Cloudflare

v4.12.1 published on Thursday, Sep 22, 2022 by Pulumi

AccessApplication

Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    // With CORS configuration
    var stagingApp = new Cloudflare.AccessApplication("stagingApp", new()
    {
        CorsHeaders = new[]
        {
            new Cloudflare.Inputs.AccessApplicationCorsHeaderArgs
            {
                AllowCredentials = true,
                AllowedMethods = new[]
                {
                    "GET",
                    "POST",
                    "OPTIONS",
                },
                AllowedOrigins = new[]
                {
                    "https://example.com",
                },
                MaxAge = 10,
            },
        },
        Domain = "staging.example.com",
        Name = "staging application",
        SessionDuration = "24h",
        Type = "self_hosted",
        ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
    });

});
package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v4/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewAccessApplication(ctx, "stagingApp", &cloudflare.AccessApplicationArgs{
			CorsHeaders: AccessApplicationCorsHeaderArray{
				&AccessApplicationCorsHeaderArgs{
					AllowCredentials: pulumi.Bool(true),
					AllowedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("POST"),
						pulumi.String("OPTIONS"),
					},
					AllowedOrigins: pulumi.StringArray{
						pulumi.String("https://example.com"),
					},
					MaxAge: pulumi.Int(10),
				},
			},
			Domain:          pulumi.String("staging.example.com"),
			Name:            pulumi.String("staging application"),
			SessionDuration: pulumi.String("24h"),
			Type:            pulumi.String("self_hosted"),
			ZoneId:          pulumi.String("0da42c8d2132a9ddaf714f9e7c920711"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessApplication;
import com.pulumi.cloudflare.AccessApplicationArgs;
import com.pulumi.cloudflare.inputs.AccessApplicationCorsHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var stagingApp = new AccessApplication("stagingApp", AccessApplicationArgs.builder()        
            .corsHeaders(AccessApplicationCorsHeaderArgs.builder()
                .allowCredentials(true)
                .allowedMethods(                
                    "GET",
                    "POST",
                    "OPTIONS")
                .allowedOrigins("https://example.com")
                .maxAge(10)
                .build())
            .domain("staging.example.com")
            .name("staging application")
            .sessionDuration("24h")
            .type("self_hosted")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .build());

    }
}
import pulumi
import pulumi_cloudflare as cloudflare

# With CORS configuration
staging_app = cloudflare.AccessApplication("stagingApp",
    cors_headers=[cloudflare.AccessApplicationCorsHeaderArgs(
        allow_credentials=True,
        allowed_methods=[
            "GET",
            "POST",
            "OPTIONS",
        ],
        allowed_origins=["https://example.com"],
        max_age=10,
    )],
    domain="staging.example.com",
    name="staging application",
    session_duration="24h",
    type="self_hosted",
    zone_id="0da42c8d2132a9ddaf714f9e7c920711")
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// With CORS configuration
const stagingApp = new cloudflare.AccessApplication("staging_app", {
    corsHeaders: [{
        allowCredentials: true,
        allowedMethods: [
            "GET",
            "POST",
            "OPTIONS",
        ],
        allowedOrigins: ["https://example.com"],
        maxAge: 10,
    }],
    domain: "staging.example.com",
    name: "staging application",
    sessionDuration: "24h",
    type: "self_hosted",
    zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
});
resources:
  # With CORS configuration
  stagingApp:
    type: cloudflare:AccessApplication
    properties:
      corsHeaders:
        - allowCredentials: true
          allowedMethods:
            - GET
            - POST
            - OPTIONS
          allowedOrigins:
            - https://example.com
          maxAge: 10
      domain: staging.example.com
      name: staging application
      sessionDuration: 24h
      type: self_hosted
      zoneId: 0da42c8d2132a9ddaf714f9e7c920711

