Docs Home
Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
zia.CloudAppControlRule
Explore with Pulumi AI
The zia_cloud_app_control_rule resource allows the creation and management of ZIA Cloud Application Control rules in the Zscaler Internet Access.
NOTE Resources or DataSources to retrieve Tenant Profile or Cloud Application Risk Profile ID information are not currently available.
Example Usage
Basic Rule Configuration
resource "zia_cloud_app_control_rule" "this" {
name = "Example_WebMail_Rule"
description = "Example_WebMail_Rule"
order = 1
rank = 7
state = "ENABLED"
type = "WEBMAIL"
actions = [
"ALLOW_WEBMAIL_VIEW",
"ALLOW_WEBMAIL_ATTACHMENT_SEND",
"ALLOW_WEBMAIL_SEND",
]
applications = [
"GOOGLE_WEBMAIL",
"YAHOO_WEBMAIL",
]
device_trust_levels = ["UNKNOWN_DEVICETRUSTLEVEL", "LOW_TRUST", "MEDIUM_TRUST", "HIGH_TRUST"]
user_agent_types = ["OPERA", "FIREFOX", "MSIE", "MSEDGE", "CHROME", "SAFARI", "MSCHREDGE"]
}
With Cloud Risk Profile Configuration
resource "zia_cloud_app_control_rule" "this" {
name = "Example_WebMail_Rule"
description = "Example_WebMail_Rule"
order = 1
rank = 7
state = "ENABLED"
type = "WEBMAIL"
actions = [
"ALLOW_WEBMAIL_VIEW",
"ALLOW_WEBMAIL_ATTACHMENT_SEND",
"ALLOW_WEBMAIL_SEND",
]
applications = [
"GOOGLE_WEBMAIL",
"YAHOO_WEBMAIL",
]
cloud_app_risk_profile {
id = 318
}
}
With Tenant Profile Configuration
NOTE Tenant profile is supported only for specific applications depending on the type
resource "zia_cloud_app_control_rule" "this" {
name = "Example_WebMail_Rule"
description = "Example_WebMail_Rule"
order = 1
rank = 7
state = "ENABLED"
type = "WEBMAIL"
actions = [
"ALLOW_WEBMAIL_VIEW",
"ALLOW_WEBMAIL_ATTACHMENT_SEND",
"ALLOW_WEBMAIL_SEND",
]
applications = [
"GOOGLE_WEBMAIL",
"YAHOO_WEBMAIL",
]
tenancy_profile_ids {
id = [ 19016237 ]
}
}
With ISOLATE ACTION
⚠️ WARNING 1:: Creating a Cloud Application Control Rule with the actions containing ISOLATE_ Cloud Browser Isolation subscription is required. See the “Cloud Application Control - Rule Types vs Actions Matrix” below. To learn more, contact Zscaler Support or your local account team.
data "zia_cloud_browser_isolation_profile" "this" {
name = "BD_SA_Profile1_ZIA"
}
resource "zia_cloud_app_control_rule" "this" {
name = "Example"
description = "Example"
state = "ENABLED"
type = "WEBMAIL"
actions = [
"ALLOW_WEBMAIL_VIEW",
"ALLOW_WEBMAIL_ATTACHMENT_SEND",
"ALLOW_WEBMAIL_SEND",
]
applications = [
"GOOGLE_WEBMAIL",
"YAHOO_WEBMAIL",
]
order = 1
enforce_time_validity = true
validity_start_time = "Mon, 17 Jun 2024 23:30:00 UTC"
validity_end_time = "Tue, 17 Jun 2025 23:00:00 UTC"
