fdc9e88c8a8c4518b068cd94331fe"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_cloudflare as cloudflare

# With CORS configuration
staging_app = cloudflare.AccessApplication("stagingApp",
    cors_headers=[cloudflare.AccessApplicationCorsHeaderArgs(
        allow_credentials=True,
        allowed_methods=[
            "GET",
            "POST",
            "OPTIONS",
        ],
        allowed_origins=["https://example.com"],
        max_age=10,
    )],
    domain="staging.example.com",
    name="staging application",
    session_duration="24h",
    zone_id="1d5fdc9e88c8a8c4518b068cd94331fe")
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// With CORS configuration
const stagingApp = new cloudflare.AccessApplication("staging_app", {
    corsHeaders: [{
        allowCredentials: true,
        allowedMethods: [
            "GET",
            "POST",
            "OPTIONS",
        ],
        allowedOrigins: ["https://example.com"],
        maxAge: 10,
    }],
    domain: "staging.example.com",
    name: "staging application",
    sessionDuration: "24h",
    zoneId: "1d5fdc9e88c8a8c4518b068cd94331fe",
});

Create a AccessApplication Resource

new AccessApplication(name: string, args: AccessApplicationArgs, opts?: CustomResourceOptions);
def AccessApplication(resource_name: str, opts: Optional[ResourceOptions] = None, account_id: Optional[str] = None, allowed_idps: Optional[Sequence[str]] = None, auto_redirect_to_identity: Optional[bool] = None, cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None, custom_deny_message: Optional[str] = None, custom_deny_url: Optional[str] = None, domain: Optional[str] = None, enable_binding_cookie: Optional[bool] = None, name: Optional[str] = None, session_duration: Optional[str] = None, zone_id: Optional[str] = None)
func NewAccessApplication(ctx *Context, name string, args AccessApplicationArgs, opts ...ResourceOption) (*AccessApplication, error)
public AccessApplication(string name, AccessApplicationArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

AccessApplication Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The AccessApplication resource accepts the following input properties:

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

Name string

Friendly name of the Access Application.

AccountId string

The account to which the access application should be added. Conflicts with zone_id.

AllowedIdps List<string>

The identity providers selected for the application.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

CorsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

ZoneId string

The DNS zone to which the access application should be added. Conflicts with account_id.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

Name string

Friendly name of the Access Application.

AccountId string

The account to which the access application should be added. Conflicts with zone_id.

AllowedIdps []string

The identity providers selected for the application.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

CorsHeaders []AccessApplicationCorsHeader

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

ZoneId string

The DNS zone to which the access application should be added. Conflicts with account_id.

domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

name string

Friendly name of the Access Application.

accountId string

The account to which the access application should be added. Conflicts with zone_id.

allowedIdps string[]

The identity providers selected for the application.

autoRedirectToIdentity boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

corsHeaders AccessApplicationCorsHeader[]

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

enableBindingCookie boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

sessionDuration string

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

zoneId string

The DNS zone to which the access application should be added. Conflicts with account_id.

domain str

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

name str

Friendly name of the Access Application.

account_id str

The account to which the access application should be added. Conflicts with zone_id.

allowed_idps Sequence[str]

The identity providers selected for the application.

auto_redirect_to_identity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

cors_headers Sequence[AccessApplicationCorsHeaderArgs]

CORS configuration for the Access Application. See below for reference structure.

custom_deny_message str

Option that returns a custom error message when a user is denied access to the application.

custom_deny_url str

Option that redirects to a custom URL when a user is denied access to the application.

enable_binding_cookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

session_duration str

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

zone_id str

The DNS zone to which the access application should be added. Conflicts with account_id.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessApplication resource produces the following output properties:

Aud string

Application Audience (AUD) Tag of the application

Id string
The provider-assigned unique ID for this managed resource.
Aud string

Application Audience (AUD) Tag of the application

Id string
The provider-assigned unique ID for this managed resource.
aud string

Application Audience (AUD) Tag of the application

id string
The provider-assigned unique ID for this managed resource.
aud str

Application Audience (AUD) Tag of the application

id str
The provider-assigned unique ID for this managed resource.

Look up an Existing AccessApplication Resource

Get an existing AccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessApplicationState, opts?: CustomResourceOptions): AccessApplication
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, account_id: Optional[str] = None, allowed_idps: Optional[Sequence[str]] = None, aud: Optional[str] = None, auto_redirect_to_identity: Optional[bool] = None, cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None, custom_deny_message: Optional[str] = None, custom_deny_url: Optional[str] = None, domain: Optional[str] = None, enable_binding_cookie: Optional[bool] = None, name: Optional[str] = None, session_duration: Optional[str] = None, zone_id: Optional[str] = None) -> AccessApplication
func GetAccessApplication(ctx *Context, name string, id IDInput, state *AccessApplicationState, opts ...ResourceOption) (*AccessApplication, error)
public static AccessApplication Get(string name, Input<string> id, AccessApplicationState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string

The account to which the access application should be added. Conflicts with zone_id.

