1. Packages
  2. Cloudflare
  3. API Docs
  4. AccessPolicy
Cloudflare v5.11.0 published on Wednesday, Sep 20, 2023 by Pulumi

cloudflare.AccessPolicy

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.11.0 published on Wednesday, Sep 20, 2023 by Pulumi

    Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

    It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Cloudflare = Pulumi.Cloudflare;
    
    return await Deployment.RunAsync(() => 
    {
        // Allowing access to `test@example.com` email address only
        var testPolicyAccessPolicy = new Cloudflare.AccessPolicy("testPolicyAccessPolicy", new()
        {
            ApplicationId = "cb029e245cfdd66dc8d2e570d5dd3322",
            ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
            Name = "staging policy",
            Precedence = 1,
            Decision = "allow",
            Includes = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeArgs
                {
                    Emails = new[]
                    {
                        "test@example.com",
                    },
                },
            },
            Requires = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireArgs
                {
                    Emails = new[]
                    {
                        "test@example.com",
                    },
                },
            },
        });
    
        // Allowing `test@example.com` to access but only when coming from a
        // specific IP.
        var testPolicyIndex_accessPolicyAccessPolicy = new Cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", new()
        {
            ApplicationId = "cb029e245cfdd66dc8d2e570d5dd3322",
            ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
            Name = "staging policy",
            Precedence = 1,
            Decision = "allow",
            Includes = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeArgs
                {
                    Emails = new[]
                    {
                        "test@example.com",
                    },
                },
            },
            Requires = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireArgs
                {
                    Ips = new[]
                    {
                        @var.Office_ip,
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cloudflare.NewAccessPolicy(ctx, "testPolicyAccessPolicy", &cloudflare.AccessPolicyArgs{
    			ApplicationId: pulumi.String("cb029e245cfdd66dc8d2e570d5dd3322"),
    			ZoneId:        pulumi.String("0da42c8d2132a9ddaf714f9e7c920711"),
    			Name:          pulumi.String("staging policy"),
    			Precedence:    pulumi.Int(1),
    			Decision:      pulumi.String("allow"),
    			Includes: cloudflare.AccessPolicyIncludeArray{
    				&cloudflare.AccessPolicyIncludeArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("test@example.com"),
    					},
    				},
    			},
    			Requires: cloudflare.AccessPolicyRequireArray{
    				&cloudflare.AccessPolicyRequireArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("test@example.com"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = cloudflare.NewAccessPolicy(ctx, "testPolicyIndex/accessPolicyAccessPolicy", &cloudflare.AccessPolicyArgs{
    			ApplicationId: pulumi.String("cb029e245cfdd66dc8d2e570d5dd3322"),
    			ZoneId:        pulumi.String("0da42c8d2132a9ddaf714f9e7c920711"),
    			Name:          pulumi.String("staging policy"),
    			Precedence:    pulumi.Int(1),
    			Decision:      pulumi.String("allow"),
    			Includes: cloudflare.AccessPolicyIncludeArray{
    				&cloudflare.AccessPolicyIncludeArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("test@example.com"),
    					},
    				},
    			},
    			Requires: cloudflare.AccessPolicyRequireArray{
    				&cloudflare.AccessPolicyRequireArgs{
    					Ips: pulumi.StringArray{
    						_var.Office_ip,
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.cloudflare.AccessPolicy;
    import com.pulumi.cloudflare.AccessPolicyArgs;
    import com.pulumi.cloudflare.inputs.AccessPolicyIncludeArgs;
    import com.pulumi.cloudflare.inputs.AccessPolicyRequireArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testPolicyAccessPolicy = new AccessPolicy("testPolicyAccessPolicy", AccessPolicyArgs.builder()        
                .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
                .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
                .name("staging policy")
                .precedence("1")
                .decision("allow")
                .includes(AccessPolicyIncludeArgs.builder()
                    .emails("test@example.com")
                    .build())
                .requires(AccessPolicyRequireArgs.builder()
                    .emails("test@example.com")
                    .build())
                .build());
    
            var testPolicyIndex_accessPolicyAccessPolicy = new AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", AccessPolicyArgs.builder()        
                .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
                .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
                .name("staging policy")
                .precedence("1")
                .decision("allow")
                .includes(AccessPolicyIncludeArgs.builder()
                    .emails("test@example.com")
                    .build())
                .requires(AccessPolicyRequireArgs.builder()
                    .ips(var_.office_ip())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_cloudflare as cloudflare
    
