Cloudflare

Pulumi Official
Package maintained by Pulumi
v4.9.0 published on Monday, Jul 18, 2022 by Pulumi

AccessApplication

Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

class MyStack : Stack
{
    public MyStack()
    {
        // With CORS configuration
        var stagingApp = new Cloudflare.AccessApplication("stagingApp", new Cloudflare.AccessApplicationArgs
        {
            CorsHeaders = 
            {
                new Cloudflare.Inputs.AccessApplicationCorsHeaderArgs
                {
                    AllowCredentials = true,
                    AllowedMethods = 
                    {
                        "GET",
                        "POST",
                        "OPTIONS",
                    },
                    AllowedOrigins = 
                    {
                        "https://example.com",
                    },
                    MaxAge = 10,
                },
            },
            Domain = "staging.example.com",
            Name = "staging application",
            SessionDuration = "24h",
            Type = "self_hosted",
            ZoneId = "1d5fdc9e88c8a8c4518b068cd94331fe",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v4/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewAccessApplication(ctx, "stagingApp", &cloudflare.AccessApplicationArgs{
			CorsHeaders: AccessApplicationCorsHeaderArray{
				&AccessApplicationCorsHeaderArgs{
					AllowCredentials: pulumi.Bool(true),
					AllowedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("POST"),
						pulumi.String("OPTIONS"),
					},
					AllowedOrigins: pulumi.StringArray{
						pulumi.String("https://example.com"),
					},
					MaxAge: pulumi.Int(10),
				},
			},
			Domain:          pulumi.String("staging.example.com"),
			Name:            pulumi.String("staging application"),
			SessionDuration: pulumi.String("24h"),
			Type:            pulumi.String("self_hosted"),
			ZoneId:          pulumi.String("1d5fdc9e88c8a8c4518b068cd94331fe"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var stagingApp = new AccessApplication("stagingApp", AccessApplicationArgs.builder()        
            .corsHeaders(AccessApplicationCorsHeaderArgs.builder()
                .allowCredentials(true)
                .allowedMethods(                
                    "GET",
                    "POST",
                    "OPTIONS")
                .allowedOrigins("https://example.com")
                .maxAge(10)
                .build())
            .domain("staging.example.com")
            .name("staging application")
            .sessionDuration("24h")
            .type("self_hosted")
            .zoneId("1d5fdc9e88c8a8c4518b068cd94331fe")
            .build());

    }
}
import pulumi
import pulumi_cloudflare as cloudflare

# With CORS configuration
staging_app = cloudflare.AccessApplication("stagingApp",
    cors_headers=[cloudflare.AccessApplicationCorsHeaderArgs(
        allow_credentials=True,
        allowed_methods=[
            "GET",
            "POST",
            "OPTIONS",
        ],
        allowed_origins=["https://example.com"],
        max_age=10,
    )],
    domain="staging.example.com",
    name="staging application",
    session_duration="24h",
    type="self_hosted",
    zone_id="1d5fdc9e88c8a8c4518b068cd94331fe")
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// With CORS configuration
const stagingApp = new cloudflare.AccessApplication("staging_app", {
    corsHeaders: [{
        allowCredentials: true,
        allowedMethods: [
            "GET",
            "POST",
            "OPTIONS",
        ],
        allowedOrigins: ["https://example.com"],
        maxAge: 10,
    }],
    domain: "staging.example.com",
    name: "staging application",
    sessionDuration: "24h",
    type: "self_hosted",
    zoneId: "1d5fdc9e88c8a8c4518b068cd94331fe",
});
resources:
  stagingApp:
    type: cloudflare:AccessApplication
    properties:
      corsHeaders:
        - allowCredentials: true
          allowedMethods:
            - GET
            - POST
            - OPTIONS
          allowedOrigins:
            - https://example.com
          maxAge: 10
      domain: staging.example.com
      name: staging application
      sessionDuration: 24h
      type: self_hosted
      zoneId: 1d5fdc9e88c8a8c4518b068cd94331fe

Create a AccessApplication Resource

new AccessApplication(name: string, args: AccessApplicationArgs, opts?: CustomResourceOptions);
@overload
def AccessApplication(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      account_id: Optional[str] = None,
                      allowed_idps: Optional[Sequence[str]] = None,
                      app_launcher_visible: Optional[bool] = None,
                      auto_redirect_to_identity: Optional[bool] = None,
                      cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
                      custom_deny_message: Optional[str] = None,
                      custom_deny_url: Optional[str] = None,
                      domain: Optional[str] = None,
                      enable_binding_cookie: Optional[bool] = None,
                      http_only_cookie_attribute: Optional[bool] = None,
                      logo_url: Optional[str] = None,
                      name: Optional[str] = None,
                      same_site_cookie_attribute: Optional[str] = None,
                      service_auth401_redirect: Optional[bool] = None,
                      session_duration: Optional[str] = None,
                      skip_interstitial: Optional[bool] = None,
                      type: Optional[str] = None,
                      zone_id: Optional[str] = None)
@overload
def AccessApplication(resource_name: str,
                      args: AccessApplicationArgs,
                      opts: Optional[ResourceOptions] = None)
func NewAccessApplication(ctx *Context, name string, args AccessApplicationArgs, opts ...ResourceOption) (*AccessApplication, error)
public AccessApplication(string name, AccessApplicationArgs args, CustomResourceOptions? opts = null)
public AccessApplication(String name, AccessApplicationArgs args)
public AccessApplication(String name, AccessApplicationArgs args, CustomResourceOptions options)
type: cloudflare:AccessApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessApplication Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessApplication resource accepts the following input properties:

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

Name string

Friendly name of the Access Application.

AccountId string

The account identifier to target for the resource.

AllowedIdps List<string>

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps.

CorsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI.

Type string

The application type. Available values: self_hosted, ssh, vnc, file

ZoneId string

The zone identifier to target for the resource.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

Name string

Friendly name of the Access Application.

AccountId string

The account identifier to target for the resource.

AllowedIdps []string

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps.

CorsHeaders []AccessApplicationCorsHeaderArgs

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI.

Type string

The application type. Available values: self_hosted, ssh, vnc, file

ZoneId string

The zone identifier to target for the resource.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

name String

Friendly name of the Access Application.

accountId String

The account identifier to target for the resource.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps.

corsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI.

type String

The application type. Available values: self_hosted, ssh, vnc, file

zoneId String

The zone identifier to target for the resource.

domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

name string

Friendly name of the Access Application.

accountId string

The account identifier to target for the resource.

allowedIdps string[]

The identity providers selected for the application.

appLauncherVisible boolean

Option to show/hide applications in App Launcher.

autoRedirectToIdentity boolean

Option to skip identity provider selection if only one is configured in allowed_idps.

corsHeaders AccessApplicationCorsHeaderArgs[]

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

enableBindingCookie boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

httpOnlyCookieAttribute boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl string

Image URL for the logo shown in the app launcher dashboard.

sameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

serviceAuth401Redirect boolean

Option to return a 401 status code in service authentication rules on failed requests.

sessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skipInterstitial boolean

Option to skip the authorization interstitial when using the CLI.

type string

The application type. Available values: self_hosted, ssh, vnc, file

zoneId string

The zone identifier to target for the resource.

domain str

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

name str

Friendly name of the Access Application.

account_id str

The account identifier to target for the resource.

allowed_idps Sequence[str]

The identity providers selected for the application.

app_launcher_visible bool

Option to show/hide applications in App Launcher.

auto_redirect_to_identity bool

Option to skip identity provider selection if only one is configured in allowed_idps.

cors_headers Sequence[AccessApplicationCorsHeaderArgs]

CORS configuration for the Access Application. See below for reference structure.

custom_deny_message str

Option that returns a custom error message when a user is denied access to the application.

custom_deny_url str

Option that redirects to a custom URL when a user is denied access to the application.

enable_binding_cookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

http_only_cookie_attribute bool

Option to add the HttpOnly cookie flag to access tokens.

logo_url str

Image URL for the logo shown in the app launcher dashboard.

same_site_cookie_attribute str

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

service_auth401_redirect bool

Option to return a 401 status code in service authentication rules on failed requests.

session_duration str

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skip_interstitial bool

Option to skip the authorization interstitial when using the CLI.

type str

The application type. Available values: self_hosted, ssh, vnc, file

zone_id str

The zone identifier to target for the resource.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

name String

Friendly name of the Access Application.

accountId String

The account identifier to target for the resource.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps.

corsHeaders List<Property Map>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI.

type String

The application type. Available values: self_hosted, ssh, vnc, file

zoneId String

The zone identifier to target for the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessApplication resource produces the following output properties:

Aud string

Application Audience (AUD) Tag of the application.

Id string

The provider-assigned unique ID for this managed resource.

Aud string

Application Audience (AUD) Tag of the application.

Id string

The provider-assigned unique ID for this managed resource.

aud String

Application Audience (AUD) Tag of the application.

id String

The provider-assigned unique ID for this managed resource.

aud string

Application Audience (AUD) Tag of the application.

id string

The provider-assigned unique ID for this managed resource.

aud str

Application Audience (AUD) Tag of the application.

id str

The provider-assigned unique ID for this managed resource.

aud String

Application Audience (AUD) Tag of the application.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing AccessApplication Resource

