Cloudflare v6.10.1, Oct 22 25

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

cloudflare.AccessRule

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleAccessRule = new cloudflare.AccessRule("example_access_rule", {
    configuration: {
        target: "ip",
        value: "198.51.100.4",
    },
    mode: "challenge",
    zoneId: "zone_id",
    notes: "This rule is enabled because of an event that occurred on date X.",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_access_rule = cloudflare.AccessRule("example_access_rule",
    configuration={
        "target": "ip",
        "value": "198.51.100.4",
    },
    mode="challenge",
    zone_id="zone_id",
    notes="This rule is enabled because of an event that occurred on date X.")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewAccessRule(ctx, "example_access_rule", &cloudflare.AccessRuleArgs{
			Configuration: &cloudflare.AccessRuleConfigurationArgs{
				Target: pulumi.String("ip"),
				Value:  pulumi.String("198.51.100.4"),
			},
			Mode:   pulumi.String("challenge"),
			ZoneId: pulumi.String("zone_id"),
			Notes:  pulumi.String("This rule is enabled because of an event that occurred on date X."),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleAccessRule = new Cloudflare.AccessRule("example_access_rule", new()
    {
        Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
        {
            Target = "ip",
            Value = "198.51.100.4",
        },
        Mode = "challenge",
        ZoneId = "zone_id",
        Notes = "This rule is enabled because of an event that occurred on date X.",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessRule;
import com.pulumi.cloudflare.AccessRuleArgs;
import com.pulumi.cloudflare.inputs.AccessRuleConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleAccessRule = new AccessRule("exampleAccessRule", AccessRuleArgs.builder()
            .configuration(AccessRuleConfigurationArgs.builder()
                .target("ip")
                .value("198.51.100.4")
                .build())
            .mode("challenge")
            .zoneId("zone_id")
            .notes("This rule is enabled because of an event that occurred on date X.")
            .build());

    }
}

resources:
  exampleAccessRule:
    type: cloudflare:AccessRule
    name: example_access_rule
    properties:
      configuration:
        target: ip
        value: 198.51.100.4
      mode: challenge
      zoneId: zone_id
      notes: This rule is enabled because of an event that occurred on date X.

Create AccessRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AccessRule(name: string, args: AccessRuleArgs, opts?: CustomResourceOptions);

@overload
def AccessRule(resource_name: str,
               args: AccessRuleArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def AccessRule(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               configuration: Optional[AccessRuleConfigurationArgs] = None,
               mode: Optional[str] = None,
               account_id: Optional[str] = None,
               notes: Optional[str] = None,
               zone_id: Optional[str] = None)

func NewAccessRule(ctx *Context, name string, args AccessRuleArgs, opts ...ResourceOption) (*AccessRule, error)

public AccessRule(string name, AccessRuleArgs args, CustomResourceOptions? opts = null)

public AccessRule(String name, AccessRuleArgs args)
public AccessRule(String name, AccessRuleArgs args, CustomResourceOptions options)

type: cloudflare:AccessRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AccessRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AccessRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AccessRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccessRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AccessRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var accessRuleResource = new Cloudflare.AccessRule("accessRuleResource", new()
{
    Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
    {
        Target = "string",
        Value = "string",
    },
    Mode = "string",
    AccountId = "string",
    Notes = "string",
    ZoneId = "string",
});

example, err := cloudflare.NewAccessRule(ctx, "accessRuleResource", &cloudflare.AccessRuleArgs{
	Configuration: &cloudflare.AccessRuleConfigurationArgs{
		Target: pulumi.String("string"),
		Value:  pulumi.String("string"),
	},
	Mode:      pulumi.String("string"),
	AccountId: pulumi.String("string"),
	Notes:     pulumi.String("string"),
	ZoneId:    pulumi.String("string"),
})

var accessRuleResource = new AccessRule("accessRuleResource", AccessRuleArgs.builder()
    .configuration(AccessRuleConfigurationArgs.builder()
        .target("string")
        .value("string")
        .build())
    .mode("string")
    .accountId("string")
    .notes("string")
    .zoneId("string")
    .build());

access_rule_resource = cloudflare.AccessRule("accessRuleResource",
    configuration={
        "target": "string",
        "value": "string",
    },
    mode="string",
    account_id="string",
    notes="string",
    zone_id="string")

const accessRuleResource = new cloudflare.AccessRule("accessRuleResource", {
    configuration: {
        target: "string",
        value: "string",
    },
    mode: "string",
    accountId: "string",
    notes: "string",
    zoneId: "string",
});

type: cloudflare:AccessRule
properties:
    accountId: string
    configuration:
        target: string
        value: string
    mode: string
    notes: string
    zoneId: string

AccessRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AccessRule resource accepts the following input properties:

Configuration AccessRuleConfiguration: The rule configuration.
Mode string: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
Notes string: An informative summary of the rule, typically used as a reminder or explanation.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Configuration AccessRuleConfigurationArgs: The rule configuration.
Mode string: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
Notes string: An informative summary of the rule, typically used as a reminder or explanation.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

configuration AccessRuleConfiguration: The rule configuration.
mode String: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
notes String: An informative summary of the rule, typically used as a reminder or explanation.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

configuration AccessRuleConfiguration: The rule configuration.
mode string: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
accountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
notes string: An informative summary of the rule, typically used as a reminder or explanation.
zoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

configuration AccessRuleConfigurationArgs: The rule configuration.
mode str: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
account_id str: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
notes str: An informative summary of the rule, typically used as a reminder or explanation.
zone_id str: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

configuration Property Map: The rule configuration.
mode String: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
notes String: An informative summary of the rule, typically used as a reminder or explanation.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessRule resource produces the following output properties:

AllowedModes List<string>: The available actions that a rule can apply to a matched request.
CreatedOn string: The timestamp of when the rule was created.
Id string: The provider-assigned unique ID for this managed resource.
ModifiedOn string: The timestamp of when the rule was last modified.
Scope AccessRuleScope: All zones owned by the user will have the rule applied.

AllowedModes []string: The available actions that a rule can apply to a matched request.
CreatedOn string: The timestamp of when the rule was created.
Id string: The provider-assigned unique ID for this managed resource.
ModifiedOn string: The timestamp of when the rule was last modified.
Scope AccessRuleScope: All zones owned by the user will have the rule applied.

allowedModes List<String>: The available actions that a rule can apply to a matched request.
createdOn String: The timestamp of when the rule was created.
id String: The provider-assigned unique ID for this managed resource.
modifiedOn String: The timestamp of when the rule was last modified.
scope AccessRuleScope: All zones owned by the user will have the rule applied.

allowedModes string[]: The available actions that a rule can apply to a matched request.
createdOn string: The timestamp of when the rule was created.
id string: The provider-assigned unique ID for this managed resource.
modifiedOn string: The timestamp of when the rule was last modified.
scope AccessRuleScope: All zones owned by the user will have the rule applied.

allowed_modes Sequence[str]: The available actions that a rule can apply to a matched request.
created_on str: The timestamp of when the rule was created.
id str: The provider-assigned unique ID for this managed resource.
modified_on str: The timestamp of when the rule was last modified.
scope AccessRuleScope: All zones owned by the user will have the rule applied.

allowedModes List<String>: The available actions that a rule can apply to a matched request.
createdOn String: The timestamp of when the rule was created.
id String: The provider-assigned unique ID for this managed resource.
modifiedOn String: The timestamp of when the rule was last modified.
scope Property Map: All zones owned by the user will have the rule applied.

Look up Existing AccessRule Resource

Get an existing AccessRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessRuleState, opts?: CustomResourceOptions): AccessRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        allowed_modes: Optional[Sequence[str]] = None,
        configuration: Optional[AccessRuleConfigurationArgs] = None,
        created_on: Optional[str] = None,
        mode: Optional[str] = None,
        modified_on: Optional[str] = None,
        notes: Optional[str] = None,
        scope: Optional[AccessRuleScopeArgs] = None,
        zone_id: Optional[str] = None) -> AccessRule

func GetAccessRule(ctx *Context, name string, id IDInput, state *AccessRuleState, opts ...ResourceOption) (*AccessRule, error)

public static AccessRule Get(string name, Input<string> id, AccessRuleState? state, CustomResourceOptions? opts = null)

public static AccessRule get(String name, Output<String> id, AccessRuleState state, CustomResourceOptions options)