Create AccessApplication Resource

new AccessApplication(name: string, args: AccessApplicationArgs, opts?: CustomResourceOptions);
@overload
def AccessApplication(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      account_id: Optional[str] = None,
                      allowed_idps: Optional[Sequence[str]] = None,
                      app_launcher_visible: Optional[bool] = None,
                      auto_redirect_to_identity: Optional[bool] = None,
                      cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
                      custom_deny_message: Optional[str] = None,
                      custom_deny_url: Optional[str] = None,
                      domain: Optional[str] = None,
                      enable_binding_cookie: Optional[bool] = None,
                      http_only_cookie_attribute: Optional[bool] = None,
                      logo_url: Optional[str] = None,
                      name: Optional[str] = None,
                      saas_app: Optional[AccessApplicationSaasAppArgs] = None,
                      same_site_cookie_attribute: Optional[str] = None,
                      service_auth401_redirect: Optional[bool] = None,
                      session_duration: Optional[str] = None,
                      skip_interstitial: Optional[bool] = None,
                      type: Optional[str] = None,
                      zone_id: Optional[str] = None)
@overload
def AccessApplication(resource_name: str,
                      args: AccessApplicationArgs,
                      opts: Optional[ResourceOptions] = None)
func NewAccessApplication(ctx *Context, name string, args AccessApplicationArgs, opts ...ResourceOption) (*AccessApplication, error)
public AccessApplication(string name, AccessApplicationArgs args, CustomResourceOptions? opts = null)
public AccessApplication(String name, AccessApplicationArgs args)
public AccessApplication(String name, AccessApplicationArgs args, CustomResourceOptions options)
type: cloudflare:AccessApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessApplicationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessApplication Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessApplication resource accepts the following input properties:

Name string

Friendly name of the Access Application.

AccountId string

The account identifier to target for the resource. Conflicts with zone_id.

AllowedIdps List<string>

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher. Defaults to true.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

CorsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

SaasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI. Defaults to false.

Type string

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

Name string

Friendly name of the Access Application.

AccountId string

The account identifier to target for the resource. Conflicts with zone_id.

AllowedIdps []string

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher. Defaults to true.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

CorsHeaders []AccessApplicationCorsHeaderArgs

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

SaasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI. Defaults to false.

Type string

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

name String

Friendly name of the Access Application.

accountId String

The account identifier to target for the resource. Conflicts with zone_id.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher. Defaults to true.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

corsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

saasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type String

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

name string

Friendly name of the Access Application.

accountId string

The account identifier to target for the resource. Conflicts with zone_id.

allowedIdps string[]

The identity providers selected for the application.

appLauncherVisible boolean

Option to show/hide applications in App Launcher. Defaults to true.

autoRedirectToIdentity boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

corsHeaders AccessApplicationCorsHeaderArgs[]

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

httpOnlyCookieAttribute boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl string

Image URL for the logo shown in the app launcher dashboard.

saasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

sameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

serviceAuth401Redirect boolean

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

sessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skipInterstitial boolean

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type string

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zoneId string

The zone identifier to target for the resource. Conflicts with account_id.

name str

Friendly name of the Access Application.

account_id str

The account identifier to target for the resource. Conflicts with zone_id.

allowed_idps Sequence[str]

The identity providers selected for the application.

app_launcher_visible bool

Option to show/hide applications in App Launcher. Defaults to true.

auto_redirect_to_identity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

cors_headers Sequence[AccessApplicationCorsHeaderArgs]

CORS configuration for the Access Application. See below for reference structure.

custom_deny_message str

Option that returns a custom error message when a user is denied access to the application.

custom_deny_url str

Option that redirects to a custom URL when a user is denied access to the application.

domain str

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enable_binding_cookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

http_only_cookie_attribute bool

Option to add the HttpOnly cookie flag to access tokens.

logo_url str

Image URL for the logo shown in the app launcher dashboard.

saas_app AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

same_site_cookie_attribute str

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

service_auth401_redirect bool

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

session_duration str

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skip_interstitial bool

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type str

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zone_id str

The zone identifier to target for the resource. Conflicts with account_id.

name String

Friendly name of the Access Application.

accountId String

The account identifier to target for the resource. Conflicts with zone_id.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher. Defaults to true.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

corsHeaders List<Property Map>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

saasApp Property Map

SaaS configuration for the Access Application.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type String

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessApplication resource produces the following output properties:

Aud string

Application Audience (AUD) Tag of the application.

