Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_cloud_app_control_rules resource manages cloud application control rules in the Zscaler Internet Access (ZIA) cloud service. Cloud app control rules define policies that govern user access to cloud applications, allowing administrators to allow, block, or isolate specific application activities.
For more information, see the ZIA Cloud App Control documentation.
Example Usage
Basic Cloud App Control Rule
Example coming soon!
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
zia "github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zia.NewCloudAppControlRule(ctx, "example", &zia.CloudAppControlRuleArgs{
Name: pulumi.String("Example Cloud App Control Rule"),
Description: pulumi.StringRef("Block file sharing uploads"),
Type: pulumi.String("STREAMING_MEDIA"),
Order: pulumi.Int(1),
State: pulumi.StringRef("ENABLED"),
Actions: pulumi.ToStringArray([]string{"BLOCK"}),
Applications: pulumi.ToStringArray([]string{"YOUTUBE"}),
})
return err
})
}
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.CloudAppControlRule("example", {
name: "Example Cloud App Control Rule",
description: "Block file sharing uploads",
type: "STREAMING_MEDIA",
order: 1,
state: "ENABLED",
actions: ["BLOCK"],
applications: ["YOUTUBE"],
});
import zscaler_pulumi_zia as zia
example = zia.CloudAppControlRule("example",
name="Example Cloud App Control Rule",
description="Block file sharing uploads",
type="STREAMING_MEDIA",
order=1,
state="ENABLED",
actions=["BLOCK"],
applications=["YOUTUBE"],
)
resources:
example:
type: zia:CloudAppControlRule
properties:
name: Example Cloud App Control Rule
description: Block file sharing uploads
type: STREAMING_MEDIA
order: 1
state: ENABLED
actions:
- BLOCK
applications:
- YOUTUBE
Create CloudAppControlRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CloudAppControlRule(name: string, args: CloudAppControlRuleArgs, opts?: CustomResourceOptions);@overload
def CloudAppControlRule(resource_name: str,
args: CloudAppControlRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CloudAppControlRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
type: Optional[str] = None,
order: Optional[int] = None,
departments: Optional[Sequence[int]] = None,
labels: Optional[Sequence[int]] = None,
cloud_app_risk_profile_id: Optional[int] = None,
actions: Optional[Sequence[str]] = None,
description: Optional[str] = None,
device_groups: Optional[Sequence[int]] = None,
devices: Optional[Sequence[int]] = None,
enforce_time_validity: Optional[bool] = None,
eun_enabled: Optional[bool] = None,
eun_template_id: Optional[int] = None,
groups: Optional[Sequence[int]] = None,
cbi_profile: Optional[CBIProfileInputArgs] = None,
location_groups: Optional[Sequence[int]] = None,
locations: Optional[Sequence[int]] = None,
cascading_enabled: Optional[bool] = None,
browser_eun_template_id: Optional[int] = None,
rank: Optional[int] = None,
size_quota: Optional[int] = None,
state: Optional[str] = None,
tenancy_profile_ids: Optional[Sequence[int]] = None,
time_quota: Optional[int] = None,
time_windows: Optional[Sequence[int]] = None,
applications: Optional[Sequence[str]] = None,
users: Optional[Sequence[int]] = None)func NewCloudAppControlRule(ctx *Context, name string, args CloudAppControlRuleArgs, opts ...ResourceOption) (*CloudAppControlRule, error)public CloudAppControlRule(string name, CloudAppControlRuleArgs args, CustomResourceOptions? opts = null)
public CloudAppControlRule(String name, CloudAppControlRuleArgs args)
public CloudAppControlRule(String name, CloudAppControlRuleArgs args, CustomResourceOptions options)