    # Allowing access to `test@example.com` email address only
    test_policy_access_policy = cloudflare.AccessPolicy("testPolicyAccessPolicy",
        application_id="cb029e245cfdd66dc8d2e570d5dd3322",
        zone_id="0da42c8d2132a9ddaf714f9e7c920711",
        name="staging policy",
        precedence=1,
        decision="allow",
        includes=[cloudflare.AccessPolicyIncludeArgs(
            emails=["test@example.com"],
        )],
        requires=[cloudflare.AccessPolicyRequireArgs(
            emails=["test@example.com"],
        )])
    # Allowing `test@example.com` to access but only when coming from a
    # specific IP.
    test_policy_index_access_policy_access_policy = cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy",
        application_id="cb029e245cfdd66dc8d2e570d5dd3322",
        zone_id="0da42c8d2132a9ddaf714f9e7c920711",
        name="staging policy",
        precedence=1,
        decision="allow",
        includes=[cloudflare.AccessPolicyIncludeArgs(
            emails=["test@example.com"],
        )],
        requires=[cloudflare.AccessPolicyRequireArgs(
            ips=[var["office_ip"]],
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as cloudflare from "@pulumi/cloudflare";
    
    // Allowing access to `test@example.com` email address only
    const testPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyAccessPolicy", {
        applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
        zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
        name: "staging policy",
        precedence: 1,
        decision: "allow",
        includes: [{
            emails: ["test@example.com"],
        }],
        requires: [{
            emails: ["test@example.com"],
        }],
    });
    // Allowing `test@example.com` to access but only when coming from a
    // specific IP.
    const testPolicyIndex_accessPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", {
        applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
        zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
        name: "staging policy",
        precedence: 1,
        decision: "allow",
        includes: [{
            emails: ["test@example.com"],
        }],
        requires: [{
            ips: [_var.office_ip],
        }],
    });
    
    resources:
      # Allowing access to `test@example.com` email address only
      testPolicyAccessPolicy:
        type: cloudflare:AccessPolicy
        properties:
          applicationId: cb029e245cfdd66dc8d2e570d5dd3322
          zoneId: 0da42c8d2132a9ddaf714f9e7c920711
          name: staging policy
          precedence: '1'
          decision: allow
          includes:
            - emails:
                - test@example.com
          requires:
            - emails:
                - test@example.com
      # Allowing `test@example.com` to access but only when coming from a
      # specific IP.
      testPolicyIndex/accessPolicyAccessPolicy:
        type: cloudflare:AccessPolicy
        properties:
          applicationId: cb029e245cfdd66dc8d2e570d5dd3322
          zoneId: 0da42c8d2132a9ddaf714f9e7c920711
          name: staging policy
          precedence: '1'
          decision: allow
          includes:
            - emails:
                - test@example.com
          requires:
            - ips:
                - ${var.office_ip}
    

    Create AccessPolicy Resource

    new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AccessPolicy(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     account_id: Optional[str] = None,
                     application_id: Optional[str] = None,
                     approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
                     approval_required: Optional[bool] = None,
                     decision: Optional[str] = None,
                     excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
                     includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
                     isolation_required: Optional[bool] = None,
                     name: Optional[str] = None,
                     precedence: Optional[int] = None,
                     purpose_justification_prompt: Optional[str] = None,
                     purpose_justification_required: Optional[bool] = None,
                     requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
                     zone_id: Optional[str] = None)
    @overload
    def AccessPolicy(resource_name: str,
                     args: AccessPolicyArgs,
                     opts: Optional[ResourceOptions] = None)
    func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
    public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
    public AccessPolicy(String name, AccessPolicyArgs args)
    public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
    
    type: cloudflare:AccessPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AccessPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccessPolicy resource accepts the following input properties:

    ApplicationId string

    The ID of the application the policy is associated with.

