cloudflare logo
Cloudflare v5.2.1, May 23 23

cloudflare.AccessGroup

Explore with Pulumi AI

Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.

It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    // Allowing access to `test@example.com` email address only
    var exampleAccessGroup = new Cloudflare.AccessGroup("exampleAccessGroup", new()
    {
        AccountId = "f037e56e89293a057740de681ac9abbe",
        Name = "staging group",
        Includes = new[]
        {
            new Cloudflare.Inputs.AccessGroupIncludeArgs
            {
                Emails = new[]
                {
                    "test@example.com",
                },
            },
        },
    });

    // Allowing `test@example.com` to access but only when coming from a
    // specific IP.
    var exampleIndex_accessGroupAccessGroup = new Cloudflare.AccessGroup("exampleIndex/accessGroupAccessGroup", new()
    {
        AccountId = "f037e56e89293a057740de681ac9abbe",
        Name = "staging group",
        Includes = new[]
        {
            new Cloudflare.Inputs.AccessGroupIncludeArgs
            {
                Emails = new[]
                {
                    "test@example.com",
                },
            },
        },
        Requires = 
        {
            { "ips", new[]
            {
                @var.Office_ip,
            } },
        },
    });

    // Allow members of an Azure Group. The ID is the group UUID (id) in Azure.
    var exampleCloudflareIndex_accessGroupAccessGroup = new Cloudflare.AccessGroup("exampleCloudflareIndex/accessGroupAccessGroup", new()
    {
        AccountId = "f037e56e89293a057740de681ac9abbe",
        Name = "test_group",
        Includes = new[]
        {
            new Cloudflare.Inputs.AccessGroupIncludeArgs
            {
                Azures = new[]
                {
                    new Cloudflare.Inputs.AccessGroupIncludeAzureArgs
                    {
                        IdentityProviderId = "ca298b82-93b5-41bf-bc2d-10493f09b761",
                        Ids = new[]
                        {
                            "86773093-5feb-48dd-814b-7ccd3676ff50",
                        },
                    },
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewAccessGroup(ctx, "exampleAccessGroup", &cloudflare.AccessGroupArgs{
			AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
			Name:      pulumi.String("staging group"),
			Includes: cloudflare.AccessGroupIncludeArray{
				&cloudflare.AccessGroupIncludeArgs{
					Emails: pulumi.StringArray{
						pulumi.String("test@example.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = cloudflare.NewAccessGroup(ctx, "exampleIndex/accessGroupAccessGroup", &cloudflare.AccessGroupArgs{
			AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
			Name:      pulumi.String("staging group"),
			Includes: cloudflare.AccessGroupIncludeArray{
				&cloudflare.AccessGroupIncludeArgs{
					Emails: pulumi.StringArray{
						pulumi.String("test@example.com"),
					},
				},
			},
			Requires: cloudflare.AccessGroupRequireArray{
				Ips: cloudflare.AccessGroupRequireArgs{
					_var.Office_ip,
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = cloudflare.NewAccessGroup(ctx, "exampleCloudflareIndex/accessGroupAccessGroup", &cloudflare.AccessGroupArgs{
			AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
			Name:      pulumi.String("test_group"),
			Includes: cloudflare.AccessGroupIncludeArray{
				&cloudflare.AccessGroupIncludeArgs{
					Azures: cloudflare.AccessGroupIncludeAzureArray{
						&cloudflare.AccessGroupIncludeAzureArgs{
							IdentityProviderId: pulumi.String("ca298b82-93b5-41bf-bc2d-10493f09b761"),
							Ids: pulumi.StringArray{
								pulumi.String("86773093-5feb-48dd-814b-7ccd3676ff50"),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessGroup;
import com.pulumi.cloudflare.AccessGroupArgs;
import com.pulumi.cloudflare.inputs.AccessGroupIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleAccessGroup = new AccessGroup("exampleAccessGroup", AccessGroupArgs.builder()        
            .accountId("f037e56e89293a057740de681ac9abbe")
            .name("staging group")
            .includes(AccessGroupIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .build());

        var exampleIndex_accessGroupAccessGroup = new AccessGroup("exampleIndex/accessGroupAccessGroup", AccessGroupArgs.builder()        
            .accountId("f037e56e89293a057740de681ac9abbe")
            .name("staging group")
            .includes(AccessGroupIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .requires(AccessGroupRequireArgs.builder()
                .ips(var_.office_ip())
                .build())
            .build());

        var exampleCloudflareIndex_accessGroupAccessGroup = new AccessGroup("exampleCloudflareIndex/accessGroupAccessGroup", AccessGroupArgs.builder()        
            .accountId("f037e56e89293a057740de681ac9abbe")
            .name("test_group")
            .includes(AccessGroupIncludeArgs.builder()
                .azures(AccessGroupIncludeAzureArgs.builder()
                    .identityProviderId("ca298b82-93b5-41bf-bc2d-10493f09b761")
                    .ids("86773093-5feb-48dd-814b-7ccd3676ff50")
                    .build())
                .build())
            .build());