type: zia:CloudAppControlRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cloudAppControlRuleResource = new Zia.CloudAppControlRule("cloudAppControlRuleResource", new()
{
Name = "string",
Type = "string",
Order = 0,
Departments = new[]
{
0,
},
Labels = new[]
{
0,
},
CloudAppRiskProfileId = 0,
Actions = new[]
{
"string",
},
Description = "string",
DeviceGroups = new[]
{
0,
},
Devices = new[]
{
0,
},
EnforceTimeValidity = false,
EunEnabled = false,
EunTemplateId = 0,
Groups = new[]
{
0,
},
CbiProfile = new Zia.Inputs.CBIProfileInputArgs
{
Name = "string",
ProfileSeq = 0,
ResourceId = "string",
Url = "string",
},
LocationGroups = new[]
{
0,
},
Locations = new[]
{
0,
},
CascadingEnabled = false,
BrowserEunTemplateId = 0,
Rank = 0,
SizeQuota = 0,
State = "string",
TenancyProfileIds = new[]
{
0,
},
TimeQuota = 0,
TimeWindows = new[]
{
0,
},
Applications = new[]
{
"string",
},
Users = new[]
{
0,
},
});
example, err := zia.NewCloudAppControlRule(ctx, "cloudAppControlRuleResource", &zia.CloudAppControlRuleArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
Order: pulumi.Int(0),
Departments: pulumi.IntArray{
pulumi.Int(0),
},
Labels: pulumi.IntArray{
pulumi.Int(0),
},
CloudAppRiskProfileId: pulumi.Int(0),
Actions: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
DeviceGroups: pulumi.IntArray{
pulumi.Int(0),
},
Devices: pulumi.IntArray{
pulumi.Int(0),
},
EnforceTimeValidity: pulumi.Bool(false),
EunEnabled: pulumi.Bool(false),
EunTemplateId: pulumi.Int(0),
Groups: pulumi.IntArray{
pulumi.Int(0),
},
CbiProfile: &pulumizia.CBIProfileInputArgs{
Name: pulumi.String("string"),
ProfileSeq: pulumi.Int(0),
ResourceId: pulumi.String("string"),
Url: pulumi.String("string"),
},
LocationGroups: pulumi.IntArray{
pulumi.Int(0),
},
Locations: pulumi.IntArray{
pulumi.Int(0),
},
CascadingEnabled: pulumi.Bool(false),
BrowserEunTemplateId: pulumi.Int(0),
Rank: pulumi.Int(0),
SizeQuota: pulumi.Int(0),
State: pulumi.String("string"),
TenancyProfileIds: pulumi.IntArray{
pulumi.Int(0),
},
TimeQuota: pulumi.Int(0),
TimeWindows: pulumi.IntArray{
pulumi.Int(0),
},
Applications: pulumi.StringArray{
pulumi.String("string"),
},
Users: pulumi.IntArray{
pulumi.Int(0),
},
})
var cloudAppControlRuleResource = new CloudAppControlRule("cloudAppControlRuleResource", CloudAppControlRuleArgs.builder()
.name("string")
.type("string")
.order(0)
.departments(0)
.labels(0)
.cloudAppRiskProfileId(0)
.actions("string")
.description("string")
.deviceGroups(0)
.devices(0)
.enforceTimeValidity(false)
.eunEnabled(false)
.eunTemplateId(0)
.groups(0)
.cbiProfile(CBIProfileInputArgs.builder()
.name("string")
.profileSeq(0)
.resourceId("string")
.url("string")
.build())
.locationGroups(0)
.locations(0)
.cascadingEnabled(false)
.browserEunTemplateId(0)
.rank(0)
.sizeQuota(0)
.state("string")
.tenancyProfileIds(0)
.timeQuota(0)
.timeWindows(0)
.applications("string")
.users(0)
.build());
cloud_app_control_rule_resource = zia.CloudAppControlRule("cloudAppControlRuleResource",
name="string",
type="string",
order=0,
departments=[0],
labels=[0],
cloud_app_risk_profile_id=0,
actions=["string"],
description="string",
device_groups=[0],
devices=[0],
enforce_time_validity=False,
eun_enabled=False,
eun_template_id=0,
groups=[0],
cbi_profile={
"name": "string",
"profile_seq": 0,
"resource_id": "string",
"url": "string",
},
location_groups=[0],
locations=[0],
cascading_enabled=False,
browser_eun_template_id=0,
rank=0,
size_quota=0,
state="string",
tenancy_profile_ids=[0],
time_quota=0,
time_windows=[0],
applications=["string"],
users=[0])
const cloudAppControlRuleResource = new zia.CloudAppControlRule("cloudAppControlRuleResource", {
name: "string",
type: "string",
order: 0,
departments: [0],
labels: [0],
cloudAppRiskProfileId: 0,
actions: ["string"],
