Cloudflare
AccessApplication
Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.
It’s required that an
account_idorzone_idis provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use thezone_idargument.
Example Usage
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
class MyStack : Stack
{
public MyStack()
{
// With CORS configuration
var stagingApp = new Cloudflare.AccessApplication("stagingApp", new Cloudflare.AccessApplicationArgs
{
CorsHeaders =
{
new Cloudflare.Inputs.AccessApplicationCorsHeaderArgs
{
AllowCredentials = true,
AllowedMethods =
{
"GET",
"POST",
"OPTIONS",
},
AllowedOrigins =
{
"https://example.com",
},
MaxAge = 10,
},
},
Domain = "staging.example.com",
Name = "staging application",
SessionDuration = "24h",
Type = "self_hosted",
ZoneId = "1d5fdc9e88c8a8c4518b068cd94331fe",
});
}
}
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v4/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.NewAccessApplication(ctx, "stagingApp", &cloudflare.AccessApplicationArgs{
CorsHeaders: AccessApplicationCorsHeaderArray{
&AccessApplicationCorsHeaderArgs{
AllowCredentials: pulumi.Bool(true),
AllowedMethods: pulumi.StringArray{
pulumi.String("GET"),
pulumi.String("POST"),
pulumi.String("OPTIONS"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("https://example.com"),
},
MaxAge: pulumi.Int(10),
},
},
Domain: pulumi.String("staging.example.com"),
Name: pulumi.String("staging application"),
SessionDuration: pulumi.String("24h"),
Type: pulumi.String("self_hosted"),
ZoneId: pulumi.String("1d5fdc9e88c8a8c4518b068cd94331fe"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var stagingApp = new AccessApplication("stagingApp", AccessApplicationArgs.builder()
.corsHeaders(AccessApplicationCorsHeaderArgs.builder()
.allowCredentials(true)
.allowedMethods(
"GET",
"POST",
"OPTIONS")
.allowedOrigins("https://example.com")
.maxAge(10)
.build())
.domain("staging.example.com")
.name("staging application")
.sessionDuration("24h")
.type("self_hosted")
.zoneId("1d5fdc9e88c8a8c4518b068cd94331fe")
.build());
}
}
import pulumi
import pulumi_cloudflare as cloudflare
# With CORS configuration
staging_app = cloudflare.AccessApplication("stagingApp",
cors_headers=[cloudflare.AccessApplicationCorsHeaderArgs(
allow_credentials=True,
allowed_methods=[
"GET",
"POST",
"OPTIONS",
],
allowed_origins=["https://example.com"],
max_age=10,
)],
domain="staging.example.com",
name="staging application",
session_duration="24h",
type="self_hosted",
zone_id="1d5fdc9e88c8a8c4518b068cd94331fe")
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
// With CORS configuration
const stagingApp = new cloudflare.AccessApplication("staging_app", {
corsHeaders: [{
allowCredentials: true,
allowedMethods: [
"GET",
"POST",
"OPTIONS",
],
allowedOrigins: ["https://example.com"],
maxAge: 10,
}],
domain: "staging.example.com",
name: "staging application",
sessionDuration: "24h",
type: "self_hosted",
zoneId: "1d5fdc9e88c8a8c4518b068cd94331fe",
});
resources:
stagingApp:
type: cloudflare:AccessApplication
properties:
corsHeaders:
- allowCredentials: true
allowedMethods:
- GET
- POST
- OPTIONS
allowedOrigins:
- https://example.com
maxAge: 10
domain: staging.example.com
name: staging application
sessionDuration: 24h
type: self_hosted
zoneId: 1d5fdc9e88c8a8c4518b068cd94331fe
Create a AccessApplication Resource
new AccessApplication(name: string, args: AccessApplicationArgs, opts?: CustomResourceOptions);@overload
def AccessApplication(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_visible: Optional[bool] = None,
auto_redirect_to_identity: Optional[bool] = None,
cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
http_only_cookie_attribute: Optional[bool] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
same_site_cookie_attribute: Optional[str] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_interstitial: Optional[bool] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None)
@overload
def AccessApplication(resource_name: str,
args: AccessApplicationArgs,
opts: Optional[ResourceOptions] = None)func NewAccessApplication(ctx *Context, name string, args AccessApplicationArgs, opts ...ResourceOption) (*AccessApplication, error)public AccessApplication(string name, AccessApplicationArgs args, CustomResourceOptions? opts = null)
public AccessApplication(String name, AccessApplicationArgs args)
public AccessApplication(String name, AccessApplicationArgs args, CustomResourceOptions options)
type: cloudflare:AccessApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccessApplication Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccessApplication resource accepts the following input properties:
- Domain string
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- Name string
Friendly name of the Access Application.
