cloudflare.AccessPolicy
Explore with Pulumi AI
Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.
It’s required that an
account_id
orzone_id
is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use thezone_id
argument.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
// Allowing access to `test@example.com` email address only
const testPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyAccessPolicy", {
applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
name: "staging policy",
precedence: 1,
decision: "allow",
includes: [{
emails: ["test@example.com"],
}],
requires: [{
emails: ["test@example.com"],
}],
});
// Allowing `test@example.com` to access but only when coming from a
// specific IP.
const testPolicyIndex_accessPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", {
applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
name: "staging policy",
precedence: 1,
decision: "allow",
includes: [{
emails: ["test@example.com"],
}],
requires: [{
ips: [_var.office_ip],
}],
});
import pulumi
import pulumi_cloudflare as cloudflare
# Allowing access to `test@example.com` email address only
test_policy_access_policy = cloudflare.AccessPolicy("testPolicyAccessPolicy",
application_id="cb029e245cfdd66dc8d2e570d5dd3322",
zone_id="0da42c8d2132a9ddaf714f9e7c920711",
name="staging policy",
precedence=1,
decision="allow",
includes=[cloudflare.AccessPolicyIncludeArgs(
emails=["test@example.com"],
)],
requires=[cloudflare.AccessPolicyRequireArgs(
emails=["test@example.com"],
)])
# Allowing `test@example.com` to access but only when coming from a
# specific IP.
test_policy_index_access_policy_access_policy = cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy",
application_id="cb029e245cfdd66dc8d2e570d5dd3322",
zone_id="0da42c8d2132a9ddaf714f9e7c920711",
name="staging policy",
precedence=1,
decision="allow",
includes=[cloudflare.AccessPolicyIncludeArgs(
emails=["test@example.com"],
)],
requires=[cloudflare.AccessPolicyRequireArgs(
ips=[var["office_ip"]],
)])
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Allowing access to `test@example.com` email address only
_, err := cloudflare.NewAccessPolicy(ctx, "testPolicyAccessPolicy", &cloudflare.AccessPolicyArgs{
ApplicationId: pulumi.String("cb029e245cfdd66dc8d2e570d5dd3322"),
ZoneId: pulumi.String("0da42c8d2132a9ddaf714f9e7c920711"),
Name: pulumi.String("staging policy"),
Precedence: pulumi.Int(1),
Decision: pulumi.String("allow"),
Includes: cloudflare.AccessPolicyIncludeArray{
&cloudflare.AccessPolicyIncludeArgs{
Emails: pulumi.StringArray{
pulumi.String("test@example.com"),
},
},
},
Requires: cloudflare.AccessPolicyRequireArray{
&cloudflare.AccessPolicyRequireArgs{
Emails: pulumi.StringArray{
pulumi.String("test@example.com"),
},
},
},
})
if err != nil {
return err
}
// Allowing `test@example.com` to access but only when coming from a
// specific IP.
_, err = cloudflare.NewAccessPolicy(ctx, "testPolicyIndex/accessPolicyAccessPolicy", &cloudflare.AccessPolicyArgs{
ApplicationId: pulumi.String("cb029e245cfdd66dc8d2e570d5dd3322"),
ZoneId: pulumi.String("0da42c8d2132a9ddaf714f9e7c920711"),
Name: pulumi.String("staging policy"),
Precedence: pulumi.Int(1),
Decision: pulumi.String("allow"),
Includes: cloudflare.AccessPolicyIncludeArray{
&cloudflare.AccessPolicyIncludeArgs{
Emails: pulumi.StringArray{
pulumi.String("test@example.com"),
},
},
},
Requires: cloudflare.AccessPolicyRequireArray{
&cloudflare.AccessPolicyRequireArgs{
Ips: pulumi.StringArray{
_var.Office_ip,
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
// Allowing access to `test@example.com` email address only
var testPolicyAccessPolicy = new Cloudflare.AccessPolicy("testPolicyAccessPolicy", new()
{
ApplicationId = "cb029e245cfdd66dc8d2e570d5dd3322",
ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
Name = "staging policy",
Precedence = 1,
Decision = "allow",
Includes = new[]
{
new Cloudflare.Inputs.AccessPolicyIncludeArgs
{
Emails = new[]
{
"test@example.com",
},
},
},
Requires = new[]
{
new Cloudflare.Inputs.AccessPolicyRequireArgs
{
Emails = new[]
{
"test@example.com",
},
},
},
});
// Allowing `test@example.com` to access but only when coming from a
// specific IP.