    Decision string

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    Includes List<AccessPolicyInclude>

    A series of access conditions, see Access Groups.

    Name string

    Friendly name of the Access Policy.

    Precedence int

    The unique precedence for policies on a single application.

    AccountId string

    The account identifier to target for the resource. Conflicts with zone_id.

    ApprovalGroups List<AccessPolicyApprovalGroup>
    ApprovalRequired bool
    Excludes List<AccessPolicyExclude>

    A series of access conditions, see Access Groups.

    IsolationRequired bool

    Require this application to be served in an isolated browser for users matching this policy.

    PurposeJustificationPrompt string

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    PurposeJustificationRequired bool

    Whether to prompt the user for a justification for accessing the resource.

    Requires List<AccessPolicyRequire>

    A series of access conditions, see Access Groups.

    ZoneId string

    The zone identifier to target for the resource. Conflicts with account_id.

    ApplicationId string

    The ID of the application the policy is associated with.

    Decision string

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    Includes []AccessPolicyIncludeArgs

    A series of access conditions, see Access Groups.

    Name string

    Friendly name of the Access Policy.

    Precedence int

    The unique precedence for policies on a single application.

    AccountId string

    The account identifier to target for the resource. Conflicts with zone_id.

    ApprovalGroups []AccessPolicyApprovalGroupArgs
    ApprovalRequired bool
    Excludes []AccessPolicyExcludeArgs

    A series of access conditions, see Access Groups.

    IsolationRequired bool

    Require this application to be served in an isolated browser for users matching this policy.

    PurposeJustificationPrompt string

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    PurposeJustificationRequired bool

    Whether to prompt the user for a justification for accessing the resource.

    Requires []AccessPolicyRequireArgs

    A series of access conditions, see Access Groups.

    ZoneId string

    The zone identifier to target for the resource. Conflicts with account_id.

    applicationId String

    The ID of the application the policy is associated with.

    decision String

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    includes List<AccessPolicyInclude>

    A series of access conditions, see Access Groups.

    name String

    Friendly name of the Access Policy.

    precedence Integer

    The unique precedence for policies on a single application.

    accountId String

    The account identifier to target for the resource. Conflicts with zone_id.

    approvalGroups List<AccessPolicyApprovalGroup>
    approvalRequired Boolean
    excludes List<AccessPolicyExclude>

    A series of access conditions, see Access Groups.

    isolationRequired Boolean

    Require this application to be served in an isolated browser for users matching this policy.

    purposeJustificationPrompt String

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purposeJustificationRequired Boolean

    Whether to prompt the user for a justification for accessing the resource.

    requires List<AccessPolicyRequire>

    A series of access conditions, see Access Groups.

    zoneId String

    The zone identifier to target for the resource. Conflicts with account_id.

    applicationId string

    The ID of the application the policy is associated with.

    decision string

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    includes AccessPolicyInclude[]

    A series of access conditions, see Access Groups.

    name string

    Friendly name of the Access Policy.

    precedence number

    The unique precedence for policies on a single application.

    accountId string

    The account identifier to target for the resource. Conflicts with zone_id.

    approvalGroups AccessPolicyApprovalGroup[]
    approvalRequired boolean
    excludes AccessPolicyExclude[]

    A series of access conditions, see Access Groups.

    isolationRequired boolean

    Require this application to be served in an isolated browser for users matching this policy.

    purposeJustificationPrompt string

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purposeJustificationRequired boolean

    Whether to prompt the user for a justification for accessing the resource.

    requires AccessPolicyRequire[]

    A series of access conditions, see Access Groups.

    zoneId string

    The zone identifier to target for the resource. Conflicts with account_id.

    application_id str

    The ID of the application the policy is associated with.

    decision str

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    includes Sequence[AccessPolicyIncludeArgs]