description: "string",
deviceGroups: [0],
devices: [0],
enforceTimeValidity: false,
eunEnabled: false,
eunTemplateId: 0,
groups: [0],
cbiProfile: {
name: "string",
profileSeq: 0,
resourceId: "string",
url: "string",
},
locationGroups: [0],
locations: [0],
cascadingEnabled: false,
browserEunTemplateId: 0,
rank: 0,
sizeQuota: 0,
state: "string",
tenancyProfileIds: [0],
timeQuota: 0,
timeWindows: [0],
applications: ["string"],
users: [0],
});
type: zia:CloudAppControlRule
properties:
actions:
- string
applications:
- string
browserEunTemplateId: 0
cascadingEnabled: false
cbiProfile:
name: string
profileSeq: 0
resourceId: string
url: string
cloudAppRiskProfileId: 0
departments:
- 0
description: string
deviceGroups:
- 0
devices:
- 0
enforceTimeValidity: false
eunEnabled: false
eunTemplateId: 0
groups:
- 0
labels:
- 0
locationGroups:
- 0
locations:
- 0
name: string
order: 0
rank: 0
sizeQuota: 0
state: string
tenancyProfileIds:
- 0
timeQuota: 0
timeWindows:
- 0
type: string
users:
- 0
CloudAppControlRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CloudAppControlRule resource accepts the following input properties:
- Name string
- The name of the cloud app control rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other cloud app control rules.
- Type string
- The rule type, corresponding to the cloud application category. Valid values:
STREAMING_MEDIA,SOCIAL_NETWORKING,WEBMAIL,INSTANT_MESSAGING,FILE_SHARE,BUSINESS_PRODUCTIVITY,SYSTEM_AND_DEVELOPMENT,CONSUMER,HOSTING_PROVIDER,DNS_OVER_HTTPS,ENTERPRISE_COLLABORATION,GENERATIVE_AI,SALES_AND_MARKETING,HEALTH_CARE,LEGAL,HUMAN_RESOURCES,FINANCE. - Actions List<string>
- Actions taken when traffic matches rule criteria. Valid values:
ALLOW,BLOCK,CAUTION,ISOLATE. - Applications List<string>
- List of cloud application names to which the rule applies.
- Browser
Eun intTemplate Id - The ID of the Browser End User Notification template.
- Cascading
Enabled bool - If true, cascading to other rules is enabled when this rule matches.
- Cbi
Profile zscaler.Pulumi Package. Zia. Inputs. CBIProfile Input - The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'.
- Cloud
App intRisk Profile Id - The ID of the cloud application risk profile associated with this rule.
- Departments List<int>
- IDs of departments for which the rule must be applied.
- Description string
- Additional information about the cloud app control rule.
- Device
Groups List<int> - IDs of device groups for which the rule must be applied.
- Devices List<int>
- IDs of devices for which the rule must be applied.
- Enforce
Time boolValidity - Enforce a set validity time period for the rule.
- Eun
Enabled bool - If true, End User Notification is enabled for this rule.
- Eun
Template intId - The ID of the End User Notification template.
- Groups List<int>
- IDs of groups for which the rule must be applied.
- Labels List<int>
- IDs of labels associated with the cloud app control rule.
- Location
Groups List<int> - IDs of location groups for which the rule must be applied.
- Locations List<int>
- IDs of locations for which the rule must be applied.
- Rank int
- Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7.
- Size
Quota int - Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Tenancy
Profile List<int>Ids - IDs of tenancy profiles for which the rule must be applied.
- Time
Quota int - Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'.
- Time
Windows List<int> - IDs of time intervals during which the rule must be enforced.
- Users List<int>
- IDs of users for which the rule must be applied.
- Name string
- The name of the cloud app control rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other cloud app control rules.