Id string

The provider-assigned unique ID for this managed resource.

Aud string

Application Audience (AUD) Tag of the application.

Id string

The provider-assigned unique ID for this managed resource.

aud String

Application Audience (AUD) Tag of the application.

id String

The provider-assigned unique ID for this managed resource.

aud string

Application Audience (AUD) Tag of the application.

id string

The provider-assigned unique ID for this managed resource.

aud str

Application Audience (AUD) Tag of the application.

id str

The provider-assigned unique ID for this managed resource.

aud String

Application Audience (AUD) Tag of the application.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AccessApplication Resource

Get an existing AccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessApplicationState, opts?: CustomResourceOptions): AccessApplication
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        allowed_idps: Optional[Sequence[str]] = None,
        app_launcher_visible: Optional[bool] = None,
        aud: Optional[str] = None,
        auto_redirect_to_identity: Optional[bool] = None,
        cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
        custom_deny_message: Optional[str] = None,
        custom_deny_url: Optional[str] = None,
        domain: Optional[str] = None,
        enable_binding_cookie: Optional[bool] = None,
        http_only_cookie_attribute: Optional[bool] = None,
        logo_url: Optional[str] = None,
        name: Optional[str] = None,
        saas_app: Optional[AccessApplicationSaasAppArgs] = None,
        same_site_cookie_attribute: Optional[str] = None,
        service_auth401_redirect: Optional[bool] = None,
        session_duration: Optional[str] = None,
        skip_interstitial: Optional[bool] = None,
        type: Optional[str] = None,
        zone_id: Optional[str] = None) -> AccessApplication
func GetAccessApplication(ctx *Context, name string, id IDInput, state *AccessApplicationState, opts ...ResourceOption) (*AccessApplication, error)
public static AccessApplication Get(string name, Input<string> id, AccessApplicationState? state, CustomResourceOptions? opts = null)
public static AccessApplication get(String name, Output<String> id, AccessApplicationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountId string

The account identifier to target for the resource. Conflicts with zone_id.

AllowedIdps List<string>

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher. Defaults to true.

Aud string

Application Audience (AUD) Tag of the application.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

CorsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

Name string

Friendly name of the Access Application.

SaasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI. Defaults to false.

Type string

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

AccountId string

The account identifier to target for the resource. Conflicts with zone_id.

AllowedIdps []string

The identity providers selected for the application.

AppLauncherVisible bool

Option to show/hide applications in App Launcher. Defaults to true.

Aud string

Application Audience (AUD) Tag of the application.

AutoRedirectToIdentity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

CorsHeaders []AccessApplicationCorsHeaderArgs

CORS configuration for the Access Application. See below for reference structure.

CustomDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

CustomDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

Domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

EnableBindingCookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

HttpOnlyCookieAttribute bool

Option to add the HttpOnly cookie flag to access tokens.

LogoUrl string

Image URL for the logo shown in the app launcher dashboard.

Name string

Friendly name of the Access Application.

SaasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

SameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

ServiceAuth401Redirect bool

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

SessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

SkipInterstitial bool

Option to skip the authorization interstitial when using the CLI. Defaults to false.