    A series of access conditions, see Access Groups.

    name str

    Friendly name of the Access Policy.

    precedence int

    The unique precedence for policies on a single application.

    account_id str

    The account identifier to target for the resource. Conflicts with zone_id.

    approval_groups Sequence[AccessPolicyApprovalGroupArgs]
    approval_required bool
    excludes Sequence[AccessPolicyExcludeArgs]

    A series of access conditions, see Access Groups.

    isolation_required bool

    Require this application to be served in an isolated browser for users matching this policy.

    purpose_justification_prompt str

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purpose_justification_required bool

    Whether to prompt the user for a justification for accessing the resource.

    requires Sequence[AccessPolicyRequireArgs]

    A series of access conditions, see Access Groups.

    zone_id str

    The zone identifier to target for the resource. Conflicts with account_id.

    applicationId String

    The ID of the application the policy is associated with.

    decision String

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    includes List<Property Map>

    A series of access conditions, see Access Groups.

    name String

    Friendly name of the Access Policy.

    precedence Number

    The unique precedence for policies on a single application.

    accountId String

    The account identifier to target for the resource. Conflicts with zone_id.

    approvalGroups List<Property Map>
    approvalRequired Boolean
    excludes List<Property Map>

    A series of access conditions, see Access Groups.

    isolationRequired Boolean

    Require this application to be served in an isolated browser for users matching this policy.

    purposeJustificationPrompt String

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purposeJustificationRequired Boolean

    Whether to prompt the user for a justification for accessing the resource.

    requires List<Property Map>

    A series of access conditions, see Access Groups.

    zoneId String

    The zone identifier to target for the resource. Conflicts with account_id.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing AccessPolicy Resource

    Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            application_id: Optional[str] = None,
            approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
            approval_required: Optional[bool] = None,
            decision: Optional[str] = None,
            excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
            includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
            isolation_required: Optional[bool] = None,
            name: Optional[str] = None,
            precedence: Optional[int] = None,
            purpose_justification_prompt: Optional[str] = None,
            purpose_justification_required: Optional[bool] = None,
            requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
            zone_id: Optional[str] = None) -> AccessPolicy
    func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)
    public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)
    public static AccessPolicy get(String name, Output<String> id, AccessPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string

    The account identifier to target for the resource. Conflicts with zone_id.

    ApplicationId string

    The ID of the application the policy is associated with.

    ApprovalGroups List<AccessPolicyApprovalGroup>
    ApprovalRequired bool
    Decision string

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    Excludes List<AccessPolicyExclude>

    A series of access conditions, see Access Groups.

    Includes List<AccessPolicyInclude>

    A series of access conditions, see Access Groups.

    IsolationRequired bool

    Require this application to be served in an isolated browser for users matching this policy.

    Name string

    Friendly name of the Access Policy.

    Precedence int

    The unique precedence for policies on a single application.

    PurposeJustificationPrompt string

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    PurposeJustificationRequired bool

    Whether to prompt the user for a justification for accessing the resource.

    Requires List<AccessPolicyRequire>

    A series of access conditions, see Access Groups.

    ZoneId string

    The zone identifier to target for the resource. Conflicts with account_id.

    AccountId string

    The account identifier to target for the resource. Conflicts with zone_id.

    ApplicationId string

    The ID of the application the policy is associated with.

    ApprovalGroups []AccessPolicyApprovalGroupArgs
    ApprovalRequired bool
    Decision string

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    Excludes []AccessPolicyExcludeArgs

    A series of access conditions, see Access Groups.

    Includes []AccessPolicyIncludeArgs

    A series of access conditions, see Access Groups.

    IsolationRequired bool

    Require this application to be served in an isolated browser for users matching this policy.

    Name string

    Friendly name of the Access Policy.

    Precedence int

    The unique precedence for policies on a single application.

    PurposeJustificationPrompt string

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    PurposeJustificationRequired bool

    Whether to prompt the user for a justification for accessing the resource.

    Requires []AccessPolicyRequireArgs

    A series of access conditions, see Access Groups.