- Type string
- The rule type, corresponding to the cloud application category. Valid values:
STREAMING_MEDIA,SOCIAL_NETWORKING,WEBMAIL,INSTANT_MESSAGING,FILE_SHARE,BUSINESS_PRODUCTIVITY,SYSTEM_AND_DEVELOPMENT,CONSUMER,HOSTING_PROVIDER,DNS_OVER_HTTPS,ENTERPRISE_COLLABORATION,GENERATIVE_AI,SALES_AND_MARKETING,HEALTH_CARE,LEGAL,HUMAN_RESOURCES,FINANCE. - Actions []string
- Actions taken when traffic matches rule criteria. Valid values:
ALLOW,BLOCK,CAUTION,ISOLATE. - Applications []string
- List of cloud application names to which the rule applies.
- Browser
Eun intTemplate Id - The ID of the Browser End User Notification template.
- Cascading
Enabled bool - If true, cascading to other rules is enabled when this rule matches.
- Cbi
Profile CBIProfileInput Args - The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'.
- Cloud
App intRisk Profile Id - The ID of the cloud application risk profile associated with this rule.
- Departments []int
- IDs of departments for which the rule must be applied.
- Description string
- Additional information about the cloud app control rule.
- Device
Groups []int - IDs of device groups for which the rule must be applied.
- Devices []int
- IDs of devices for which the rule must be applied.
- Enforce
Time boolValidity - Enforce a set validity time period for the rule.
- Eun
Enabled bool - If true, End User Notification is enabled for this rule.
- Eun
Template intId - The ID of the End User Notification template.
- Groups []int
- IDs of groups for which the rule must be applied.
- Labels []int
- IDs of labels associated with the cloud app control rule.
- Location
Groups []int - IDs of location groups for which the rule must be applied.
- Locations []int
- IDs of locations for which the rule must be applied.
- Rank int
- Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7.
- Size
Quota int - Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Tenancy
Profile []intIds - IDs of tenancy profiles for which the rule must be applied.
- Time
Quota int - Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'.
- Time
Windows []int - IDs of time intervals during which the rule must be enforced.
- Users []int
- IDs of users for which the rule must be applied.
- name String
- The name of the cloud app control rule. Must be unique.
- order Integer
- The order of execution of the rule with respect to other cloud app control rules.
- type String
- The rule type, corresponding to the cloud application category. Valid values:
STREAMING_MEDIA,SOCIAL_NETWORKING,WEBMAIL,INSTANT_MESSAGING,FILE_SHARE,BUSINESS_PRODUCTIVITY,SYSTEM_AND_DEVELOPMENT,CONSUMER,HOSTING_PROVIDER,DNS_OVER_HTTPS,ENTERPRISE_COLLABORATION,GENERATIVE_AI,SALES_AND_MARKETING,HEALTH_CARE,LEGAL,HUMAN_RESOURCES,FINANCE. - actions List<String>
- Actions taken when traffic matches rule criteria. Valid values:
ALLOW,BLOCK,CAUTION,ISOLATE. - applications List<String>
- List of cloud application names to which the rule applies.
- browser
Eun IntegerTemplate Id - The ID of the Browser End User Notification template.
- cascading
Enabled Boolean - If true, cascading to other rules is enabled when this rule matches.
- cbi
Profile CBIProfileInput - The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'.
- cloud
App IntegerRisk Profile Id - The ID of the cloud application risk profile associated with this rule.
- departments List<Integer>
- IDs of departments for which the rule must be applied.
- description String
- Additional information about the cloud app control rule.
- device
Groups List<Integer> - IDs of device groups for which the rule must be applied.
- devices List<Integer>
- IDs of devices for which the rule must be applied.
- enforce
Time BooleanValidity - Enforce a set validity time period for the rule.
- eun
Enabled Boolean - If true, End User Notification is enabled for this rule.
- eun
Template IntegerId - The ID of the End User Notification template.
- groups List<Integer>
- IDs of groups for which the rule must be applied.
- labels List<Integer>
- IDs of labels associated with the cloud app control rule.
- location
Groups List<Integer> - IDs of location groups for which the rule must be applied.
- locations List<Integer>
- IDs of locations for which the rule must be applied.
