Cloudflare

Pulumi Official
Package maintained by Pulumi
v4.9.0 published on Monday, Jul 18, 2022 by Pulumi

AccessPolicy

Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

class MyStack : Stack
{
    public MyStack()
    {
        // Allowing access to `test@example.com` email address only
        var testPolicyAccessPolicy = new Cloudflare.AccessPolicy("testPolicyAccessPolicy", new Cloudflare.AccessPolicyArgs
        {
            ApplicationId = "cb029e245cfdd66dc8d2e570d5dd3322",
            ZoneId = "d41d8cd98f00b204e9800998ecf8427e",
            Name = "staging policy",
            Precedence = 1,
            Decision = "allow",
            Includes = 
            {
                new Cloudflare.Inputs.AccessPolicyIncludeArgs
                {
                    Emails = 
                    {
                        "test@example.com",
                    },
                },
            },
            Requires = 
            {
                new Cloudflare.Inputs.AccessPolicyRequireArgs
                {
                    Emails = 
                    {
                        "test@example.com",
                    },
                },
            },
        });
        // Allowing `test@example.com` to access but only when coming from a
        // specific IP.
        var testPolicyIndex_accessPolicyAccessPolicy = new Cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", new Cloudflare.AccessPolicyArgs
        {
            ApplicationId = "cb029e245cfdd66dc8d2e570d5dd3322",
            ZoneId = "d41d8cd98f00b204e9800998ecf8427e",
            Name = "staging policy",
            Precedence = 1,
            Decision = "allow",
            Includes = 
            {
                new Cloudflare.Inputs.AccessPolicyIncludeArgs
                {
                    Emails = 
                    {
                        "test@example.com",
                    },
                },
            },
            Requires = 
            {
                new Cloudflare.Inputs.AccessPolicyRequireArgs
                {
                    Ips = 
                    {
                        @var.Office_ip,
                    },
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v4/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewAccessPolicy(ctx, "testPolicyAccessPolicy", &cloudflare.AccessPolicyArgs{
			ApplicationId: pulumi.String("cb029e245cfdd66dc8d2e570d5dd3322"),
			ZoneId:        pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
			Name:          pulumi.String("staging policy"),
			Precedence:    pulumi.Int(1),
			Decision:      pulumi.String("allow"),
			Includes: AccessPolicyIncludeArray{
				&AccessPolicyIncludeArgs{
					Emails: pulumi.StringArray{
						pulumi.String("test@example.com"),
					},
				},
			},
			Requires: AccessPolicyRequireArray{
				&AccessPolicyRequireArgs{
					Emails: pulumi.StringArray{
						pulumi.String("test@example.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = cloudflare.NewAccessPolicy(ctx, "testPolicyIndex/accessPolicyAccessPolicy", &cloudflare.AccessPolicyArgs{
			ApplicationId: pulumi.String("cb029e245cfdd66dc8d2e570d5dd3322"),
			ZoneId:        pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
			Name:          pulumi.String("staging policy"),
			Precedence:    pulumi.Int(1),
			Decision:      pulumi.String("allow"),
			Includes: AccessPolicyIncludeArray{
				&AccessPolicyIncludeArgs{
					Emails: pulumi.StringArray{
						pulumi.String("test@example.com"),
					},
				},
			},
			Requires: AccessPolicyRequireArray{
				&AccessPolicyRequireArgs{
					Ips: pulumi.StringArray{
						pulumi.Any(_var.Office_ip),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testPolicyAccessPolicy = new AccessPolicy("testPolicyAccessPolicy", AccessPolicyArgs.builder()        
            .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
            .zoneId("d41d8cd98f00b204e9800998ecf8427e")
            .name("staging policy")
            .precedence("1")
            .decision("allow")
            .includes(AccessPolicyIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .requires(AccessPolicyRequireArgs.builder()
                .emails("test@example.com")
                .build())
            .build());

        var testPolicyIndex_accessPolicyAccessPolicy = new AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", AccessPolicyArgs.builder()        
            .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
            .zoneId("d41d8cd98f00b204e9800998ecf8427e")
            .name("staging policy")
            .precedence("1")
            .decision("allow")
            .includes(AccessPolicyIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .requires(AccessPolicyRequireArgs.builder()
                .ips(var_.office_ip())
                .build())
            .build());