    ZoneId string

    The zone identifier to target for the resource. Conflicts with account_id.

    accountId String

    The account identifier to target for the resource. Conflicts with zone_id.

    applicationId String

    The ID of the application the policy is associated with.

    approvalGroups List<AccessPolicyApprovalGroup>
    approvalRequired Boolean
    decision String

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    excludes List<AccessPolicyExclude>

    A series of access conditions, see Access Groups.

    includes List<AccessPolicyInclude>

    A series of access conditions, see Access Groups.

    isolationRequired Boolean

    Require this application to be served in an isolated browser for users matching this policy.

    name String

    Friendly name of the Access Policy.

    precedence Integer

    The unique precedence for policies on a single application.

    purposeJustificationPrompt String

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purposeJustificationRequired Boolean

    Whether to prompt the user for a justification for accessing the resource.

    requires List<AccessPolicyRequire>

    A series of access conditions, see Access Groups.

    zoneId String

    The zone identifier to target for the resource. Conflicts with account_id.

    accountId string

    The account identifier to target for the resource. Conflicts with zone_id.

    applicationId string

    The ID of the application the policy is associated with.

    approvalGroups AccessPolicyApprovalGroup[]
    approvalRequired boolean
    decision string

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    excludes AccessPolicyExclude[]

    A series of access conditions, see Access Groups.

    includes AccessPolicyInclude[]

    A series of access conditions, see Access Groups.

    isolationRequired boolean

    Require this application to be served in an isolated browser for users matching this policy.

    name string

    Friendly name of the Access Policy.

    precedence number

    The unique precedence for policies on a single application.

    purposeJustificationPrompt string

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purposeJustificationRequired boolean

    Whether to prompt the user for a justification for accessing the resource.

    requires AccessPolicyRequire[]

    A series of access conditions, see Access Groups.

    zoneId string

    The zone identifier to target for the resource. Conflicts with account_id.

    account_id str

    The account identifier to target for the resource. Conflicts with zone_id.

    application_id str

    The ID of the application the policy is associated with.

    approval_groups Sequence[AccessPolicyApprovalGroupArgs]
    approval_required bool
    decision str

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    excludes Sequence[AccessPolicyExcludeArgs]

    A series of access conditions, see Access Groups.

    includes Sequence[AccessPolicyIncludeArgs]

    A series of access conditions, see Access Groups.

    isolation_required bool

    Require this application to be served in an isolated browser for users matching this policy.

    name str

    Friendly name of the Access Policy.

    precedence int

    The unique precedence for policies on a single application.

    purpose_justification_prompt str

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purpose_justification_required bool

    Whether to prompt the user for a justification for accessing the resource.

    requires Sequence[AccessPolicyRequireArgs]

    A series of access conditions, see Access Groups.

    zone_id str

    The zone identifier to target for the resource. Conflicts with account_id.

    accountId String

    The account identifier to target for the resource. Conflicts with zone_id.

    applicationId String

    The ID of the application the policy is associated with.

    approvalGroups List<Property Map>
    approvalRequired Boolean
    decision String

    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

    excludes List<Property Map>

    A series of access conditions, see Access Groups.

    includes List<Property Map>

    A series of access conditions, see Access Groups.

    isolationRequired Boolean

    Require this application to be served in an isolated browser for users matching this policy.

    name String

    Friendly name of the Access Policy.

    precedence Number

    The unique precedence for policies on a single application.

    purposeJustificationPrompt String

    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

    purposeJustificationRequired Boolean

    Whether to prompt the user for a justification for accessing the resource.

    requires List<Property Map>

    A series of access conditions, see Access Groups.

    zoneId String

    The zone identifier to target for the resource. Conflicts with account_id.

    Supporting Types

    AccessPolicyApprovalGroup, AccessPolicyApprovalGroupArgs

    ApprovalsNeeded int

    Number of approvals needed.

    EmailAddresses List<string>

    List of emails to request approval from.

    EmailListUuid string
    ApprovalsNeeded int

    Number of approvals needed.