- Account
Id string The account identifier to target for the resource.
- Allowed
Idps List<string> The identity providers selected for the application.
- App
Launcher boolVisible Option to show/hide applications in App Launcher.
- Auto
Redirect boolTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- Cors
Headers List<AccessApplication Cors Header Args> CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl Option that redirects to a custom URL when a user is denied access to the application.
- bool
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- bool
Option to add the
HttpOnlycookie flag to access tokens.- Logo
Url string Image URL for the logo shown in the app launcher dashboard.
- string
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- Service
Auth401Redirect bool Option to return a 401 status code in service authentication rules on failed requests.
- Session
Duration string How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- Skip
Interstitial bool Option to skip the authorization interstitial when using the CLI.
- Type string
The application type. Available values:
self_hosted,ssh,vnc,file- Zone
Id string The zone identifier to target for the resource.
- Domain string
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- Name string
Friendly name of the Access Application.
- Account
Id string The account identifier to target for the resource.
- Allowed
Idps []string The identity providers selected for the application.
- App
Launcher boolVisible Option to show/hide applications in App Launcher.
- Auto
Redirect boolTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- Cors
Headers []AccessApplication Cors Header Args CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl Option that redirects to a custom URL when a user is denied access to the application.
- bool
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- bool
Option to add the
HttpOnlycookie flag to access tokens.- Logo
Url string Image URL for the logo shown in the app launcher dashboard.
- string
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- Service
Auth401Redirect bool Option to return a 401 status code in service authentication rules on failed requests.
- Session
Duration string How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- Skip
Interstitial bool Option to skip the authorization interstitial when using the CLI.
- Type string
The application type. Available values:
self_hosted,ssh,vnc,file- Zone
Id string The zone identifier to target for the resource.
- domain String
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- name String
Friendly name of the Access Application.
- account
Id String The account identifier to target for the resource.
- allowed
Idps List<String> The identity providers selected for the application.
- app
Launcher BooleanVisible Option to show/hide applications in App Launcher.
- auto
Redirect BooleanTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors
Headers List<AccessApplication Cors Header Args> CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl Option that redirects to a custom URL when a user is denied access to the application.
- Boolean
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- Boolean
Option to add the
HttpOnlycookie flag to access tokens.- logo
Url String Image URL for the logo shown in the app launcher dashboard.
- String
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service
Auth401Redirect Boolean Option to return a 401 status code in service authentication rules on failed requests.
- session
Duration String How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip
Interstitial Boolean Option to skip the authorization interstitial when using the CLI.
- type String
The application type. Available values:
self_hosted,ssh,vnc,file- zone
Id String The zone identifier to target for the resource.
- domain string
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- name string
Friendly name of the Access Application.
- account
Id string The account identifier to target for the resource.
- allowed
Idps string[] The identity providers selected for the application.
- app
Launcher booleanVisible Option to show/hide applications in App Launcher.
- auto
Redirect booleanTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors
Headers AccessApplication Cors Header Args[] CORS configuration for the Access Application. See below for reference structure.
- custom
Deny stringMessage Option that returns a custom error message when a user is denied access to the application.
- custom
Deny stringUrl Option that redirects to a custom URL when a user is denied access to the application.
- boolean
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- boolean
Option to add the
HttpOnlycookie flag to access tokens.- logo
Url string Image URL for the logo shown in the app launcher dashboard.
- string
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service
Auth401Redirect boolean Option to return a 401 status code in service authentication rules on failed requests.
- session
Duration string How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip
Interstitial boolean Option to skip the authorization interstitial when using the CLI.
- type string
The application type. Available values:
self_hosted,ssh,vnc,file- zone
Id string The zone identifier to target for the resource.
- domain str
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- name str
Friendly name of the Access Application.
- account_
id str The account identifier to target for the resource.
- allowed_
idps Sequence[str] The identity providers selected for the application.
- app_
launcher_ boolvisible Option to show/hide applications in App Launcher.
- auto_
redirect_ boolto_ identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors_
headers Sequence[AccessApplication Cors Header Args] CORS configuration for the Access Application. See below for reference structure.
- custom_
deny_ strmessage Option that returns a custom error message when a user is denied access to the application.
- custom_
deny_ strurl Option that redirects to a custom URL when a user is denied access to the application.
- bool
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- bool
Option to add the
HttpOnlycookie flag to access tokens.- logo_
url str Image URL for the logo shown in the app launcher dashboard.
- str
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service_
auth401_ boolredirect Option to return a 401 status code in service authentication rules on failed requests.
- session_
duration str How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip_
interstitial bool Option to skip the authorization interstitial when using the CLI.
- type str
The application type. Available values:
self_hosted,ssh,vnc,file- zone_
id str The zone identifier to target for the resource.