var testPolicyIndex_accessPolicyAccessPolicy = new Cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", new()
{
ApplicationId = "cb029e245cfdd66dc8d2e570d5dd3322",
ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
Name = "staging policy",
Precedence = 1,
Decision = "allow",
Includes = new[]
{
new Cloudflare.Inputs.AccessPolicyIncludeArgs
{
Emails = new[]
{
"test@example.com",
},
},
},
Requires = new[]
{
new Cloudflare.Inputs.AccessPolicyRequireArgs
{
Ips = new[]
{
@var.Office_ip,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessPolicy;
import com.pulumi.cloudflare.AccessPolicyArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyIncludeArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyRequireArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testPolicyAccessPolicy = new AccessPolicy("testPolicyAccessPolicy", AccessPolicyArgs.builder()
.applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("staging policy")
.precedence("1")
.decision("allow")
.includes(AccessPolicyIncludeArgs.builder()
.emails("test@example.com")
.build())
.requires(AccessPolicyRequireArgs.builder()
.emails("test@example.com")
.build())
.build());
var testPolicyIndex_accessPolicyAccessPolicy = new AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", AccessPolicyArgs.builder()
.applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("staging policy")
.precedence("1")
.decision("allow")
.includes(AccessPolicyIncludeArgs.builder()
.emails("test@example.com")
.build())
.requires(AccessPolicyRequireArgs.builder()
.ips(var_.office_ip())
.build())
.build());
}
}
resources:
# Allowing access to `test@example.com` email address only
testPolicyAccessPolicy:
type: cloudflare:AccessPolicy
properties:
applicationId: cb029e245cfdd66dc8d2e570d5dd3322
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: staging policy
precedence: '1'
decision: allow
includes:
- emails:
- test@example.com
requires:
- emails:
- test@example.com
# Allowing `test@example.com` to access but only when coming from a
# specific IP.
testPolicyIndex/accessPolicyAccessPolicy:
type: cloudflare:AccessPolicy
properties:
applicationId: cb029e245cfdd66dc8d2e570d5dd3322
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: staging policy
precedence: '1'
decision: allow
includes:
- emails:
- test@example.com
requires:
- ips:
- ${var.office_ip}
Create AccessPolicy Resource
new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
@overload
def AccessPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
application_id: Optional[str] = None,
approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
approval_required: Optional[bool] = None,
decision: Optional[str] = None,
excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
isolation_required: Optional[bool] = None,
name: Optional[str] = None,
precedence: Optional[int] = None,
purpose_justification_prompt: Optional[str] = None,
purpose_justification_required: Optional[bool] = None,
requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
session_duration: Optional[str] = None,
zone_id: Optional[str] = None)
@overload
def AccessPolicy(resource_name: str,
args: AccessPolicyArgs,
opts: Optional[ResourceOptions] = None)
func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
public AccessPolicy(String name, AccessPolicyArgs args)
public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
type: cloudflare:AccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccessPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccessPolicy resource accepts the following input properties:
- Application
Id string - The ID of the application the policy is associated with.
- Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Includes
List<Access
Policy Include> - A series of access conditions, see Access Groups.
- Name string
- Friendly name of the Access Policy.
- Precedence int
- The unique precedence for policies on a single application.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Approval
Groups List<AccessPolicy Approval Group> - Approval
Required bool - Excludes
List<Access
Policy Exclude> - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
List<Access
Policy Require> - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- Application
Id string - The ID of the application the policy is associated with.
- Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Includes
[]Access
Policy Include Args - A series of access conditions, see Access Groups.
- Name string
- Friendly name of the Access Policy.
- Precedence int
- The unique precedence for policies on a single application.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Approval
Groups []AccessPolicy Approval Group Args - Approval
Required bool - Excludes
[]Access
Policy Exclude Args - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
[]Access
Policy Require Args - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- application
Id String - The ID of the application the policy is associated with.
- decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes
List<Access
Policy Include> - A series of access conditions, see Access Groups.
- name String
- Friendly name of the Access Policy.
- precedence Integer
- The unique precedence for policies on a single application.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - approval
Groups List<AccessPolicy Approval Group> - approval
Required Boolean - excludes
List<Access
Policy Exclude> - A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
List<Access
Policy Require> - A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
- application
Id string - The ID of the application the policy is associated with.
- decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes
Access
Policy Include[] - A series of access conditions, see Access Groups.
- name string
- Friendly name of the Access Policy.
- precedence number
- The unique precedence for policies on a single application.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - approval
Groups AccessPolicy Approval Group[] - approval
Required boolean - excludes
Access
Policy Exclude[] - A series of access conditions, see Access Groups.
- isolation
Required boolean - Require this application to be served in an isolated browser for users matching this policy.
- purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification booleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Access
Policy Require[] - A series of access conditions, see Access Groups.
- session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- application_
id str - The ID of the application the policy is associated with.
- decision str
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes
Sequence[Access
Policy Include Args] - A series of access conditions, see Access Groups.
- name str
- Friendly name of the Access Policy.
- precedence int
- The unique precedence for policies on a single application.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. - approval_
groups Sequence[AccessPolicy Approval Group Args] - approval_
required bool - excludes
Sequence[Access
Policy Exclude Args] - A series of access conditions, see Access Groups.
- isolation_
required bool - Require this application to be served in an isolated browser for users matching this policy.
- purpose_
justification_ strprompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose_
justification_ boolrequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Sequence[Access
Policy Require Args] - A series of access conditions, see Access Groups.
- session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
.
- application
Id String - The ID of the application the policy is associated with.
- decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes List<Property Map>
- A series of access conditions, see Access Groups.
- name String
- Friendly name of the Access Policy.
- precedence Number
- The unique precedence for policies on a single application.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - approval
Groups List<Property Map> - approval
Required Boolean - excludes List<Property Map>
- A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires List<Property Map>
- A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccessPolicy Resource
Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
application_id: Optional[str] = None,
approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
approval_required: Optional[bool] = None,
decision: Optional[str] = None,
excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
isolation_required: Optional[bool] = None,
name: Optional[str] = None,
precedence: Optional[int] = None,
purpose_justification_prompt: Optional[str] = None,
purpose_justification_required: Optional[bool] = None,
requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
session_duration: Optional[str] = None,
zone_id: Optional[str] = None) -> AccessPolicy
func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)
public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)
public static AccessPolicy get(String name, Output<String> id, AccessPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Application
Id string - The ID of the application the policy is associated with.
- Approval
Groups List<AccessPolicy Approval Group> - Approval
Required bool - Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Excludes
List<Access
Policy Exclude> - A series of access conditions, see Access Groups.
- Includes
List<Access
Policy Include> - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Name string
- Friendly name of the Access Policy.
- Precedence int
- The unique precedence for policies on a single application.
- Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
List<Access
Policy Require> - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Application
Id string - The ID of the application the policy is associated with.
- Approval
Groups []AccessPolicy Approval Group Args - Approval
Required bool - Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Excludes
[]Access
Policy Exclude Args - A series of access conditions, see Access Groups.
- Includes
[]Access
Policy Include Args - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Name string
- Friendly name of the Access Policy.
- Precedence int
- The unique precedence for policies on a single application.
- Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
[]Access
Policy Require Args - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id String - The ID of the application the policy is associated with.
- approval
Groups List<AccessPolicy Approval Group> - approval
Required Boolean - decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes
List<Access
Policy Exclude> - A series of access conditions, see Access Groups.
- includes
List<Access
Policy Include> - A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- name String
- Friendly name of the Access Policy.
- precedence Integer
- The unique precedence for policies on a single application.
- purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
List<Access
Policy Require> - A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id string - The ID of the application the policy is associated with.
- approval
Groups AccessPolicy Approval Group[] - approval
Required boolean - decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes
Access
Policy Exclude[] - A series of access conditions, see Access Groups.
- includes
Access
Policy Include[] - A series of access conditions, see Access Groups.
- isolation
Required boolean - Require this application to be served in an isolated browser for users matching this policy.
- name string
- Friendly name of the Access Policy.
- precedence number
- The unique precedence for policies on a single application.
- purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification booleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Access
Policy Require[] - A series of access conditions, see Access Groups.
- session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. - application_
id str - The ID of the application the policy is associated with.
- approval_
groups Sequence[AccessPolicy Approval Group Args] - approval_
required bool - decision str
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes
Sequence[Access
Policy Exclude Args] - A series of access conditions, see Access Groups.
- includes
Sequence[Access
Policy Include Args] - A series of access conditions, see Access Groups.
- isolation_
required bool - Require this application to be served in an isolated browser for users matching this policy.
- name str
- Friendly name of the Access Policy.
- precedence int
- The unique precedence for policies on a single application.
- purpose_
justification_ strprompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose_
justification_ boolrequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Sequence[Access
Policy Require Args] - A series of access conditions, see Access Groups.
- session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id String - The ID of the application the policy is associated with.
- approval
Groups List<Property Map> - approval
Required Boolean - decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes List<Property Map>
- A series of access conditions, see Access Groups.
- includes List<Property Map>
- A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- name String
- Friendly name of the Access Policy.
- precedence Number
- The unique precedence for policies on a single application.
- purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires List<Property Map>
- A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
Supporting Types
AccessPolicyApprovalGroup, AccessPolicyApprovalGroupArgs
- Approvals
Needed int - Number of approvals needed.
- Email
Addresses List<string> - List of emails to request approval from.
- Email
List stringUuid
- Approvals
Needed int - Number of approvals needed.
- Email
Addresses []string - List of emails to request approval from.
- Email
List stringUuid
- approvals
Needed Integer - Number of approvals needed.
- email
Addresses List<String> - List of emails to request approval from.
- email
List StringUuid
- approvals
Needed number - Number of approvals needed.
- email
Addresses string[] - List of emails to request approval from.
- email
List stringUuid
- approvals_
needed int - Number of approvals needed.
- email_
addresses Sequence[str] - List of emails to request approval from.
- email_
list_ struuid
- approvals
Needed Number - Number of approvals needed.
- email
Addresses List<String> - List of emails to request approval from.
- email
List StringUuid
AccessPolicyExclude, AccessPolicyExcludeArgs
- Any
Valid boolService Token - Auth
Contexts List<AccessPolicy Exclude Auth Context> - Auth
Method string - Azures
List<Access
Policy Exclude Azure> - Certificate bool
- Common
Name string - Device
Postures List<string> - Email
Domains List<string> - Emails List<string>
- Everyone bool
- External
Evaluation AccessPolicy Exclude External Evaluation - Geos List<string>
- Githubs
List<Access
Policy Exclude Github> - Groups List<string>
- Gsuites
List<Access
Policy Exclude Gsuite> - Ip
Lists List<string> - The ID of an existing IP list to reference.
- Ips List<string>
- An IPv4 or IPv6 CIDR block.
- Login
Methods List<string> - Oktas
List<Access
Policy Exclude Okta> - Samls
List<Access
Policy Exclude Saml> - Service
Tokens List<string>
- Any
Valid boolService Token - Auth
Contexts []AccessPolicy Exclude Auth Context - Auth
Method string - Azures
[]Access
Policy Exclude Azure - Certificate bool
- Common
Name string - Device
Postures []string - Email
Domains []string - Emails []string
- Everyone bool
- External
Evaluation AccessPolicy Exclude External Evaluation - Geos []string
- Githubs
[]Access
Policy Exclude Github - Groups []string
- Gsuites
[]Access
Policy Exclude Gsuite - Ip
Lists []string - The ID of an existing IP list to reference.
- Ips []string
- An IPv4 or IPv6 CIDR block.
- Login
Methods []string - Oktas
[]Access
Policy Exclude Okta - Samls
[]Access
Policy Exclude Saml - Service
Tokens []string
- any
Valid BooleanService Token - auth
Contexts List<AccessPolicy Exclude Auth Context> - auth
Method String - azures
List<Access
Policy Exclude Azure> - certificate Boolean
- common
Name String - device
Postures List<String> - email
Domains List<String> - emails List<String>
- everyone Boolean
- external
Evaluation AccessPolicy Exclude External Evaluation - geos List<String>
- githubs
List<Access
Policy Exclude Github> - groups List<String>
- gsuites
List<Access
Policy Exclude Gsuite> - ip
Lists List<String> - The ID of an existing IP list to reference.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - oktas
List<Access
Policy Exclude Okta> - samls
List<Access
Policy Exclude Saml> - service
Tokens List<String>
- any
Valid booleanService Token - auth
Contexts AccessPolicy Exclude Auth Context[] - auth
Method string - azures
Access
Policy Exclude Azure[] - certificate boolean
- common
Name string - device
Postures string[] - email
Domains string[] - emails string[]
- everyone boolean
- external
Evaluation AccessPolicy Exclude External Evaluation - geos string[]
- githubs
Access
Policy Exclude Github[] - groups string[]
- gsuites
Access
Policy Exclude Gsuite[] - ip
Lists string[] - The ID of an existing IP list to reference.
- ips string[]
- An IPv4 or IPv6 CIDR block.
- login
Methods string[] - oktas
Access
Policy Exclude Okta[] - samls
Access
Policy Exclude Saml[] - service
Tokens string[]
- any_
valid_ boolservice_ token - auth_
contexts Sequence[AccessPolicy Exclude Auth Context] - auth_
method str - azures
Sequence[Access
Policy Exclude Azure] - certificate bool
- common_
name str - device_
postures Sequence[str] - email_
domains Sequence[str] - emails Sequence[str]
- everyone bool
- external_
evaluation AccessPolicy Exclude External Evaluation - geos Sequence[str]
- githubs
Sequence[Access
Policy Exclude Github] - groups Sequence[str]
- gsuites
Sequence[Access
Policy Exclude Gsuite] - ip_
lists Sequence[str] - The ID of an existing IP list to reference.
