Ready to level-up your engineering skills? Join a Pulumi Workshop. Register Now

ZoneLockdown

Provides a Cloudflare Zone Lockdown resource. Zone Lockdown allows you to define one or more URLs (with wildcard matching on the domain or path) that will only permit access if the request originates from an IP address that matches a safelist of one or more IP addresses and/or IP ranges.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

class MyStack : Stack
{
    public MyStack()
    {
        // Restrict access to these endpoints to requests from a known IP address.
        var endpointLockdown = new Cloudflare.ZoneLockdown("endpointLockdown", new Cloudflare.ZoneLockdownArgs
        {
            Configurations = 
            {
                new Cloudflare.Inputs.ZoneLockdownConfigurationArgs
                {
                    Target = "ip",
                    Value = "198.51.100.4",
                },
            },
            Description = "Restrict access to these endpoints to requests from a known IP address",
            Paused = false,
            Urls = 
            {
                "api.mysite.com/some/endpoint*",
            },
            ZoneId = "d41d8cd98f00b204e9800998ecf8427e",
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-cloudflare/sdk/v2/go/cloudflare"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := cloudflare.NewZoneLockdown(ctx, "endpointLockdown", &cloudflare.ZoneLockdownArgs{
            Configurations: cloudflare.ZoneLockdownConfigurationArray{
                &cloudflare.ZoneLockdownConfigurationArgs{
                    Target: pulumi.String("ip"),
                    Value:  pulumi.String("198.51.100.4"),
                },
            },
            Description: pulumi.String("Restrict access to these endpoints to requests from a known IP address"),
            Paused:      pulumi.Bool(false),
            Urls: pulumi.StringArray{
                pulumi.String("api.mysite.com/some/endpoint*"),
            },
            ZoneId: pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_cloudflare as cloudflare

# Restrict access to these endpoints to requests from a known IP address.
endpoint_lockdown = cloudflare.ZoneLockdown("endpointLockdown",
    configurations=[cloudflare.ZoneLockdownConfigurationArgs(
        target="ip",
        value="198.51.100.4",
    )],
    description="Restrict access to these endpoints to requests from a known IP address",
    paused=False,
    urls=["api.mysite.com/some/endpoint*"],
    zone_id="d41d8cd98f00b204e9800998ecf8427e")
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Restrict access to these endpoints to requests from a known IP address.
const endpointLockdown = new cloudflare.ZoneLockdown("endpoint_lockdown", {
    configurations: [{
        target: "ip",
        value: "198.51.100.4",
    }],
    description: "Restrict access to these endpoints to requests from a known IP address",
    paused: false,
    urls: ["api.mysite.com/some/endpoint*"],
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
});

Create a ZoneLockdown Resource

new ZoneLockdown(name: string, args: ZoneLockdownArgs, opts?: CustomResourceOptions);
def ZoneLockdown(resource_name: str, opts: Optional[ResourceOptions] = None, configurations: Optional[Sequence[ZoneLockdownConfigurationArgs]] = None, description: Optional[str] = None, paused: Optional[bool] = None, priority: Optional[int] = None, urls: Optional[Sequence[str]] = None, zone_id: Optional[str] = None)
func NewZoneLockdown(ctx *Context, name string, args ZoneLockdownArgs, opts ...ResourceOption) (*ZoneLockdown, error)
public ZoneLockdown(string name, ZoneLockdownArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ZoneLockdownArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ZoneLockdownArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ZoneLockdownArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ZoneLockdown Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ZoneLockdown resource accepts the following input properties:

Configurations List<ZoneLockdownConfigurationArgs>

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

Urls List<string>

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

ZoneId string

The DNS zone ID to which the access rule should be added.

Description string

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

Paused bool

Boolean of whether this zone lockdown is currently paused. Default: false.

Priority int
Configurations []ZoneLockdownConfiguration

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

Urls []string

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

ZoneId string

The DNS zone ID to which the access rule should be added.

Description string

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

Paused bool

Boolean of whether this zone lockdown is currently paused. Default: false.

Priority int
configurations ZoneLockdownConfiguration[]

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

urls string[]

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

zoneId string

The DNS zone ID to which the access rule should be added.

description string

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

paused boolean

Boolean of whether this zone lockdown is currently paused. Default: false.

priority number
configurations Sequence[ZoneLockdownConfigurationArgs]

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

urls Sequence[str]

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

zone_id str

The DNS zone ID to which the access rule should be added.

description str

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

paused bool

Boolean of whether this zone lockdown is currently paused. Default: false.

priority int

Outputs

All input properties are implicitly available as output properties. Additionally, the ZoneLockdown resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing ZoneLockdown Resource

Get an existing ZoneLockdown resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ZoneLockdownState, opts?: CustomResourceOptions): ZoneLockdown
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, configurations: Optional[Sequence[ZoneLockdownConfigurationArgs]] = None, description: Optional[str] = None, paused: Optional[bool] = None, priority: Optional[int] = None, urls: Optional[Sequence[str]] = None, zone_id: Optional[str] = None) -> ZoneLockdown
func GetZoneLockdown(ctx *Context, name string, id IDInput, state *ZoneLockdownState, opts ...ResourceOption) (*ZoneLockdown, error)
public static ZoneLockdown Get(string name, Input<string> id, ZoneLockdownState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Configurations List<ZoneLockdownConfigurationArgs>

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

Description string

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

Paused bool

Boolean of whether this zone lockdown is currently paused. Default: false.

Priority int
Urls List<string>

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

ZoneId string

The DNS zone ID to which the access rule should be added.

Configurations []ZoneLockdownConfiguration

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

Description string

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

Paused bool

Boolean of whether this zone lockdown is currently paused. Default: false.

Priority int
Urls []string

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

ZoneId string

The DNS zone ID to which the access rule should be added.

configurations ZoneLockdownConfiguration[]

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

description string

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

paused boolean

Boolean of whether this zone lockdown is currently paused. Default: false.

priority number
urls string[]

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

zoneId string

The DNS zone ID to which the access rule should be added.

configurations Sequence[ZoneLockdownConfigurationArgs]

A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.

description str

A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.

paused bool

Boolean of whether this zone lockdown is currently paused. Default: false.

priority int
urls Sequence[str]

A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.

zone_id str

The DNS zone ID to which the access rule should be added.

Supporting Types

ZoneLockdownConfiguration

Target string

The request property to target. Allowed values: “ip”, “ip_range”

Value string

The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

Target string

The request property to target. Allowed values: “ip”, “ip_range”

Value string

The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

target string

The request property to target. Allowed values: “ip”, “ip_range”

value string

The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

target str

The request property to target. Allowed values: “ip”, “ip_range”

value str

The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

Import

Records can be imported using a composite ID formed of zone name and record ID, e.g.

 $ pulumi import cloudflare:index/zoneLockdown:ZoneLockdown cloudflare_zone_lockdown d41d8cd98f00b204e9800998ecf8427e/37cb64fe4a90adb5ca3afc04f2c82a2f

where* d41d8cd98f00b204e9800998ecf8427e - zone ID * 37cb64fe4a90adb5ca3afc04f2c82a2f - zone lockdown ID as returned by API

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes
This Pulumi package is based on the cloudflare Terraform Provider.