- domain String
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- name String
Friendly name of the Access Application.
- account
Id String The account identifier to target for the resource.
- allowed
Idps List<String> The identity providers selected for the application.
- app
Launcher BooleanVisible Option to show/hide applications in App Launcher.
- auto
Redirect BooleanTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors
Headers List<Property Map> CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl Option that redirects to a custom URL when a user is denied access to the application.
- Boolean
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- Boolean
Option to add the
HttpOnlycookie flag to access tokens.- logo
Url String Image URL for the logo shown in the app launcher dashboard.
- String
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service
Auth401Redirect Boolean Option to return a 401 status code in service authentication rules on failed requests.
- session
Duration String How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip
Interstitial Boolean Option to skip the authorization interstitial when using the CLI.
- type String
The application type. Available values:
self_hosted,ssh,vnc,file- zone
Id String The zone identifier to target for the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessApplication resource produces the following output properties:
Look up an Existing AccessApplication Resource
Get an existing AccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessApplicationState, opts?: CustomResourceOptions): AccessApplication@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_visible: Optional[bool] = None,
aud: Optional[str] = None,
auto_redirect_to_identity: Optional[bool] = None,
cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
http_only_cookie_attribute: Optional[bool] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
same_site_cookie_attribute: Optional[str] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_interstitial: Optional[bool] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None) -> AccessApplicationfunc GetAccessApplication(ctx *Context, name string, id IDInput, state *AccessApplicationState, opts ...ResourceOption) (*AccessApplication, error)public static AccessApplication Get(string name, Input<string> id, AccessApplicationState? state, CustomResourceOptions? opts = null)public static AccessApplication get(String name, Output<String> id, AccessApplicationState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string The account identifier to target for the resource.
- Allowed
Idps List<string> The identity providers selected for the application.
- App
Launcher boolVisible Option to show/hide applications in App Launcher.
- Aud string
Application Audience (AUD) Tag of the application.
- Auto
Redirect boolTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- Cors
Headers List<AccessApplication Cors Header Args> CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl Option that redirects to a custom URL when a user is denied access to the application.
- Domain string
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- bool
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- bool
Option to add the
HttpOnlycookie flag to access tokens.- Logo
Url string Image URL for the logo shown in the app launcher dashboard.
- Name string
Friendly name of the Access Application.
- string
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- Service
Auth401Redirect bool Option to return a 401 status code in service authentication rules on failed requests.
- Session
Duration string How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- Skip
Interstitial bool Option to skip the authorization interstitial when using the CLI.
- Type string
The application type. Available values:
self_hosted,ssh,vnc,file- Zone
Id string The zone identifier to target for the resource.
- Account
Id string The account identifier to target for the resource.
- Allowed
Idps []string The identity providers selected for the application.
- App
Launcher boolVisible Option to show/hide applications in App Launcher.
- Aud string
Application Audience (AUD) Tag of the application.
- Auto
Redirect boolTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- Cors
Headers []AccessApplication Cors Header Args CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl Option that redirects to a custom URL when a user is denied access to the application.
- Domain string
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- bool
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- bool
Option to add the
HttpOnlycookie flag to access tokens.- Logo
Url string Image URL for the logo shown in the app launcher dashboard.
- Name string
Friendly name of the Access Application.
- string
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- Service
Auth401Redirect bool Option to return a 401 status code in service authentication rules on failed requests.
- Session
Duration string How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- Skip
Interstitial bool Option to skip the authorization interstitial when using the CLI.
- Type string
The application type. Available values:
self_hosted,ssh,vnc,file- Zone
Id string The zone identifier to target for the resource.
- account
Id String The account identifier to target for the resource.
- allowed
Idps List<String> The identity providers selected for the application.
- app
Launcher BooleanVisible Option to show/hide applications in App Launcher.
- aud String
Application Audience (AUD) Tag of the application.
- auto
Redirect BooleanTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors
Headers List<AccessApplication Cors Header Args> CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl Option that redirects to a custom URL when a user is denied access to the application.
- domain String
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- Boolean
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- Boolean
Option to add the
HttpOnlycookie flag to access tokens.- logo
Url String Image URL for the logo shown in the app launcher dashboard.
- name String
Friendly name of the Access Application.
- String
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service
Auth401Redirect Boolean Option to return a 401 status code in service authentication rules on failed requests.
- session
Duration String How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip
Interstitial Boolean Option to skip the authorization interstitial when using the CLI.
- type String
The application type. Available values:
self_hosted,ssh,vnc,file- zone
Id String The zone identifier to target for the resource.
- account
Id string The account identifier to target for the resource.
- allowed
Idps string[] The identity providers selected for the application.
- app
Launcher booleanVisible Option to show/hide applications in App Launcher.