    EmailAddresses []string

    List of emails to request approval from.

    EmailListUuid string
    approvalsNeeded Integer

    Number of approvals needed.

    emailAddresses List<String>

    List of emails to request approval from.

    emailListUuid String
    approvalsNeeded number

    Number of approvals needed.

    emailAddresses string[]

    List of emails to request approval from.

    emailListUuid string
    approvals_needed int

    Number of approvals needed.

    email_addresses Sequence[str]

    List of emails to request approval from.

    email_list_uuid str
    approvalsNeeded Number

    Number of approvals needed.

    emailAddresses List<String>

    List of emails to request approval from.

    emailListUuid String

    AccessPolicyExclude, AccessPolicyExcludeArgs

    anyValidServiceToken Boolean
    authContexts List<Property Map>
    authMethod String
    azures List<Property Map>
    certificate Boolean
    commonName String
    devicePostures List<String>
    emailDomains List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation Property Map
    geos List<String>
    githubs List<Property Map>
    groups List<String>
    gsuites List<Property Map>
    ipLists List<String>

    The ID of an existing IP list to reference.

    ips List<String>

    An IPv4 or IPv6 CIDR block.

    loginMethods List<String>
    oktas List<Property Map>
    samls List<Property Map>
    serviceTokens List<String>

    AccessPolicyExcludeAuthContext, AccessPolicyExcludeAuthContextArgs

    AcId string
    Id string

    The ID of this resource.

    IdentityProviderId string
    AcId string
    Id string

    The ID of this resource.

    IdentityProviderId string
    acId String
    id String

    The ID of this resource.

    identityProviderId String
    acId string
    id string

    The ID of this resource.

    identityProviderId string
    ac_id str
    id str

    The ID of this resource.

    identity_provider_id str
    acId String
    id String

    The ID of this resource.

    identityProviderId String

    AccessPolicyExcludeAzure, AccessPolicyExcludeAzureArgs

    IdentityProviderId string
    Ids List<string>

    The ID of this resource.

    IdentityProviderId string
    Ids []string

    The ID of this resource.

    identityProviderId String
    ids List<String>

    The ID of this resource.

    identityProviderId string
    ids string[]

    The ID of this resource.

    identity_provider_id str
    ids Sequence[str]

    The ID of this resource.

    identityProviderId String
    ids List<String>

    The ID of this resource.

    AccessPolicyExcludeExternalEvaluation, AccessPolicyExcludeExternalEvaluationArgs

    EvaluateUrl string
    KeysUrl string
    EvaluateUrl string
    KeysUrl string
    evaluateUrl String
    keysUrl String
    evaluateUrl string
    keysUrl string
    evaluateUrl String
    keysUrl String

    AccessPolicyExcludeGithub, AccessPolicyExcludeGithubArgs

    IdentityProviderId string
    Name string

    Friendly name of the Access Policy.

    Teams List<string>
    IdentityProviderId string
    Name string

    Friendly name of the Access Policy.

    Teams []string
    identityProviderId String
    name String

    Friendly name of the Access Policy.

    teams List<String>
    identityProviderId string
    name string

    Friendly name of the Access Policy.

    teams string[]
    identity_provider_id str
    name str

    Friendly name of the Access Policy.

    teams Sequence[str]
    identityProviderId String
    name String

    Friendly name of the Access Policy.

    teams List<String>

    AccessPolicyExcludeGsuite, AccessPolicyExcludeGsuiteArgs

    Emails List<string>
    IdentityProviderId string
    Emails []string
    IdentityProviderId string
    emails List<String>
    identityProviderId String
    emails string[]
    identityProviderId string
    emails Sequence[str]
    identity_provider_id str
    emails List<String>
    identityProviderId String

    AccessPolicyExcludeOkta, AccessPolicyExcludeOktaArgs

    IdentityProviderId string
    Names List<string>

    Friendly name of the Access Policy.