- ips Sequence[str]
- An IPv4 or IPv6 CIDR block.
- login_
methods Sequence[str] - oktas
Sequence[Access
Policy Exclude Okta] - samls
Sequence[Access
Policy Exclude Saml] - service_
tokens Sequence[str]
- any
Valid BooleanService Token - auth
Contexts List<Property Map> - auth
Method String - azures List<Property Map>
- certificate Boolean
- common
Name String - device
Postures List<String> - email
Domains List<String> - emails List<String>
- everyone Boolean
- external
Evaluation Property Map - geos List<String>
- githubs List<Property Map>
- groups List<String>
- gsuites List<Property Map>
- ip
Lists List<String> - The ID of an existing IP list to reference.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - oktas List<Property Map>
- samls List<Property Map>
- service
Tokens List<String>
AccessPolicyExcludeAuthContext, AccessPolicyExcludeAuthContextArgs
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ac
Id string - The ACID of the Authentication Context.
- id string
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure Identity provider.
- ac_
id str - The ACID of the Authentication Context.
- id str
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure Identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyExcludeAzure, AccessPolicyExcludeAzureArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ids List<string>
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ids []string
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ids List<String>
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure Identity provider.
- ids string[]
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure Identity provider.
- ids Sequence[str]
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ids List<String>
- The ID of the Authentication Context.
AccessPolicyExcludeExternalEvaluation, AccessPolicyExcludeExternalEvaluationArgs
- Evaluate
Url string - Keys
Url string
- Evaluate
Url string - Keys
Url string
- evaluate
Url String - keys
Url String
- evaluate
Url string - keys
Url string
- evaluate_
url str - keys_
url str
- evaluate
Url String - keys
Url String
AccessPolicyExcludeGithub, AccessPolicyExcludeGithubArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Name string
- Teams List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Name string
- Teams []string
- identity
Provider StringId - The ID of the Azure Identity provider.
- name String
- teams List<String>
- identity
Provider stringId - The ID of the Azure Identity provider.
- name string
- teams string[]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- name str
- teams Sequence[str]
- identity
Provider StringId - The ID of the Azure Identity provider.
- name String
- teams List<String>
AccessPolicyExcludeGsuite, AccessPolicyExcludeGsuiteArgs
- Emails List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Emails []string
- Identity
Provider stringId - The ID of the Azure Identity provider.
- emails List<String>
- identity
Provider StringId - The ID of the Azure Identity provider.
- emails string[]
- identity
Provider stringId - The ID of the Azure Identity provider.
- emails Sequence[str]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- emails List<String>
- identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyExcludeOkta, AccessPolicyExcludeOktaArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Names List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Names []string
- identity
Provider StringId - The ID of the Azure Identity provider.
- names List<String>
- identity
Provider stringId - The ID of the Azure Identity provider.
- names string[]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- names Sequence[str]
- identity
Provider StringId - The ID of the Azure Identity provider.
- names List<String>
AccessPolicyExcludeSaml, AccessPolicyExcludeSamlArgs
- Attribute
Name string - Attribute
Value string - Identity
Provider stringId - The ID of the Azure Identity provider.
- Attribute
Name string - Attribute
Value string - Identity
Provider stringId - The ID of the Azure Identity provider.
- attribute
Name String - attribute
Value String - identity
Provider StringId - The ID of the Azure Identity provider.
- attribute
Name string - attribute
Value string - identity
Provider stringId - The ID of the Azure Identity provider.
- attribute_
name str - attribute_
value str - identity_
provider_ strid - The ID of the Azure Identity provider.
- attribute
Name String - attribute
Value String - identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyInclude, AccessPolicyIncludeArgs
- Any
Valid boolService Token - Auth
Contexts List<AccessPolicy Include Auth Context> - Auth
Method string - Azures
List<Access
Policy Include Azure> - Certificate bool
- Common
Name string - Device
Postures List<string> - Email
Domains List<string> - Emails List<string>
- Everyone bool
- External
Evaluation AccessPolicy Include External Evaluation - Geos List<string>
- Githubs
List<Access
Policy Include Github> - Groups List<string>
- Gsuites
List<Access
Policy Include Gsuite> - Ip
Lists List<string> - The ID of an existing IP list to reference.
- Ips List<string>
- An IPv4 or IPv6 CIDR block.