    }
}
import pulumi
import pulumi_cloudflare as cloudflare

# Allowing access to `test@example.com` email address only
test_policy_access_policy = cloudflare.AccessPolicy("testPolicyAccessPolicy",
    application_id="cb029e245cfdd66dc8d2e570d5dd3322",
    zone_id="d41d8cd98f00b204e9800998ecf8427e",
    name="staging policy",
    precedence=1,
    decision="allow",
    includes=[cloudflare.AccessPolicyIncludeArgs(
        emails=["test@example.com"],
    )],
    requires=[cloudflare.AccessPolicyRequireArgs(
        emails=["test@example.com"],
    )])
# Allowing `test@example.com` to access but only when coming from a
# specific IP.
test_policy_index_access_policy_access_policy = cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy",
    application_id="cb029e245cfdd66dc8d2e570d5dd3322",
    zone_id="d41d8cd98f00b204e9800998ecf8427e",
    name="staging policy",
    precedence=1,
    decision="allow",
    includes=[cloudflare.AccessPolicyIncludeArgs(
        emails=["test@example.com"],
    )],
    requires=[cloudflare.AccessPolicyRequireArgs(
        ips=[var["office_ip"]],
    )])
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Allowing access to `test@example.com` email address only
const testPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyAccessPolicy", {
    applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    name: "staging policy",
    precedence: 1,
    decision: "allow",
    includes: [{
        emails: ["test@example.com"],
    }],
    requires: [{
        emails: ["test@example.com"],
    }],
});
// Allowing `test@example.com` to access but only when coming from a
// specific IP.
const testPolicyIndex_accessPolicyAccessPolicy = new cloudflare.AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", {
    applicationId: "cb029e245cfdd66dc8d2e570d5dd3322",
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
    name: "staging policy",
    precedence: 1,
    decision: "allow",
    includes: [{
        emails: ["test@example.com"],
    }],
    requires: [{
        ips: [_var.office_ip],
    }],
});
resources:
  testPolicyAccessPolicy:
    type: cloudflare:AccessPolicy
    properties:
      applicationId: cb029e245cfdd66dc8d2e570d5dd3322
      zoneId: d41d8cd98f00b204e9800998ecf8427e
      name: staging policy
      precedence: 1
      decision: allow
      includes:
        - emails:
            - test@example.com
      requires:
        - emails:
            - test@example.com
  testPolicyIndex/accessPolicyAccessPolicy:
    type: cloudflare:AccessPolicy
    properties:
      applicationId: cb029e245cfdd66dc8d2e570d5dd3322
      zoneId: d41d8cd98f00b204e9800998ecf8427e
      name: staging policy
      precedence: 1
      decision: allow
      includes:
        - emails:
            - test@example.com
      requires:
        - ips:
            - ${var.office_ip}

Create a AccessPolicy Resource

new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
@overload
def AccessPolicy(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 account_id: Optional[str] = None,
                 application_id: Optional[str] = None,
                 approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
                 approval_required: Optional[bool] = None,
                 decision: Optional[str] = None,
                 excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
                 includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
                 name: Optional[str] = None,
                 precedence: Optional[int] = None,
                 purpose_justification_prompt: Optional[str] = None,
                 purpose_justification_required: Optional[bool] = None,
                 requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
                 zone_id: Optional[str] = None)
@overload
def AccessPolicy(resource_name: str,
                 args: AccessPolicyArgs,
                 opts: Optional[ResourceOptions] = None)
func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
public AccessPolicy(String name, AccessPolicyArgs args)
public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
type: cloudflare:AccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessPolicy resource accepts the following input properties:

ApplicationId string

The ID of the application the policy is associated with.

Decision string

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

Includes List<AccessPolicyIncludeArgs>

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Policy.

Precedence int

The unique precedence for policies on a single application.

AccountId string

The account identifier to target for the resource.

ApprovalGroups List<AccessPolicyApprovalGroupArgs>
ApprovalRequired bool
Excludes List<AccessPolicyExcludeArgs>

A series of access conditions, see Access Groups.

PurposeJustificationPrompt string

The prompt to display to the user for a justification for accessing the resource.

PurposeJustificationRequired bool

Whether to prompt the user for a justification for accessing the resource.

Requires List<AccessPolicyRequireArgs>

A series of access conditions, see Access Groups.

ZoneId string

The zone identifier to target for the resource.

ApplicationId string

The ID of the application the policy is associated with.

Decision string

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

Includes []AccessPolicyIncludeArgs

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Policy.

Precedence int

The unique precedence for policies on a single application.

AccountId string

The account identifier to target for the resource.