    }
}
import pulumi
import pulumi_cloudflare as cloudflare

# Allowing access to `test@example.com` email address only
example_access_group = cloudflare.AccessGroup("exampleAccessGroup",
    account_id="f037e56e89293a057740de681ac9abbe",
    name="staging group",
    includes=[cloudflare.AccessGroupIncludeArgs(
        emails=["test@example.com"],
    )])
# Allowing `test@example.com` to access but only when coming from a
# specific IP.
example_index_access_group_access_group = cloudflare.AccessGroup("exampleIndex/accessGroupAccessGroup",
    account_id="f037e56e89293a057740de681ac9abbe",
    name="staging group",
    includes=[cloudflare.AccessGroupIncludeArgs(
        emails=["test@example.com"],
    )],
    requires={
        "ips": [var["office_ip"]],
    })
# Allow members of an Azure Group. The ID is the group UUID (id) in Azure.
example_cloudflare_index_access_group_access_group = cloudflare.AccessGroup("exampleCloudflareIndex/accessGroupAccessGroup",
    account_id="f037e56e89293a057740de681ac9abbe",
    name="test_group",
    includes=[cloudflare.AccessGroupIncludeArgs(
        azures=[cloudflare.AccessGroupIncludeAzureArgs(
            identity_provider_id="ca298b82-93b5-41bf-bc2d-10493f09b761",
            ids=["86773093-5feb-48dd-814b-7ccd3676ff50"],
        )],
    )])
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Allowing access to `test@example.com` email address only
const exampleAccessGroup = new cloudflare.AccessGroup("exampleAccessGroup", {
    accountId: "f037e56e89293a057740de681ac9abbe",
    name: "staging group",
    includes: [{
        emails: ["test@example.com"],
    }],
});
// Allowing `test@example.com` to access but only when coming from a
// specific IP.
const exampleIndex_accessGroupAccessGroup = new cloudflare.AccessGroup("exampleIndex/accessGroupAccessGroup", {
    accountId: "f037e56e89293a057740de681ac9abbe",
    name: "staging group",
    includes: [{
        emails: ["test@example.com"],
    }],
    requires: {
        ips: [_var.office_ip],
    },
});
// Allow members of an Azure Group. The ID is the group UUID (id) in Azure.
const exampleCloudflareIndex_accessGroupAccessGroup = new cloudflare.AccessGroup("exampleCloudflareIndex/accessGroupAccessGroup", {
    accountId: "f037e56e89293a057740de681ac9abbe",
    name: "test_group",
    includes: [{
        azures: [{
            identityProviderId: "ca298b82-93b5-41bf-bc2d-10493f09b761",
            ids: ["86773093-5feb-48dd-814b-7ccd3676ff50"],
        }],
    }],
});
resources:
  # Allowing access to `test@example.com` email address only
  exampleAccessGroup:
    type: cloudflare:AccessGroup
    properties:
      accountId: f037e56e89293a057740de681ac9abbe
      name: staging group
      includes:
        - emails:
            - test@example.com
  # Allowing `test@example.com` to access but only when coming from a
  # specific IP.
  exampleIndex/accessGroupAccessGroup:
    type: cloudflare:AccessGroup
    properties:
      accountId: f037e56e89293a057740de681ac9abbe
      name: staging group
      includes:
        - emails:
            - test@example.com
      requires:
        ips:
          - ${var.office_ip}
  # Allow members of an Azure Group. The ID is the group UUID (id) in Azure.
  exampleCloudflareIndex/accessGroupAccessGroup:
    type: cloudflare:AccessGroup
    properties:
      accountId: f037e56e89293a057740de681ac9abbe
      name: test_group
      includes:
        - azures:
            - identityProviderId: ca298b82-93b5-41bf-bc2d-10493f09b761
              ids:
                - 86773093-5feb-48dd-814b-7ccd3676ff50