- rank Integer
- Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7.
- size
Quota Integer - Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - tenancy
Profile List<Integer>Ids - IDs of tenancy profiles for which the rule must be applied.
- time
Quota Integer - Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'.
- time
Windows List<Integer> - IDs of time intervals during which the rule must be enforced.
- users List<Integer>
- IDs of users for which the rule must be applied.
- name string
- The name of the cloud app control rule. Must be unique.
- order number
- The order of execution of the rule with respect to other cloud app control rules.
- type string
- The rule type, corresponding to the cloud application category. Valid values:
STREAMING_MEDIA,SOCIAL_NETWORKING,WEBMAIL,INSTANT_MESSAGING,FILE_SHARE,BUSINESS_PRODUCTIVITY,SYSTEM_AND_DEVELOPMENT,CONSUMER,HOSTING_PROVIDER,DNS_OVER_HTTPS,ENTERPRISE_COLLABORATION,GENERATIVE_AI,SALES_AND_MARKETING,HEALTH_CARE,LEGAL,HUMAN_RESOURCES,FINANCE. - actions string[]
- Actions taken when traffic matches rule criteria. Valid values:
ALLOW,BLOCK,CAUTION,ISOLATE. - applications string[]
- List of cloud application names to which the rule applies.
- browser
Eun numberTemplate Id - The ID of the Browser End User Notification template.
- cascading
Enabled boolean - If true, cascading to other rules is enabled when this rule matches.
- cbi
Profile CBIProfileInput - The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'.
- cloud
App numberRisk Profile Id - The ID of the cloud application risk profile associated with this rule.
- departments number[]
- IDs of departments for which the rule must be applied.
- description string
- Additional information about the cloud app control rule.
- device
Groups number[] - IDs of device groups for which the rule must be applied.
- devices number[]
- IDs of devices for which the rule must be applied.
- enforce
Time booleanValidity - Enforce a set validity time period for the rule.
- eun
Enabled boolean - If true, End User Notification is enabled for this rule.
- eun
Template numberId - The ID of the End User Notification template.
- groups number[]
- IDs of groups for which the rule must be applied.
- labels number[]
- IDs of labels associated with the cloud app control rule.
- location
Groups number[] - IDs of location groups for which the rule must be applied.
- locations number[]
- IDs of locations for which the rule must be applied.
- rank number
- Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7.
- size
Quota number - Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'.
- state string
- Rule state. Valid values:
ENABLED,DISABLED. - tenancy
Profile number[]Ids - IDs of tenancy profiles for which the rule must be applied.
- time
Quota number - Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'.
- time
Windows number[] - IDs of time intervals during which the rule must be enforced.
- users number[]
- IDs of users for which the rule must be applied.
- name str
- The name of the cloud app control rule. Must be unique.
- order int
- The order of execution of the rule with respect to other cloud app control rules.
- type str
- The rule type, corresponding to the cloud application category. Valid values:
STREAMING_MEDIA,SOCIAL_NETWORKING,WEBMAIL,INSTANT_MESSAGING,FILE_SHARE,BUSINESS_PRODUCTIVITY,SYSTEM_AND_DEVELOPMENT,CONSUMER,HOSTING_PROVIDER,DNS_OVER_HTTPS,ENTERPRISE_COLLABORATION,GENERATIVE_AI,SALES_AND_MARKETING,HEALTH_CARE,LEGAL,HUMAN_RESOURCES,FINANCE. - actions Sequence[str]
- Actions taken when traffic matches rule criteria. Valid values:
ALLOW,BLOCK,CAUTION,ISOLATE. - applications Sequence[str]
- List of cloud application names to which the rule applies.
- browser_
eun_ inttemplate_ id - The ID of the Browser End User Notification template.
- cascading_
enabled bool - If true, cascading to other rules is enabled when this rule matches.
- cbi_
profile CBIProfileInput Args - The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'.
- cloud_
app_ intrisk_ profile_ id - The ID of the cloud application risk profile associated with this rule.
- departments Sequence[int]
- IDs of departments for which the rule must be applied.
- description str
- Additional information about the cloud app control rule.