ApprovalGroups []AccessPolicyApprovalGroupArgs
ApprovalRequired bool
Excludes []AccessPolicyExcludeArgs

A series of access conditions, see Access Groups.

PurposeJustificationPrompt string

The prompt to display to the user for a justification for accessing the resource.

PurposeJustificationRequired bool

Whether to prompt the user for a justification for accessing the resource.

Requires []AccessPolicyRequireArgs

A series of access conditions, see Access Groups.

ZoneId string

The zone identifier to target for the resource.

applicationId String

The ID of the application the policy is associated with.

decision String

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

includes List<AccessPolicyIncludeArgs>

A series of access conditions, see Access Groups.

name String

Friendly name of the Access Policy.

precedence Integer

The unique precedence for policies on a single application.

accountId String

The account identifier to target for the resource.

approvalGroups List<AccessPolicyApprovalGroupArgs>
approvalRequired Boolean
excludes List<AccessPolicyExcludeArgs>

A series of access conditions, see Access Groups.

purposeJustificationPrompt String

The prompt to display to the user for a justification for accessing the resource.

purposeJustificationRequired Boolean

Whether to prompt the user for a justification for accessing the resource.

requires List<AccessPolicyRequireArgs>

A series of access conditions, see Access Groups.

zoneId String

The zone identifier to target for the resource.

applicationId string

The ID of the application the policy is associated with.

decision string

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

includes AccessPolicyIncludeArgs[]

A series of access conditions, see Access Groups.

name string

Friendly name of the Access Policy.

precedence number

The unique precedence for policies on a single application.

accountId string

The account identifier to target for the resource.

approvalGroups AccessPolicyApprovalGroupArgs[]
approvalRequired boolean
excludes AccessPolicyExcludeArgs[]

A series of access conditions, see Access Groups.

purposeJustificationPrompt string

The prompt to display to the user for a justification for accessing the resource.

purposeJustificationRequired boolean

Whether to prompt the user for a justification for accessing the resource.

requires AccessPolicyRequireArgs[]

A series of access conditions, see Access Groups.

zoneId string

The zone identifier to target for the resource.

application_id str

The ID of the application the policy is associated with.

decision str

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

includes Sequence[AccessPolicyIncludeArgs]

A series of access conditions, see Access Groups.

name str

Friendly name of the Access Policy.

precedence int

The unique precedence for policies on a single application.

account_id str

The account identifier to target for the resource.

approval_groups Sequence[AccessPolicyApprovalGroupArgs]
approval_required bool
excludes Sequence[AccessPolicyExcludeArgs]

A series of access conditions, see Access Groups.

purpose_justification_prompt str

The prompt to display to the user for a justification for accessing the resource.

purpose_justification_required bool

Whether to prompt the user for a justification for accessing the resource.

requires Sequence[AccessPolicyRequireArgs]

A series of access conditions, see Access Groups.

zone_id str

The zone identifier to target for the resource.

applicationId String

The ID of the application the policy is associated with.

decision String

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

includes List<Property Map>

A series of access conditions, see Access Groups.

name String

Friendly name of the Access Policy.

precedence Number

The unique precedence for policies on a single application.

accountId String

The account identifier to target for the resource.

approvalGroups List<Property Map>
approvalRequired Boolean
excludes List<Property Map>

A series of access conditions, see Access Groups.

purposeJustificationPrompt String

The prompt to display to the user for a justification for accessing the resource.

purposeJustificationRequired Boolean

Whether to prompt the user for a justification for accessing the resource.

requires List<Property Map>

A series of access conditions, see Access Groups.

zoneId String

The zone identifier to target for the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing AccessPolicy Resource

Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        application_id: Optional[str] = None,
        approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
        approval_required: Optional[bool] = None,
        decision: Optional[str] = None,
        excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
        includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
        name: Optional[str] = None,
        precedence: Optional[int] = None,
        purpose_justification_prompt: Optional[str] = None,
        purpose_justification_required: Optional[bool] = None,
        requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
        zone_id: Optional[str] = None) -> AccessPolicy
func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)
public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)
public static AccessPolicy get(String name, Output<String> id, AccessPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountId string

The account identifier to target for the resource.

ApplicationId string

The ID of the application the policy is associated with.

ApprovalGroups List<AccessPolicyApprovalGroupArgs>
ApprovalRequired bool
Decision string

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

Excludes List<AccessPolicyExcludeArgs>

A series of access conditions, see Access Groups.

Includes List<AccessPolicyIncludeArgs>

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Policy.

Precedence int

The unique precedence for policies on a single application.