- aud string
Application Audience (AUD) Tag of the application.
- auto
Redirect booleanTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors
Headers AccessApplication Cors Header Args[] CORS configuration for the Access Application. See below for reference structure.
- custom
Deny stringMessage Option that returns a custom error message when a user is denied access to the application.
- custom
Deny stringUrl Option that redirects to a custom URL when a user is denied access to the application.
- domain string
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- boolean
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- boolean
Option to add the
HttpOnlycookie flag to access tokens.- logo
Url string Image URL for the logo shown in the app launcher dashboard.
- name string
Friendly name of the Access Application.
- string
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service
Auth401Redirect boolean Option to return a 401 status code in service authentication rules on failed requests.
- session
Duration string How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip
Interstitial boolean Option to skip the authorization interstitial when using the CLI.
- type string
The application type. Available values:
self_hosted,ssh,vnc,file- zone
Id string The zone identifier to target for the resource.
- account_
id str The account identifier to target for the resource.
- allowed_
idps Sequence[str] The identity providers selected for the application.
- app_
launcher_ boolvisible Option to show/hide applications in App Launcher.
- aud str
Application Audience (AUD) Tag of the application.
- auto_
redirect_ boolto_ identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors_
headers Sequence[AccessApplication Cors Header Args] CORS configuration for the Access Application. See below for reference structure.
- custom_
deny_ strmessage Option that returns a custom error message when a user is denied access to the application.
- custom_
deny_ strurl Option that redirects to a custom URL when a user is denied access to the application.
- domain str
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- bool
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- bool
Option to add the
HttpOnlycookie flag to access tokens.- logo_
url str Image URL for the logo shown in the app launcher dashboard.
- name str
Friendly name of the Access Application.
- str
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service_
auth401_ boolredirect Option to return a 401 status code in service authentication rules on failed requests.
- session_
duration str How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip_
interstitial bool Option to skip the authorization interstitial when using the CLI.
- type str
The application type. Available values:
self_hosted,ssh,vnc,file- zone_
id str The zone identifier to target for the resource.
- account
Id String The account identifier to target for the resource.
- allowed
Idps List<String> The identity providers selected for the application.
- app
Launcher BooleanVisible Option to show/hide applications in App Launcher.
- aud String
Application Audience (AUD) Tag of the application.
- auto
Redirect BooleanTo Identity Option to skip identity provider selection if only one is configured in
allowed_idps.- cors
Headers List<Property Map> CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl Option that redirects to a custom URL when a user is denied access to the application.
- domain String
The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
- Boolean
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.
- Boolean
Option to add the
HttpOnlycookie flag to access tokens.- logo
Url String Image URL for the logo shown in the app launcher dashboard.
- name String
Friendly name of the Access Application.
- String
Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict- service
Auth401Redirect Boolean Option to return a 401 status code in service authentication rules on failed requests.
- session
Duration String How often a user will be forced to re-authorise. Must be in the format
48hor2h45m- skip
Interstitial Boolean Option to skip the authorization interstitial when using the CLI.
- type String
The application type. Available values:
self_hosted,ssh,vnc,file- zone
Id String The zone identifier to target for the resource.
Supporting Types
AccessApplicationCorsHeader
- Allow
All boolHeaders - Allow
All boolMethods - Allow
All boolOrigins - Allow
Credentials bool - Allowed
Headers List<string> - Allowed
Methods List<string> - Allowed
Origins List<string> - Max
Age int
- Allow
All boolHeaders - Allow
All boolMethods - Allow
All boolOrigins - Allow
Credentials bool - Allowed
Headers []string - Allowed
Methods []string - Allowed
Origins []string - Max
Age int
- allow
All BooleanHeaders - allow
All BooleanMethods - allow
All BooleanOrigins - allow
Credentials Boolean - allowed
Headers List<String> - allowed
Methods List<String> - allowed
Origins List<String> - max
Age Integer
- allow
All booleanHeaders - allow
All booleanMethods - allow
All booleanOrigins - allow
Credentials boolean - allowed
Headers string[] - allowed
Methods string[] - allowed
Origins string[] - max
Age number
- allow_
all_ boolheaders - allow_
all_ boolmethods - allow_
all_ boolorigins - allow_
credentials bool - allowed_
headers Sequence[str] - allowed_
methods Sequence[str] - allowed_
origins Sequence[str] - max_
age int
- allow
All BooleanHeaders - allow
All BooleanMethods - allow
All BooleanOrigins - allow
Credentials Boolean - allowed
Headers List<String> - allowed
Methods List<String> - allowed
Origins List<String> - max
Age Number
Import
$ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
Package Details
- Repository
- https://github.com/pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
cloudflareTerraform Provider.