resources:  _:    type: cloudflare:AccessRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
AllowedModes List<string>: The available actions that a rule can apply to a matched request.
Configuration AccessRuleConfiguration: The rule configuration.
CreatedOn string: The timestamp of when the rule was created.
Mode string: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
ModifiedOn string: The timestamp of when the rule was last modified.
Notes string: An informative summary of the rule, typically used as a reminder or explanation.
Scope AccessRuleScope: All zones owned by the user will have the rule applied.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
AllowedModes []string: The available actions that a rule can apply to a matched request.
Configuration AccessRuleConfigurationArgs: The rule configuration.
CreatedOn string: The timestamp of when the rule was created.
Mode string: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
ModifiedOn string: The timestamp of when the rule was last modified.
Notes string: An informative summary of the rule, typically used as a reminder or explanation.
Scope AccessRuleScopeArgs: All zones owned by the user will have the rule applied.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
allowedModes List<String>: The available actions that a rule can apply to a matched request.
configuration AccessRuleConfiguration: The rule configuration.
createdOn String: The timestamp of when the rule was created.
mode String: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
modifiedOn String: The timestamp of when the rule was last modified.
notes String: An informative summary of the rule, typically used as a reminder or explanation.
scope AccessRuleScope: All zones owned by the user will have the rule applied.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
allowedModes string[]: The available actions that a rule can apply to a matched request.
configuration AccessRuleConfiguration: The rule configuration.
createdOn string: The timestamp of when the rule was created.
mode string: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
modifiedOn string: The timestamp of when the rule was last modified.
notes string: An informative summary of the rule, typically used as a reminder or explanation.
scope AccessRuleScope: All zones owned by the user will have the rule applied.
zoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

account_id str: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
allowed_modes Sequence[str]: The available actions that a rule can apply to a matched request.
configuration AccessRuleConfigurationArgs: The rule configuration.
created_on str: The timestamp of when the rule was created.
mode str: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
modified_on str: The timestamp of when the rule was last modified.
notes str: An informative summary of the rule, typically used as a reminder or explanation.
scope AccessRuleScopeArgs: All zones owned by the user will have the rule applied.
zone_id str: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
allowedModes List<String>: The available actions that a rule can apply to a matched request.
configuration Property Map: The rule configuration.
createdOn String: The timestamp of when the rule was created.
mode String: The action to apply to a matched request. Available values: "block", "challenge", "whitelist", "jschallenge", "managedchallenge".
modifiedOn String: The timestamp of when the rule was last modified.
notes String: An informative summary of the rule, typically used as a reminder or explanation.
scope Property Map: All zones owned by the user will have the rule applied.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Supporting Types

AccessRuleConfiguration, AccessRuleConfigurationArgs

Target string: The configuration target. You must set the target to ip when specifying an IP address in the rule. Available values: "ip", "ip6", "ip_range", "asn", "country".
Value string: The IP address to match. This address will be compared to the IP address of incoming requests.

Target string: The configuration target. You must set the target to ip when specifying an IP address in the rule. Available values: "ip", "ip6", "ip_range", "asn", "country".
Value string: The IP address to match. This address will be compared to the IP address of incoming requests.

target String: The configuration target. You must set the target to ip when specifying an IP address in the rule. Available values: "ip", "ip6", "ip_range", "asn", "country".
value String: The IP address to match. This address will be compared to the IP address of incoming requests.

target string: The configuration target. You must set the target to ip when specifying an IP address in the rule. Available values: "ip", "ip6", "ip_range", "asn", "country".
value string: The IP address to match. This address will be compared to the IP address of incoming requests.

target str: The configuration target. You must set the target to ip when specifying an IP address in the rule. Available values: "ip", "ip6", "ip_range", "asn", "country".
value str: The IP address to match. This address will be compared to the IP address of incoming requests.

target String: The configuration target. You must set the target to ip when specifying an IP address in the rule. Available values: "ip", "ip6", "ip_range", "asn", "country".
value String: The IP address to match. This address will be compared to the IP address of incoming requests.

AccessRuleScope, AccessRuleScopeArgs

Email string: The contact email address of the user.
Id string: Defines an identifier.
Type string: Defines the scope of the rule. Available values: "user", "organization".

Email string: The contact email address of the user.
Id string: Defines an identifier.
Type string: Defines the scope of the rule. Available values: "user", "organization".

email String: The contact email address of the user.
id String: Defines an identifier.
type String: Defines the scope of the rule. Available values: "user", "organization".

email string: The contact email address of the user.
id string: Defines an identifier.
type string: Defines the scope of the rule. Available values: "user", "organization".

email str: The contact email address of the user.
id str: Defines an identifier.
type str: Defines the scope of the rule. Available values: "user", "organization".

email String: The contact email address of the user.
id String: Defines an identifier.
type String: Defines the scope of the rule. Available values: "user", "organization".

Import

$ pulumi import cloudflare:index/accessRule:AccessRule example '<{accounts|zones}/{account_id|zone_id}>/<rule_id>'

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.AccessRule

On this page

On this page

Example Usage

Create AccessRule Resource

Constructor syntax

Parameters

Constructor example

AccessRule Resource Properties

Inputs

Outputs

Look up Existing AccessRule Resource

Supporting Types

AccessRuleConfiguration, AccessRuleConfigurationArgs

AccessRuleScope, AccessRuleScopeArgs

Import

Package Details

On this page

On this page