- Login
Methods List<string> - Oktas
List<Access
Policy Include Okta> - Samls
List<Access
Policy Include Saml> - Service
Tokens List<string>
- Any
Valid boolService Token - Auth
Contexts []AccessPolicy Include Auth Context - Auth
Method string - Azures
[]Access
Policy Include Azure - Certificate bool
- Common
Name string - Device
Postures []string - Email
Domains []string - Emails []string
- Everyone bool
- External
Evaluation AccessPolicy Include External Evaluation - Geos []string
- Githubs
[]Access
Policy Include Github - Groups []string
- Gsuites
[]Access
Policy Include Gsuite - Ip
Lists []string - The ID of an existing IP list to reference.
- Ips []string
- An IPv4 or IPv6 CIDR block.
- Login
Methods []string - Oktas
[]Access
Policy Include Okta - Samls
[]Access
Policy Include Saml - Service
Tokens []string
- any
Valid BooleanService Token - auth
Contexts List<AccessPolicy Include Auth Context> - auth
Method String - azures
List<Access
Policy Include Azure> - certificate Boolean
- common
Name String - device
Postures List<String> - email
Domains List<String> - emails List<String>
- everyone Boolean
- external
Evaluation AccessPolicy Include External Evaluation - geos List<String>
- githubs
List<Access
Policy Include Github> - groups List<String>
- gsuites
List<Access
Policy Include Gsuite> - ip
Lists List<String> - The ID of an existing IP list to reference.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - oktas
List<Access
Policy Include Okta> - samls
List<Access
Policy Include Saml> - service
Tokens List<String>
- any
Valid booleanService Token - auth
Contexts AccessPolicy Include Auth Context[] - auth
Method string - azures
Access
Policy Include Azure[] - certificate boolean
- common
Name string - device
Postures string[] - email
Domains string[] - emails string[]
- everyone boolean
- external
Evaluation AccessPolicy Include External Evaluation - geos string[]
- githubs
Access
Policy Include Github[] - groups string[]
- gsuites
Access
Policy Include Gsuite[] - ip
Lists string[] - The ID of an existing IP list to reference.
- ips string[]
- An IPv4 or IPv6 CIDR block.
- login
Methods string[] - oktas
Access
Policy Include Okta[] - samls
Access
Policy Include Saml[] - service
Tokens string[]
- any_
valid_ boolservice_ token - auth_
contexts Sequence[AccessPolicy Include Auth Context] - auth_
method str - azures
Sequence[Access
Policy Include Azure] - certificate bool
- common_
name str - device_
postures Sequence[str] - email_
domains Sequence[str] - emails Sequence[str]
- everyone bool
- external_
evaluation AccessPolicy Include External Evaluation - geos Sequence[str]
- githubs
Sequence[Access
Policy Include Github] - groups Sequence[str]
- gsuites
Sequence[Access
Policy Include Gsuite] - ip_
lists Sequence[str] - The ID of an existing IP list to reference.
- ips Sequence[str]
- An IPv4 or IPv6 CIDR block.
- login_
methods Sequence[str] - oktas
Sequence[Access
Policy Include Okta] - samls
Sequence[Access
Policy Include Saml] - service_
tokens Sequence[str]
- any
Valid BooleanService Token - auth
Contexts List<Property Map> - auth
Method String - azures List<Property Map>
- certificate Boolean
- common
Name String - device
Postures List<String> - email
Domains List<String> - emails List<String>
- everyone Boolean
- external
Evaluation Property Map - geos List<String>
- githubs List<Property Map>
- groups List<String>
- gsuites List<Property Map>
- ip
Lists List<String> - The ID of an existing IP list to reference.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - oktas List<Property Map>
- samls List<Property Map>
- service
Tokens List<String>
AccessPolicyIncludeAuthContext, AccessPolicyIncludeAuthContextArgs
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ac
Id string - The ACID of the Authentication Context.
- id string
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure Identity provider.
- ac_
id str - The ACID of the Authentication Context.
- id str
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure Identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyIncludeAzure, AccessPolicyIncludeAzureArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ids List<string>
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ids []string
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ids List<String>
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure Identity provider.
- ids string[]
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure Identity provider.
- ids Sequence[str]
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ids List<String>
- The ID of the Authentication Context.
AccessPolicyIncludeExternalEvaluation, AccessPolicyIncludeExternalEvaluationArgs
- Evaluate
Url string - Keys
Url string
- Evaluate
Url string - Keys
Url string
- evaluate
Url String - keys
Url String
- evaluate
Url string - keys
Url string
- evaluate_
url str - keys_
url str
- evaluate
Url String - keys
Url String
AccessPolicyIncludeGithub, AccessPolicyIncludeGithubArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Name string
- Teams List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Name string
- Teams []string
- identity
Provider StringId - The ID of the Azure Identity provider.
- name String
- teams List<String>
- identity
Provider stringId - The ID of the Azure Identity provider.