Type string

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

accountId String

The account identifier to target for the resource. Conflicts with zone_id.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher. Defaults to true.

aud String

Application Audience (AUD) Tag of the application.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

corsHeaders List<AccessApplicationCorsHeaderArgs>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

name String

Friendly name of the Access Application.

saasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type String

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

accountId string

The account identifier to target for the resource. Conflicts with zone_id.

allowedIdps string[]

The identity providers selected for the application.

appLauncherVisible boolean

Option to show/hide applications in App Launcher. Defaults to true.

aud string

Application Audience (AUD) Tag of the application.

autoRedirectToIdentity boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

corsHeaders AccessApplicationCorsHeaderArgs[]

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage string

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl string

Option that redirects to a custom URL when a user is denied access to the application.

domain string

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

httpOnlyCookieAttribute boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl string

Image URL for the logo shown in the app launcher dashboard.

name string

Friendly name of the Access Application.

saasApp AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

sameSiteCookieAttribute string

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

serviceAuth401Redirect boolean

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

sessionDuration string

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skipInterstitial boolean

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type string

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zoneId string

The zone identifier to target for the resource. Conflicts with account_id.

account_id str

The account identifier to target for the resource. Conflicts with zone_id.

allowed_idps Sequence[str]

The identity providers selected for the application.

app_launcher_visible bool

Option to show/hide applications in App Launcher. Defaults to true.

aud str

Application Audience (AUD) Tag of the application.

auto_redirect_to_identity bool

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

cors_headers Sequence[AccessApplicationCorsHeaderArgs]

CORS configuration for the Access Application. See below for reference structure.

custom_deny_message str

Option that returns a custom error message when a user is denied access to the application.

custom_deny_url str

Option that redirects to a custom URL when a user is denied access to the application.

domain str

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enable_binding_cookie bool

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

http_only_cookie_attribute bool

Option to add the HttpOnly cookie flag to access tokens.

logo_url str

Image URL for the logo shown in the app launcher dashboard.

name str

Friendly name of the Access Application.

saas_app AccessApplicationSaasAppArgs

SaaS configuration for the Access Application.

same_site_cookie_attribute str

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

service_auth401_redirect bool

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

session_duration str

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skip_interstitial bool

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type str

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zone_id str

The zone identifier to target for the resource. Conflicts with account_id.

accountId String

The account identifier to target for the resource. Conflicts with zone_id.

allowedIdps List<String>

The identity providers selected for the application.

appLauncherVisible Boolean

Option to show/hide applications in App Launcher. Defaults to true.

aud String

Application Audience (AUD) Tag of the application.

autoRedirectToIdentity Boolean

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

corsHeaders List<Property Map>

CORS configuration for the Access Application. See below for reference structure.

customDenyMessage String

Option that returns a custom error message when a user is denied access to the application.

customDenyUrl String

Option that redirects to a custom URL when a user is denied access to the application.

domain String

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

enableBindingCookie Boolean

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

httpOnlyCookieAttribute Boolean

Option to add the HttpOnly cookie flag to access tokens.

logoUrl String

Image URL for the logo shown in the app launcher dashboard.

name String

Friendly name of the Access Application.

saasApp Property Map

SaaS configuration for the Access Application.

sameSiteCookieAttribute String

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

serviceAuth401Redirect Boolean

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

sessionDuration String

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

skipInterstitial Boolean

Option to skip the authorization interstitial when using the CLI. Defaults to false.

type String

The application type. Available values: self_hosted, saas, ssh, vnc, bookmark. Defaults to self_hosted.

zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

Supporting Types

AccessApplicationCorsHeader

AllowAllHeaders bool

Value to determine whether all HTTP headers are exposed.

AllowAllMethods bool

Value to determine whether all methods are exposed.

AllowAllOrigins bool

Value to determine whether all origins are permitted to make CORS requests.

AllowCredentials bool

Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

AllowedHeaders List<string>

List of HTTP headers to expose via CORS.

AllowedMethods List<string>

List of methods to expose via CORS.

AllowedOrigins List<string>

List of origins permitted to make CORS requests.

MaxAge int

The maximum time a preflight request will be cached.