PurposeJustificationPrompt string

The prompt to display to the user for a justification for accessing the resource.

PurposeJustificationRequired bool

Whether to prompt the user for a justification for accessing the resource.

Requires List<AccessPolicyRequireArgs>

A series of access conditions, see Access Groups.

ZoneId string

The zone identifier to target for the resource.

AccountId string

The account identifier to target for the resource.

ApplicationId string

The ID of the application the policy is associated with.

ApprovalGroups []AccessPolicyApprovalGroupArgs
ApprovalRequired bool
Decision string

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

Excludes []AccessPolicyExcludeArgs

A series of access conditions, see Access Groups.

Includes []AccessPolicyIncludeArgs

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Policy.

Precedence int

The unique precedence for policies on a single application.

PurposeJustificationPrompt string

The prompt to display to the user for a justification for accessing the resource.

PurposeJustificationRequired bool

Whether to prompt the user for a justification for accessing the resource.

Requires []AccessPolicyRequireArgs

A series of access conditions, see Access Groups.

ZoneId string

The zone identifier to target for the resource.

accountId String

The account identifier to target for the resource.

applicationId String

The ID of the application the policy is associated with.

approvalGroups List<AccessPolicyApprovalGroupArgs>
approvalRequired Boolean
decision String

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

excludes List<AccessPolicyExcludeArgs>

A series of access conditions, see Access Groups.

includes List<AccessPolicyIncludeArgs>

A series of access conditions, see Access Groups.

name String

Friendly name of the Access Policy.

precedence Integer

The unique precedence for policies on a single application.

purposeJustificationPrompt String

The prompt to display to the user for a justification for accessing the resource.

purposeJustificationRequired Boolean

Whether to prompt the user for a justification for accessing the resource.

requires List<AccessPolicyRequireArgs>

A series of access conditions, see Access Groups.

zoneId String

The zone identifier to target for the resource.

accountId string

The account identifier to target for the resource.

applicationId string

The ID of the application the policy is associated with.

approvalGroups AccessPolicyApprovalGroupArgs[]
approvalRequired boolean
decision string

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

excludes AccessPolicyExcludeArgs[]

A series of access conditions, see Access Groups.

includes AccessPolicyIncludeArgs[]

A series of access conditions, see Access Groups.

name string

Friendly name of the Access Policy.

precedence number

The unique precedence for policies on a single application.

purposeJustificationPrompt string

The prompt to display to the user for a justification for accessing the resource.

purposeJustificationRequired boolean

Whether to prompt the user for a justification for accessing the resource.

requires AccessPolicyRequireArgs[]

A series of access conditions, see Access Groups.

zoneId string

The zone identifier to target for the resource.

account_id str

The account identifier to target for the resource.

application_id str

The ID of the application the policy is associated with.

approval_groups Sequence[AccessPolicyApprovalGroupArgs]
approval_required bool
decision str

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

excludes Sequence[AccessPolicyExcludeArgs]

A series of access conditions, see Access Groups.

includes Sequence[AccessPolicyIncludeArgs]

A series of access conditions, see Access Groups.

name str

Friendly name of the Access Policy.

precedence int

The unique precedence for policies on a single application.

purpose_justification_prompt str

The prompt to display to the user for a justification for accessing the resource.

purpose_justification_required bool

Whether to prompt the user for a justification for accessing the resource.

requires Sequence[AccessPolicyRequireArgs]

A series of access conditions, see Access Groups.

zone_id str

The zone identifier to target for the resource.

accountId String

The account identifier to target for the resource.

applicationId String

The ID of the application the policy is associated with.

approvalGroups List<Property Map>
approvalRequired Boolean
decision String

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass

excludes List<Property Map>

A series of access conditions, see Access Groups.

includes List<Property Map>

A series of access conditions, see Access Groups.

name String

Friendly name of the Access Policy.

precedence Number

The unique precedence for policies on a single application.

purposeJustificationPrompt String

The prompt to display to the user for a justification for accessing the resource.

purposeJustificationRequired Boolean

Whether to prompt the user for a justification for accessing the resource.

requires List<Property Map>

A series of access conditions, see Access Groups.

zoneId String

The zone identifier to target for the resource.