- name string
- teams string[]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- name str
- teams Sequence[str]
- identity
Provider StringId - The ID of the Azure Identity provider.
- name String
- teams List<String>
AccessPolicyIncludeGsuite, AccessPolicyIncludeGsuiteArgs
- Emails List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Emails []string
- Identity
Provider stringId - The ID of the Azure Identity provider.
- emails List<String>
- identity
Provider StringId - The ID of the Azure Identity provider.
- emails string[]
- identity
Provider stringId - The ID of the Azure Identity provider.
- emails Sequence[str]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- emails List<String>
- identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyIncludeOkta, AccessPolicyIncludeOktaArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Names List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Names []string
- identity
Provider StringId - The ID of the Azure Identity provider.
- names List<String>
- identity
Provider stringId - The ID of the Azure Identity provider.
- names string[]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- names Sequence[str]
- identity
Provider StringId - The ID of the Azure Identity provider.
- names List<String>
AccessPolicyIncludeSaml, AccessPolicyIncludeSamlArgs
- Attribute
Name string - Attribute
Value string - Identity
Provider stringId - The ID of the Azure Identity provider.
- Attribute
Name string - Attribute
Value string - Identity
Provider stringId - The ID of the Azure Identity provider.
- attribute
Name String - attribute
Value String - identity
Provider StringId - The ID of the Azure Identity provider.
- attribute
Name string - attribute
Value string - identity
Provider stringId - The ID of the Azure Identity provider.
- attribute_
name str - attribute_
value str - identity_
provider_ strid - The ID of the Azure Identity provider.
- attribute
Name String - attribute
Value String - identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyRequire, AccessPolicyRequireArgs
- Any
Valid boolService Token - Auth
Contexts List<AccessPolicy Require Auth Context> - Auth
Method string - Azures
List<Access
Policy Require Azure> - Certificate bool
- Common
Name string - Device
Postures List<string> - Email
Domains List<string> - Emails List<string>
- Everyone bool
- External
Evaluation AccessPolicy Require External Evaluation - Geos List<string>
- Githubs
List<Access
Policy Require Github> - Groups List<string>
- Gsuites
List<Access
Policy Require Gsuite> - Ip
Lists List<string> - The ID of an existing IP list to reference.
- Ips List<string>
- An IPv4 or IPv6 CIDR block.
- Login
Methods List<string> - Oktas
List<Access
Policy Require Okta> - Samls
List<Access
Policy Require Saml> - Service
Tokens List<string>
- Any
Valid boolService Token - Auth
Contexts []AccessPolicy Require Auth Context - Auth
Method string - Azures
[]Access
Policy Require Azure - Certificate bool
- Common
Name string - Device
Postures []string - Email
Domains []string - Emails []string
- Everyone bool
- External
Evaluation AccessPolicy Require External Evaluation - Geos []string
- Githubs
[]Access
Policy Require Github - Groups []string
- Gsuites
[]Access
Policy Require Gsuite - Ip
Lists []string - The ID of an existing IP list to reference.
- Ips []string
- An IPv4 or IPv6 CIDR block.
- Login
Methods []string - Oktas
[]Access
Policy Require Okta - Samls
[]Access
Policy Require Saml - Service
Tokens []string
- any
Valid BooleanService Token - auth
Contexts List<AccessPolicy Require Auth Context> - auth
Method String - azures
List<Access
Policy Require Azure> - certificate Boolean
- common
Name String - device
Postures List<String> - email
Domains List<String> - emails List<String>
- everyone Boolean
- external
Evaluation AccessPolicy Require External Evaluation - geos List<String>
- githubs
List<Access
Policy Require Github> - groups List<String>
- gsuites
List<Access
Policy Require Gsuite> - ip
Lists List<String> - The ID of an existing IP list to reference.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - oktas
List<Access
Policy Require Okta> - samls
List<Access
Policy Require Saml> - service
Tokens List<String>
- any
Valid booleanService Token - auth
Contexts AccessPolicy Require Auth Context[] - auth
Method string - azures
Access
Policy Require Azure[] - certificate boolean
- common
Name string - device
Postures string[] - email
Domains string[] - emails string[]
- everyone boolean
- external
Evaluation AccessPolicy Require External Evaluation - geos string[]
- githubs
Access
Policy Require Github[] - groups string[]
- gsuites
Access
Policy Require Gsuite[] - ip
Lists string[] - The ID of an existing IP list to reference.
- ips string[]
- An IPv4 or IPv6 CIDR block.