AllowedIdps List<string>

The identity providers selected for the application.

Aud string

Application Audience (AUD) Tag of the application

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

CorsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

Name string

Friendly name of the Access Application.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

ZoneId string

The DNS zone to which the access application should be added. Conflicts with account_id.

AccountId string

The account to which the access application should be added. Conflicts with zone_id.

AllowedIdps []string

The identity providers selected for the application.

Aud string

Application Audience (AUD) Tag of the application

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

CorsHeaders []AccessApplicationCorsHeader

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

Name string

Friendly name of the Access Application.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

ZoneId string

The DNS zone to which the access application should be added. Conflicts with account_id.

accountId string

The account to which the access application should be added. Conflicts with zone_id.

allowedIdps string[]

The identity providers selected for the application.

aud string

Application Audience (AUD) Tag of the application

autoRedirectToIdentity boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

corsHeaders AccessApplicationCorsHeader[]

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

name string

Friendly name of the Access Application.

sessionDuration string

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

zoneId string

The DNS zone to which the access application should be added. Conflicts with account_id.

account_id str

The account to which the access application should be added. Conflicts with zone_id.

allowed_idps Sequence[str]

The identity providers selected for the application.

aud str

Application Audience (AUD) Tag of the application

auto_redirect_to_identity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).

cors_headers Sequence[AccessApplicationCorsHeaderArgs]

CORS configuration for the Access Application. See below for reference structure.

custom_deny_message str

Option that returns a custom error message when a user is denied access to the application.

custom_deny_url str

Option that redirects to a custom URL when a user is denied access to the application.

domain str

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enable_binding_cookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional “binding” cookie on requests. Defaults to false.

name str

Friendly name of the Access Application.

session_duration str

How often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.

zone_id str

The DNS zone to which the access application should be added. Conflicts with account_id.

Supporting Types

AccessApplicationCorsHeader

AllowAllHeaders bool

Boolean value to determine whether all HTTP headers are exposed.

AllowAllMethods bool

Boolean value to determine whether all methods are exposed.

AllowAllOrigins bool

Boolean value to determine whether all origins are permitted to make CORS requests.

AllowCredentials bool

Boolean value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

AllowedHeaders List<string>

List of HTTP headers to expose via CORS.

AllowedMethods List<string>

List of methods to expose via CORS.

AllowedOrigins List<string>

List of origins permitted to make CORS requests.

MaxAge int

Integer representing the maximum time a preflight request will be cached.

AllowAllHeaders bool

Boolean value to determine whether all HTTP headers are exposed.

AllowAllMethods bool

Boolean value to determine whether all methods are exposed.

AllowAllOrigins bool

Boolean value to determine whether all origins are permitted to make CORS requests.

AllowCredentials bool

Boolean value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

AllowedHeaders []string

List of HTTP headers to expose via CORS.

AllowedMethods []string

List of methods to expose via CORS.

AllowedOrigins []string

List of origins permitted to make CORS requests.

MaxAge int

Integer representing the maximum time a preflight request will be cached.

allowAllHeaders boolean

Boolean value to determine whether all HTTP headers are exposed.

allowAllMethods boolean

Boolean value to determine whether all methods are exposed.

allowAllOrigins boolean

Boolean value to determine whether all origins are permitted to make CORS requests.

allowCredentials boolean

Boolean value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

allowedHeaders string[]

List of HTTP headers to expose via CORS.

allowedMethods string[]

List of methods to expose via CORS.

allowedOrigins string[]

List of origins permitted to make CORS requests.

maxAge number

Integer representing the maximum time a preflight request will be cached.

allow_all_headers bool

Boolean value to determine whether all HTTP headers are exposed.

allow_all_methods bool

Boolean value to determine whether all methods are exposed.

allow_all_origins bool

Boolean value to determine whether all origins are permitted to make CORS requests.

allow_credentials bool

Boolean value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

allowed_headers Sequence[str]

List of HTTP headers to expose via CORS.

allowed_methods Sequence[str]

List of methods to expose via CORS.

allowed_origins Sequence[str]

List of origins permitted to make CORS requests.

max_age int

Integer representing the maximum time a preflight request will be cached.

Import

Access Applications can be imported using a composite ID formed of zone ID and application ID.

 $ pulumi import cloudflare:index/accessApplication:AccessApplication staging cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes
This Pulumi package is based on the cloudflare Terraform Provider.