- device_
groups Sequence[int] - IDs of device groups for which the rule must be applied.
- devices Sequence[int]
- IDs of devices for which the rule must be applied.
- enforce_
time_ boolvalidity - Enforce a set validity time period for the rule.
- eun_
enabled bool - If true, End User Notification is enabled for this rule.
- eun_
template_ intid - The ID of the End User Notification template.
- groups Sequence[int]
- IDs of groups for which the rule must be applied.
- labels Sequence[int]
- IDs of labels associated with the cloud app control rule.
- location_
groups Sequence[int] - IDs of location groups for which the rule must be applied.
- locations Sequence[int]
- IDs of locations for which the rule must be applied.
- rank int
- Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7.
- size_
quota int - Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'.
- state str
- Rule state. Valid values:
ENABLED,DISABLED. - tenancy_
profile_ Sequence[int]ids - IDs of tenancy profiles for which the rule must be applied.
- time_
quota int - Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'.
- time_
windows Sequence[int] - IDs of time intervals during which the rule must be enforced.
- users Sequence[int]
- IDs of users for which the rule must be applied.
- name String
- The name of the cloud app control rule. Must be unique.
- order Number
- The order of execution of the rule with respect to other cloud app control rules.
- type String
- The rule type, corresponding to the cloud application category. Valid values:
STREAMING_MEDIA,SOCIAL_NETWORKING,WEBMAIL,INSTANT_MESSAGING,FILE_SHARE,BUSINESS_PRODUCTIVITY,SYSTEM_AND_DEVELOPMENT,CONSUMER,HOSTING_PROVIDER,DNS_OVER_HTTPS,ENTERPRISE_COLLABORATION,GENERATIVE_AI,SALES_AND_MARKETING,HEALTH_CARE,LEGAL,HUMAN_RESOURCES,FINANCE. - actions List<String>
- Actions taken when traffic matches rule criteria. Valid values:
ALLOW,BLOCK,CAUTION,ISOLATE. - applications List<String>
- List of cloud application names to which the rule applies.
- browser
Eun NumberTemplate Id - The ID of the Browser End User Notification template.
- cascading
Enabled Boolean - If true, cascading to other rules is enabled when this rule matches.
- cbi
Profile Property Map - The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'.
- cloud
App NumberRisk Profile Id - The ID of the cloud application risk profile associated with this rule.
- departments List<Number>
- IDs of departments for which the rule must be applied.
- description String
- Additional information about the cloud app control rule.
- device
Groups List<Number> - IDs of device groups for which the rule must be applied.
- devices List<Number>
- IDs of devices for which the rule must be applied.
- enforce
Time BooleanValidity - Enforce a set validity time period for the rule.
- eun
Enabled Boolean - If true, End User Notification is enabled for this rule.
- eun
Template NumberId - The ID of the End User Notification template.
- groups List<Number>
- IDs of groups for which the rule must be applied.
- labels List<Number>
- IDs of labels associated with the cloud app control rule.
- location
Groups List<Number> - IDs of location groups for which the rule must be applied.
- locations List<Number>
- IDs of locations for which the rule must be applied.
- rank Number
- Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7.
- size
Quota Number - Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - tenancy
Profile List<Number>Ids - IDs of tenancy profiles for which the rule must be applied.
- time
Quota Number - Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'.
- time
Windows List<Number> - IDs of time intervals during which the rule must be enforced.
- users List<Number>
- IDs of users for which the rule must be applied.
Outputs
All input properties are implicitly available as output properties. Additionally, the CloudAppControlRule resource produces the following output properties:
Supporting Types
CBIProfileInput, CBIProfileInputArgs
- Name string
- Profile
Seq int - Resource
Id string - Url string
- Name string
- Profile
Seq int - Resource
Id string - Url string
- name String
- profile
Seq Integer - resource
Id String - url String
- name string
- profile
Seq number - resource
Id string - url string
- name str
- profile_
seq int - resource_
id str - url str
- name String
- profile
Seq Number - resource
Id String - url String
Import
An existing Cloud App Control Rule can be imported using its resource ID, e.g.
$ pulumi import zia:index:CloudAppControlRule example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