Get an existing AccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessApplicationState, opts?: CustomResourceOptions): AccessApplication
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        allowed_idps: Optional[Sequence[str]] = None,
        app_launcher_visible: Optional[bool] = None,
        aud: Optional[str] = None,
        auto_redirect_to_identity: Optional[bool] = None,
        cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
        custom_deny_message: Optional[str] = None,
        custom_deny_url: Optional[str] = None,
        domain: Optional[str] = None,
        enable_binding_cookie: Optional[bool] = None,
        http_only_cookie_attribute: Optional[bool] = None,
        logo_url: Optional[str] = None,
        name: Optional[str] = None,
        same_site_cookie_attribute: Optional[str] = None,
        service_auth401_redirect: Optional[bool] = None,
        session_duration: Optional[str] = None,
        skip_interstitial: Optional[bool] = None,
        type: Optional[str] = None,
        zone_id: Optional[str] = None) -> AccessApplication
func GetAccessApplication(ctx *Context, name string, id IDInput, state *AccessApplicationState, opts ...ResourceOption) (*AccessApplication, error)
public static AccessApplication Get(string name, Input<string> id, AccessApplicationState? state, CustomResourceOptions? opts = null)
public static AccessApplication get(String name, Output<String> id, AccessApplicationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountId string

The account identifier to target for the resource.

AllowedIdps List<string>

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher.

Aud string

Application Audience (AUD) Tag of the application.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps.

CorsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

Name string

Friendly name of the Access Application.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI.

Type string

The application type. Available values: self_hosted, ssh, vnc, file

ZoneId string

The zone identifier to target for the resource.

AccountId string

The account identifier to target for the resource.

AllowedIdps []string

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher.

Aud string

Application Audience (AUD) Tag of the application.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps.

CorsHeaders []AccessApplicationCorsHeaderArgs

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

Name string

Friendly name of the Access Application.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI.

Type string

The application type. Available values: self_hosted, ssh, vnc, file

ZoneId string

The zone identifier to target for the resource.

accountId String

The account identifier to target for the resource.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher.

aud String

Application Audience (AUD) Tag of the application.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps.

corsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

name String

Friendly name of the Access Application.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI.

type String

The application type. Available values: self_hosted, ssh, vnc, file

zoneId String

The zone identifier to target for the resource.

accountId string

The account identifier to target for the resource.

allowedIdps string[]

The identity providers selected for the application.

appLauncherVisible boolean

Option to show/hide applications in App Launcher.

aud string

Application Audience (AUD) Tag of the application.

autoRedirectToIdentity boolean

Option to skip identity provider selection if only one is configured in allowed_idps.

corsHeaders AccessApplicationCorsHeaderArgs[]

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

httpOnlyCookieAttribute boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl string

Image URL for the logo shown in the app launcher dashboard.

name string

Friendly name of the Access Application.

sameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

serviceAuth401Redirect boolean

Option to return a 401 status code in service authentication rules on failed requests.

sessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skipInterstitial boolean

Option to skip the authorization interstitial when using the CLI.

type string

The application type. Available values: self_hosted, ssh, vnc, file

zoneId string

The zone identifier to target for the resource.

account_id str

The account identifier to target for the resource.

allowed_idps Sequence[str]

The identity providers selected for the application.

app_launcher_visible bool

Option to show/hide applications in App Launcher.

aud str

Application Audience (AUD) Tag of the application.

auto_redirect_to_identity bool

Option to skip identity provider selection if only one is configured in allowed_idps.

cors_headers Sequence[AccessApplicationCorsHeaderArgs]

CORS configuration for the Access Application. See below for reference structure.

custom_deny_message str

Option that returns a custom error message when a user is denied access to the application.

custom_deny_url str

Option that redirects to a custom URL when a user is denied access to the application.

domain str

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enable_binding_cookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

http_only_cookie_attribute bool

Option to add the HttpOnly cookie flag to access tokens.

logo_url str

Image URL for the logo shown in the app launcher dashboard.

name str

Friendly name of the Access Application.

same_site_cookie_attribute str

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

service_auth401_redirect bool

Option to return a 401 status code in service authentication rules on failed requests.

session_duration str

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skip_interstitial bool

Option to skip the authorization interstitial when using the CLI.

type str

The application type. Available values: self_hosted, ssh, vnc, file

zone_id str

The zone identifier to target for the resource.

accountId String

The account identifier to target for the resource.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher.

aud String

Application Audience (AUD) Tag of the application.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps.

corsHeaders List<Property Map>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

name String

Friendly name of the Access Application.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI.

type String

The application type. Available values: self_hosted, ssh, vnc, file

zoneId String

The zone identifier to target for the resource.

Supporting Types

AccessApplicationCorsHeader

allowAllHeaders Boolean
allowAllMethods Boolean
allowAllOrigins Boolean
allowCredentials Boolean
allowedHeaders List<String>
allowedMethods List<String>
allowedOrigins List<String>
maxAge Integer
allowAllHeaders Boolean
allowAllMethods Boolean
allowAllOrigins Boolean
allowCredentials Boolean
allowedHeaders List<String>
allowedMethods List<String>
allowedOrigins List<String>
maxAge Number

Import

 $ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes

This Pulumi package is based on the cloudflare Terraform Provider.