- login
Methods string[] - oktas
Access
Policy Require Okta[] - samls
Access
Policy Require Saml[] - service
Tokens string[]
- any_
valid_ boolservice_ token - auth_
contexts Sequence[AccessPolicy Require Auth Context] - auth_
method str - azures
Sequence[Access
Policy Require Azure] - certificate bool
- common_
name str - device_
postures Sequence[str] - email_
domains Sequence[str] - emails Sequence[str]
- everyone bool
- external_
evaluation AccessPolicy Require External Evaluation - geos Sequence[str]
- githubs
Sequence[Access
Policy Require Github] - groups Sequence[str]
- gsuites
Sequence[Access
Policy Require Gsuite] - ip_
lists Sequence[str] - The ID of an existing IP list to reference.
- ips Sequence[str]
- An IPv4 or IPv6 CIDR block.
- login_
methods Sequence[str] - oktas
Sequence[Access
Policy Require Okta] - samls
Sequence[Access
Policy Require Saml] - service_
tokens Sequence[str]
- any
Valid BooleanService Token - auth
Contexts List<Property Map> - auth
Method String - azures List<Property Map>
- certificate Boolean
- common
Name String - device
Postures List<String> - email
Domains List<String> - emails List<String>
- everyone Boolean
- external
Evaluation Property Map - geos List<String>
- githubs List<Property Map>
- groups List<String>
- gsuites List<Property Map>
- ip
Lists List<String> - The ID of an existing IP list to reference.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - oktas List<Property Map>
- samls List<Property Map>
- service
Tokens List<String>
AccessPolicyRequireAuthContext, AccessPolicyRequireAuthContextArgs
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ac
Id string - The ACID of the Authentication Context.
- id string
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure Identity provider.
- ac_
id str - The ACID of the Authentication Context.
- id str
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure Identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyRequireAzure, AccessPolicyRequireAzureArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ids List<string>
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Ids []string
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ids List<String>
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure Identity provider.
- ids string[]
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure Identity provider.
- ids Sequence[str]
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure Identity provider.
- ids List<String>
- The ID of the Authentication Context.
AccessPolicyRequireExternalEvaluation, AccessPolicyRequireExternalEvaluationArgs
- Evaluate
Url string - Keys
Url string
- Evaluate
Url string - Keys
Url string
- evaluate
Url String - keys
Url String
- evaluate
Url string - keys
Url string
- evaluate_
url str - keys_
url str
- evaluate
Url String - keys
Url String
AccessPolicyRequireGithub, AccessPolicyRequireGithubArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Name string
- Teams List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Name string
- Teams []string
- identity
Provider StringId - The ID of the Azure Identity provider.
- name String
- teams List<String>
- identity
Provider stringId - The ID of the Azure Identity provider.
- name string
- teams string[]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- name str
- teams Sequence[str]
- identity
Provider StringId - The ID of the Azure Identity provider.
- name String
- teams List<String>
AccessPolicyRequireGsuite, AccessPolicyRequireGsuiteArgs
- Emails List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Emails []string
- Identity
Provider stringId - The ID of the Azure Identity provider.
- emails List<String>
- identity
Provider StringId - The ID of the Azure Identity provider.
- emails string[]
- identity
Provider stringId - The ID of the Azure Identity provider.
- emails Sequence[str]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- emails List<String>
- identity
Provider StringId - The ID of the Azure Identity provider.
AccessPolicyRequireOkta, AccessPolicyRequireOktaArgs
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Names List<string>
- Identity
Provider stringId - The ID of the Azure Identity provider.
- Names []string
- identity
Provider StringId - The ID of the Azure Identity provider.
- names List<String>
- identity
Provider stringId - The ID of the Azure Identity provider.
- names string[]
- identity_
provider_ strid - The ID of the Azure Identity provider.
- names Sequence[str]
- identity
Provider StringId - The ID of the Azure Identity provider.
- names List<String>
AccessPolicyRequireSaml, AccessPolicyRequireSamlArgs
- Attribute
Name string - Attribute
Value string - Identity
Provider stringId - The ID of the Azure Identity provider.
- Attribute
Name string - Attribute
Value string - Identity
Provider stringId - The ID of the Azure Identity provider.
- attribute
Name String - attribute
Value String - identity
Provider StringId - The ID of the Azure Identity provider.
- attribute
Name string - attribute
Value string - identity
Provider stringId - The ID of the Azure Identity provider.
- attribute_
name str - attribute_
value str - identity_
provider_ strid - The ID of the Azure Identity provider.
- attribute
Name String - attribute
Value String - identity
Provider StringId - The ID of the Azure Identity provider.
Import
Account level import.
$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>
Zone level import.
$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example zone/<zone_id>/<application_id>/<policy_id>
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflare
Terraform Provider.