    IdentityProviderId string
    Names []string

    Friendly name of the Access Policy.

    identityProviderId String
    names List<String>

    Friendly name of the Access Policy.

    identityProviderId string
    names string[]

    Friendly name of the Access Policy.

    identity_provider_id str
    names Sequence[str]

    Friendly name of the Access Policy.

    identityProviderId String
    names List<String>

    Friendly name of the Access Policy.

    AccessPolicyExcludeSaml, AccessPolicyExcludeSamlArgs

    AccessPolicyInclude, AccessPolicyIncludeArgs

    anyValidServiceToken Boolean
    authContexts List<Property Map>
    authMethod String
    azures List<Property Map>
    certificate Boolean
    commonName String
    devicePostures List<String>
    emailDomains List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation Property Map
    geos List<String>
    githubs List<Property Map>
    groups List<String>
    gsuites List<Property Map>
    ipLists List<String>

    The ID of an existing IP list to reference.

    ips List<String>

    An IPv4 or IPv6 CIDR block.

    loginMethods List<String>
    oktas List<Property Map>
    samls List<Property Map>
    serviceTokens List<String>

    AccessPolicyIncludeAuthContext, AccessPolicyIncludeAuthContextArgs

    AcId string
    Id string

    The ID of this resource.

    IdentityProviderId string
    AcId string
    Id string

    The ID of this resource.

    IdentityProviderId string
    acId String
    id String

    The ID of this resource.

    identityProviderId String
    acId string
    id string

    The ID of this resource.

    identityProviderId string
    ac_id str
    id str

    The ID of this resource.

    identity_provider_id str
    acId String
    id String

    The ID of this resource.

    identityProviderId String

    AccessPolicyIncludeAzure, AccessPolicyIncludeAzureArgs

    IdentityProviderId string
    Ids List<string>

    The ID of this resource.

    IdentityProviderId string
    Ids []string

    The ID of this resource.

    identityProviderId String
    ids List<String>

    The ID of this resource.

    identityProviderId string
    ids string[]

    The ID of this resource.

    identity_provider_id str
    ids Sequence[str]

    The ID of this resource.

    identityProviderId String
    ids List<String>

    The ID of this resource.

    AccessPolicyIncludeExternalEvaluation, AccessPolicyIncludeExternalEvaluationArgs

    EvaluateUrl string
    KeysUrl string
    EvaluateUrl string
    KeysUrl string
    evaluateUrl String
    keysUrl String
    evaluateUrl string
    keysUrl string
    evaluateUrl String
    keysUrl String

    AccessPolicyIncludeGithub, AccessPolicyIncludeGithubArgs

    IdentityProviderId string
    Name string

    Friendly name of the Access Policy.

    Teams List<string>
    IdentityProviderId string
    Name string

    Friendly name of the Access Policy.

    Teams []string
    identityProviderId String
    name String

    Friendly name of the Access Policy.

    teams List<String>
    identityProviderId string
    name string

    Friendly name of the Access Policy.

    teams string[]
    identity_provider_id str
    name str

    Friendly name of the Access Policy.

    teams Sequence[str]
    identityProviderId String
    name String

    Friendly name of the Access Policy.

    teams List<String>

    AccessPolicyIncludeGsuite, AccessPolicyIncludeGsuiteArgs

    Emails List<string>
    IdentityProviderId string
    Emails []string
    IdentityProviderId string
    emails List<String>
    identityProviderId String
    emails string[]
    identityProviderId string
    emails Sequence[str]
    identity_provider_id str
    emails List<String>
    identityProviderId String

    AccessPolicyIncludeOkta, AccessPolicyIncludeOktaArgs

    IdentityProviderId string
    Names List<string>

    Friendly name of the Access Policy.

    IdentityProviderId string
    Names []string

    Friendly name of the Access Policy.

    identityProviderId String
    names List<String>

    Friendly name of the Access Policy.

    identityProviderId string
    names string[]

    Friendly name of the Access Policy.

    identity_provider_id str
    names Sequence[str]

    Friendly name of the Access Policy.

    identityProviderId String
    names List<String>

    Friendly name of the Access Policy.