AllowAllHeaders bool

Value to determine whether all HTTP headers are exposed.

AllowAllMethods bool

Value to determine whether all methods are exposed.

AllowAllOrigins bool

Value to determine whether all origins are permitted to make CORS requests.

AllowCredentials bool

Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

AllowedHeaders []string

List of HTTP headers to expose via CORS.

AllowedMethods []string

List of methods to expose via CORS.

AllowedOrigins []string

List of origins permitted to make CORS requests.

MaxAge int

The maximum time a preflight request will be cached.

allowAllHeaders Boolean

Value to determine whether all HTTP headers are exposed.

allowAllMethods Boolean

Value to determine whether all methods are exposed.

allowAllOrigins Boolean

Value to determine whether all origins are permitted to make CORS requests.

allowCredentials Boolean

Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

allowedHeaders List<String>

List of HTTP headers to expose via CORS.

allowedMethods List<String>

List of methods to expose via CORS.

allowedOrigins List<String>

List of origins permitted to make CORS requests.

maxAge Integer

The maximum time a preflight request will be cached.

allowAllHeaders boolean

Value to determine whether all HTTP headers are exposed.

allowAllMethods boolean

Value to determine whether all methods are exposed.

allowAllOrigins boolean

Value to determine whether all origins are permitted to make CORS requests.

allowCredentials boolean

Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

allowedHeaders string[]

List of HTTP headers to expose via CORS.

allowedMethods string[]

List of methods to expose via CORS.

allowedOrigins string[]

List of origins permitted to make CORS requests.

maxAge number

The maximum time a preflight request will be cached.

allow_all_headers bool

Value to determine whether all HTTP headers are exposed.

allow_all_methods bool

Value to determine whether all methods are exposed.

allow_all_origins bool

Value to determine whether all origins are permitted to make CORS requests.

allow_credentials bool

Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

allowed_headers Sequence[str]

List of HTTP headers to expose via CORS.

allowed_methods Sequence[str]

List of methods to expose via CORS.

allowed_origins Sequence[str]

List of origins permitted to make CORS requests.

max_age int

The maximum time a preflight request will be cached.

allowAllHeaders Boolean

Value to determine whether all HTTP headers are exposed.

allowAllMethods Boolean

Value to determine whether all methods are exposed.

allowAllOrigins Boolean

Value to determine whether all origins are permitted to make CORS requests.

allowCredentials Boolean

Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.

allowedHeaders List<String>

List of HTTP headers to expose via CORS.

allowedMethods List<String>

List of methods to expose via CORS.

allowedOrigins List<String>

List of origins permitted to make CORS requests.

maxAge Number

The maximum time a preflight request will be cached.

AccessApplicationSaasApp

ConsumerServiceUrl string

The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.

SpEntityId string

A globally unique name for an identity or service provider.

NameIdFormat string

The format of the name identifier sent to the SaaS application. Defaults to email.

ConsumerServiceUrl string

The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.

SpEntityId string

A globally unique name for an identity or service provider.

NameIdFormat string

The format of the name identifier sent to the SaaS application. Defaults to email.

consumerServiceUrl String

The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.

spEntityId String

A globally unique name for an identity or service provider.

nameIdFormat String

The format of the name identifier sent to the SaaS application. Defaults to email.

consumerServiceUrl string

The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.

spEntityId string

A globally unique name for an identity or service provider.

nameIdFormat string

The format of the name identifier sent to the SaaS application. Defaults to email.

consumer_service_url str

The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.

sp_entity_id str

A globally unique name for an identity or service provider.

name_id_format str

The format of the name identifier sent to the SaaS application. Defaults to email.

consumerServiceUrl String

The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.

spEntityId String

A globally unique name for an identity or service provider.

nameIdFormat String

The format of the name identifier sent to the SaaS application. Defaults to email.

Import

 $ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes

This Pulumi package is based on the cloudflare Terraform Provider.