Supporting Types

AccessPolicyApprovalGroup

approvalsNeeded Integer
emailAddresses List<String>
emailListUuid String

AccessPolicyExclude

AccessPolicyExcludeAzure

IdentityProviderId string
Ids List<string>
IdentityProviderId string
Ids []string
identityProviderId String
ids List<String>
identityProviderId string
ids string[]
identity_provider_id str
ids Sequence[str]
identityProviderId String
ids List<String>

AccessPolicyExcludeExternalEvaluation

EvaluateUrl string
KeysUrl string
EvaluateUrl string
KeysUrl string
evaluateUrl String
keysUrl String
evaluateUrl string
keysUrl string
evaluateUrl String
keysUrl String

AccessPolicyExcludeGithub

IdentityProviderId string
Name string
Teams List<string>
IdentityProviderId string
Name string
Teams []string
identityProviderId String
name String
teams List<String>
identityProviderId string
name string
teams string[]
identity_provider_id str
name str
teams Sequence[str]
identityProviderId String
name String
teams List<String>

AccessPolicyExcludeGsuite

Emails List<string>
IdentityProviderId string
Emails []string
IdentityProviderId string
emails List<String>
identityProviderId String
emails string[]
identityProviderId string
emails Sequence[str]
identity_provider_id str
emails List<String>
identityProviderId String

AccessPolicyExcludeOkta

IdentityProviderId string
Names List<string>
IdentityProviderId string
Names []string
identityProviderId String
names List<String>
identityProviderId string
names string[]
identity_provider_id str
names Sequence[str]
identityProviderId String
names List<String>

AccessPolicyExcludeSaml

AccessPolicyInclude

AccessPolicyIncludeAzure

IdentityProviderId string
Ids List<string>
IdentityProviderId string
Ids []string
identityProviderId String
ids List<String>
identityProviderId string
ids string[]
identity_provider_id str
ids Sequence[str]
identityProviderId String
ids List<String>

AccessPolicyIncludeExternalEvaluation

EvaluateUrl string
KeysUrl string
EvaluateUrl string
KeysUrl string
evaluateUrl String
keysUrl String
evaluateUrl string
keysUrl string
evaluateUrl String
keysUrl String

AccessPolicyIncludeGithub

IdentityProviderId string
Name string
Teams List<string>
IdentityProviderId string
Name string
Teams []string
identityProviderId String
name String
teams List<String>
identityProviderId string
name string
teams string[]
identity_provider_id str
name str
teams Sequence[str]
identityProviderId String
name String
teams List<String>

AccessPolicyIncludeGsuite

Emails List<string>
IdentityProviderId string
Emails []string
IdentityProviderId string
emails List<String>
identityProviderId String
emails string[]
identityProviderId string
emails Sequence[str]
identity_provider_id str
emails List<String>
identityProviderId String

AccessPolicyIncludeOkta

IdentityProviderId string
Names List<string>
IdentityProviderId string
Names []string
identityProviderId String
names List<String>
identityProviderId string
names string[]
identity_provider_id str
names Sequence[str]
identityProviderId String
names List<String>

AccessPolicyIncludeSaml

AccessPolicyRequire

AccessPolicyRequireAzure

IdentityProviderId string
Ids List<string>
IdentityProviderId string
Ids []string
identityProviderId String
ids List<String>
identityProviderId string
ids string[]
identity_provider_id str
ids Sequence[str]
identityProviderId String
ids List<String>

AccessPolicyRequireExternalEvaluation

EvaluateUrl string
KeysUrl string
EvaluateUrl string
KeysUrl string
evaluateUrl String
keysUrl String
evaluateUrl string
keysUrl string
evaluateUrl String
keysUrl String

AccessPolicyRequireGithub

IdentityProviderId string
Name string
Teams List<string>
IdentityProviderId string
Name string
Teams []string
identityProviderId String
name String
teams List<String>
identityProviderId string
name string
teams string[]
identity_provider_id str
name str
teams Sequence[str]
identityProviderId String
name String
teams List<String>

AccessPolicyRequireGsuite

Emails List<string>
IdentityProviderId string
Emails []string
IdentityProviderId string
emails List<String>
identityProviderId String
emails string[]
identityProviderId string
emails Sequence[str]
identity_provider_id str
emails List<String>
identityProviderId String

AccessPolicyRequireOkta

IdentityProviderId string
Names List<string>
IdentityProviderId string
Names []string
identityProviderId String
names List<String>
identityProviderId string
names string[]
identity_provider_id str
names Sequence[str]
identityProviderId String
names List<String>

AccessPolicyRequireSaml

Import

Account level import.

 $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>

Zone level import.

 $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example zone/<zone_id>/<application_id>/<policy_id>

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes

This Pulumi package is based on the cloudflare Terraform Provider.