    AccessPolicyIncludeSaml, AccessPolicyIncludeSamlArgs

    AccessPolicyRequire, AccessPolicyRequireArgs

    anyValidServiceToken Boolean
    authContexts List<Property Map>
    authMethod String
    azures List<Property Map>
    certificate Boolean
    commonName String
    devicePostures List<String>
    emailDomains List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation Property Map
    geos List<String>
    githubs List<Property Map>
    groups List<String>
    gsuites List<Property Map>
    ipLists List<String>

    The ID of an existing IP list to reference.

    ips List<String>

    An IPv4 or IPv6 CIDR block.

    loginMethods List<String>
    oktas List<Property Map>
    samls List<Property Map>
    serviceTokens List<String>

    AccessPolicyRequireAuthContext, AccessPolicyRequireAuthContextArgs

    AcId string
    Id string

    The ID of this resource.

    IdentityProviderId string
    AcId string
    Id string

    The ID of this resource.

    IdentityProviderId string
    acId String
    id String

    The ID of this resource.

    identityProviderId String
    acId string
    id string

    The ID of this resource.

    identityProviderId string
    ac_id str
    id str

    The ID of this resource.

    identity_provider_id str
    acId String
    id String

    The ID of this resource.

    identityProviderId String

    AccessPolicyRequireAzure, AccessPolicyRequireAzureArgs

    IdentityProviderId string
    Ids List<string>

    The ID of this resource.

    IdentityProviderId string
    Ids []string

    The ID of this resource.

    identityProviderId String
    ids List<String>

    The ID of this resource.

    identityProviderId string
    ids string[]

    The ID of this resource.

    identity_provider_id str
    ids Sequence[str]

    The ID of this resource.

    identityProviderId String
    ids List<String>

    The ID of this resource.

    AccessPolicyRequireExternalEvaluation, AccessPolicyRequireExternalEvaluationArgs

    EvaluateUrl string
    KeysUrl string
    EvaluateUrl string
    KeysUrl string
    evaluateUrl String
    keysUrl String
    evaluateUrl string
    keysUrl string
    evaluateUrl String
    keysUrl String

    AccessPolicyRequireGithub, AccessPolicyRequireGithubArgs

    IdentityProviderId string
    Name string

    Friendly name of the Access Policy.

    Teams List<string>
    IdentityProviderId string
    Name string

    Friendly name of the Access Policy.

    Teams []string
    identityProviderId String
    name String

    Friendly name of the Access Policy.

    teams List<String>
    identityProviderId string
    name string

    Friendly name of the Access Policy.

    teams string[]
    identity_provider_id str
    name str

    Friendly name of the Access Policy.

    teams Sequence[str]
    identityProviderId String
    name String

    Friendly name of the Access Policy.

    teams List<String>

    AccessPolicyRequireGsuite, AccessPolicyRequireGsuiteArgs

    Emails List<string>
    IdentityProviderId string
    Emails []string
    IdentityProviderId string
    emails List<String>
    identityProviderId String
    emails string[]
    identityProviderId string
    emails Sequence[str]
    identity_provider_id str
    emails List<String>
    identityProviderId String

    AccessPolicyRequireOkta, AccessPolicyRequireOktaArgs

    IdentityProviderId string
    Names List<string>

    Friendly name of the Access Policy.

    IdentityProviderId string
    Names []string

    Friendly name of the Access Policy.

    identityProviderId String
    names List<String>

    Friendly name of the Access Policy.

    identityProviderId string
    names string[]

    Friendly name of the Access Policy.

    identity_provider_id str
    names Sequence[str]

    Friendly name of the Access Policy.

    identityProviderId String
    names List<String>

    Friendly name of the Access Policy.

    AccessPolicyRequireSaml, AccessPolicyRequireSamlArgs

    Import

    Account level import.

     $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>
    

    Zone level import.

     $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example zone/<zone_id>/<application_id>/<policy_id>
    

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the cloudflare Terraform Provider.

    cloudflare logo
    Cloudflare v5.11.0 published on Wednesday, Sep 20, 2023 by Pulumi