Create AccessGroup Resource

new AccessGroup(name: string, args: AccessGroupArgs, opts?: CustomResourceOptions);
@overload
def AccessGroup(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                account_id: Optional[str] = None,
                excludes: Optional[Sequence[AccessGroupExcludeArgs]] = None,
                includes: Optional[Sequence[AccessGroupIncludeArgs]] = None,
                name: Optional[str] = None,
                requires: Optional[Sequence[AccessGroupRequireArgs]] = None,
                zone_id: Optional[str] = None)
@overload
def AccessGroup(resource_name: str,
                args: AccessGroupArgs,
                opts: Optional[ResourceOptions] = None)
func NewAccessGroup(ctx *Context, name string, args AccessGroupArgs, opts ...ResourceOption) (*AccessGroup, error)
public AccessGroup(string name, AccessGroupArgs args, CustomResourceOptions? opts = null)
public AccessGroup(String name, AccessGroupArgs args)
public AccessGroup(String name, AccessGroupArgs args, CustomResourceOptions options)
type: cloudflare:AccessGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccessGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessGroupArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessGroup resource accepts the following input properties:

Includes List<AccessGroupIncludeArgs>
Name string
AccountId string

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

Excludes List<AccessGroupExcludeArgs>
Requires List<AccessGroupRequireArgs>
ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

Includes []AccessGroupIncludeArgs
Name string
AccountId string

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

Excludes []AccessGroupExcludeArgs
Requires []AccessGroupRequireArgs
ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

includes List<AccessGroupIncludeArgs>
name String
accountId String

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes List<AccessGroupExcludeArgs>
requires List<AccessGroupRequireArgs>
zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

includes AccessGroupIncludeArgs[]
name string
accountId string

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes AccessGroupExcludeArgs[]
requires AccessGroupRequireArgs[]
zoneId string

The zone identifier to target for the resource. Conflicts with account_id.

includes Sequence[AccessGroupIncludeArgs]
name str
account_id str

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes Sequence[AccessGroupExcludeArgs]
requires Sequence[AccessGroupRequireArgs]
zone_id str

The zone identifier to target for the resource. Conflicts with account_id.

includes List<Property Map>
name String
accountId String

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes List<Property Map>
requires List<Property Map>
zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessGroup resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AccessGroup Resource

Get an existing AccessGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessGroupState, opts?: CustomResourceOptions): AccessGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        excludes: Optional[Sequence[AccessGroupExcludeArgs]] = None,
        includes: Optional[Sequence[AccessGroupIncludeArgs]] = None,
        name: Optional[str] = None,
        requires: Optional[Sequence[AccessGroupRequireArgs]] = None,
        zone_id: Optional[str] = None) -> AccessGroup
func GetAccessGroup(ctx *Context, name string, id IDInput, state *AccessGroupState, opts ...ResourceOption) (*AccessGroup, error)
public static AccessGroup Get(string name, Input<string> id, AccessGroupState? state, CustomResourceOptions? opts = null)
public static AccessGroup get(String name, Output<String> id, AccessGroupState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountId string

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

Excludes List<AccessGroupExcludeArgs>
Includes List<AccessGroupIncludeArgs>
Name string
Requires List<AccessGroupRequireArgs>
ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

AccountId string

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

Excludes []AccessGroupExcludeArgs
Includes []AccessGroupIncludeArgs
Name string
Requires []AccessGroupRequireArgs
ZoneId string

The zone identifier to target for the resource. Conflicts with account_id.

accountId String

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes List<AccessGroupExcludeArgs>
includes List<AccessGroupIncludeArgs>
name String
requires List<AccessGroupRequireArgs>
zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

accountId string

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes AccessGroupExcludeArgs[]
includes AccessGroupIncludeArgs[]
name string
requires AccessGroupRequireArgs[]
zoneId string

The zone identifier to target for the resource. Conflicts with account_id.

account_id str

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes Sequence[AccessGroupExcludeArgs]
includes Sequence[AccessGroupIncludeArgs]
name str
requires Sequence[AccessGroupRequireArgs]
zone_id str

The zone identifier to target for the resource. Conflicts with account_id.

accountId String

The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.

excludes List<Property Map>
includes List<Property Map>
name String
requires List<Property Map>
zoneId String

The zone identifier to target for the resource. Conflicts with account_id.

Supporting Types

AccessGroupExclude

AccessGroupExcludeAzure

IdentityProviderId string
Ids List<string>

The ID of this resource.

IdentityProviderId string
Ids []string

The ID of this resource.

identityProviderId String
ids List<String>

The ID of this resource.

identityProviderId string
ids string[]

The ID of this resource.

identity_provider_id str
ids Sequence[str]

The ID of this resource.

identityProviderId String
ids List<String>

The ID of this resource.

AccessGroupExcludeExternalEvaluation

EvaluateUrl string
KeysUrl string
EvaluateUrl string
KeysUrl string
evaluateUrl String
keysUrl String
evaluateUrl string
keysUrl string
evaluateUrl String
keysUrl String

AccessGroupExcludeGithub

IdentityProviderId string
Name string
Teams List<string>
IdentityProviderId string
Name string
Teams []string
identityProviderId String
name String
teams List<String>
identityProviderId string
name string
teams string[]
identity_provider_id str
name str
teams Sequence[str]
identityProviderId String
name String
teams List<String>

AccessGroupExcludeGsuite

Emails List<string>
IdentityProviderId string
Emails []string
IdentityProviderId string
emails List<String>
identityProviderId String
emails string[]
identityProviderId string
emails Sequence[str]
identity_provider_id str
emails List<String>
identityProviderId String

AccessGroupExcludeOkta

IdentityProviderId string
Names List<string>
IdentityProviderId string
Names []string
identityProviderId String
names List<String>
identityProviderId string
names string[]
identity_provider_id str
names Sequence[str]
identityProviderId String
names List<String>

AccessGroupExcludeSaml

AccessGroupInclude

AccessGroupIncludeAzure

IdentityProviderId string
Ids List<string>

The ID of this resource.

IdentityProviderId string
Ids []string

The ID of this resource.

identityProviderId String
ids List<String>

The ID of this resource.

identityProviderId string
ids string[]

The ID of this resource.

identity_provider_id str
ids Sequence[str]

The ID of this resource.

identityProviderId String
ids List<String>

The ID of this resource.

AccessGroupIncludeExternalEvaluation

EvaluateUrl string
KeysUrl string
EvaluateUrl string
KeysUrl string
evaluateUrl String
keysUrl String
evaluateUrl string
keysUrl string
evaluateUrl String
keysUrl String

AccessGroupIncludeGithub

IdentityProviderId string
Name string
Teams List<string>
IdentityProviderId string
Name string
Teams []string
identityProviderId String
name String
teams List<String>
identityProviderId string
name string
teams string[]
identity_provider_id str
name str
teams Sequence[str]
identityProviderId String
name String
teams List<String>

AccessGroupIncludeGsuite

Emails List<string>
IdentityProviderId string
Emails []string
IdentityProviderId string
emails List<String>
identityProviderId String
emails string[]
identityProviderId string
emails Sequence[str]
identity_provider_id str
emails List<String>
identityProviderId String

AccessGroupIncludeOkta

IdentityProviderId string
Names List<string>
IdentityProviderId string
Names []string
identityProviderId String
names List<String>
identityProviderId string
names string[]
identity_provider_id str
names Sequence[str]
identityProviderId String
names List<String>

AccessGroupIncludeSaml

AccessGroupRequire

AccessGroupRequireAzure

IdentityProviderId string
Ids List<string>

The ID of this resource.

IdentityProviderId string
Ids []string

The ID of this resource.

identityProviderId String
ids List<String>

The ID of this resource.

identityProviderId string
ids string[]

The ID of this resource.

identity_provider_id str
ids Sequence[str]

The ID of this resource.

identityProviderId String
ids List<String>

The ID of this resource.

AccessGroupRequireExternalEvaluation

EvaluateUrl string
KeysUrl string
EvaluateUrl string
KeysUrl string
evaluateUrl String
keysUrl String
evaluateUrl string
keysUrl string
evaluateUrl String
keysUrl String

AccessGroupRequireGithub

IdentityProviderId string
Name string
Teams List<string>
IdentityProviderId string
Name string
Teams []string
identityProviderId String
name String
teams List<String>
identityProviderId string
name string
teams string[]
identity_provider_id str
name str
teams Sequence[str]
identityProviderId String
name String
teams List<String>

AccessGroupRequireGsuite

Emails List<string>
IdentityProviderId string
Emails []string
IdentityProviderId string
emails List<String>
identityProviderId String
emails string[]
identityProviderId string
emails Sequence[str]
identity_provider_id str
emails List<String>
identityProviderId String

AccessGroupRequireOkta

IdentityProviderId string
Names List<string>
IdentityProviderId string
Names []string
identityProviderId String
names List<String>
identityProviderId string
names string[]
identity_provider_id str
names Sequence[str]
identityProviderId String
names List<String>

AccessGroupRequireSaml

Import

 $ pulumi import cloudflare:index/accessGroup:AccessGroup example <account_id>/<group_id>

Package Details

Repository
Cloudflare pulumi/pulumi-cloudflare
License
Apache-2.0
Notes

This Pulumi package is based on the cloudflare Terraform Provider.