validity_time_zone_id = "US/Pacific"
time_quota = 15
size_quota = 10
device_trust_levels = ["UNKNOWN_DEVICETRUSTLEVEL", "LOW_TRUST", "MEDIUM_TRUST", "HIGH_TRUST"]
cbi_profile {
id = data.zia_cloud_browser_isolation_profile.this.id
name = data.zia_cloud_browser_isolation_profile.this.name
url = data.zia_cloud_browser_isolation_profile.this.url
}
user_agent_types = [ "OPERA", "FIREFOX", "MSIE", "MSEDGE", "CHROME", "SAFARI", "MSCHREDGE" ]
}
Cloud Application Control - Rule Types vs Actions Matrix
Note: Refer to this matrix when configuring types vs actions for each specific rules
| Types | Actions |
|---|---|
| ————— | ————————————————– |
AI_ML | DENY_AI_ML_WEB_USE, ALLOW_AI_ML_WEB_USE, ISOLATE_AI_ML_WEB_USE, |
AI_ML | CAUTION_AI_ML_WEB_USE, DENY_AI_ML_UPLOAD, ALLOW_AI_ML_UPLOAD, |
AI_ML | DENY_AI_ML_SHARE, ALLOW_AI_ML_SHARE, DENY_AI_ML_DOWNLOAD, |
AI_ML | ALLOW_AI_ML_DOWNLOAD, DENY_AI_ML_DELETE,ALLOW_AI_ML_DELETE, |
AI_ML | DENY_AI_ML_INVITE, ALLOW_AI_ML_INVITE, DENY_AI_ML_CHAT, |
AI_ML | ALLOW_AI_ML_CHAT, DENY_AI_ML_CREATE, ALLOW_AI_ML_CREATE, |
AI_ML | DENY_AI_ML_RENAME, ALLOW_AI_ML_RENAME |
| ————————- | ——————————————————– |
BUSINESS_PRODUCTIVITY | ALLOW_BUSINESS_PRODUCTIVITY_APPS, BLOCK_BUSINESS_PRODUCTIVITY_APPS |
BUSINESS_PRODUCTIVITY | CAUTION_BUSINESS_PRODUCTIVITY_APPS, ISOLATE_BUSINESS_PRODUCTIVITY_APPS |
| ———————— | ——————————————————— |
CONSUMER | ALLOW_CONSUMER_APPS, BLOCK_CONSUMER_APPS |
CONSUMER | CAUTION_CONSUMER_APPS, ISOLATE_CONSUMER_APPS |
| ————————– | ——————————————————— |
CUSTOM_CAPP | BLOCK_CUSTOM_CAPP_USE, ALLOW_CUSTOM_CAPP_USE |
CUSTOM_CAPP | ISOLATE_CUSTOM_CAPP_USE, CAUTION_CUSTOM_CAPP_USE |
| ————————– | ——————————————————— |
DNS_OVER_HTTPS | ALLOW_DNS_OVER_HTTPS_USE |
DNS_OVER_HTTPS | DENY_DNS_OVER_HTTPS_USE |
| ————————- | ——————————————————— |
ENTERPRISE_COLLABORATION | ALLOW_ENTERPRISE_COLLABORATION_APPS, ALLOW_ENTERPRISE_COLLABORATION_CHAT, |
ENTERPRISE_COLLABORATION | ALLOW_ENTERPRISE_COLLABORATION_UPLOAD, ALLOW_ENTERPRISE_COLLABORATION_SHARE, |
ENTERPRISE_COLLABORATION | BLOCK_ENTERPRISE_COLLABORATION_APPS, ALLOW_ENTERPRISE_COLLABORATION_EDIT, |
ENTERPRISE_COLLABORATION | ALLOW_ENTERPRISE_COLLABORATION_RENAME, ALLOW_ENTERPRISE_COLLABORATION_CREATE, |
ENTERPRISE_COLLABORATION | ALLOW_ENTERPRISE_COLLABORATION_DOWNLOAD, ALLOW_ENTERPRISE_COLLABORATION_HUDDLE, |
ENTERPRISE_COLLABORATION | ALLOW_ENTERPRISE_COLLABORATION_INVITE, ALLOW_ENTERPRISE_COLLABORATION_MEETING, |
ENTERPRISE_COLLABORATION | ALLOW_ENTERPRISE_COLLABORATION_DELETE, ALLOW_ENTERPRISE_COLLABORATION_SCREEN_SHARE, |
ENTERPRISE_COLLABORATION | BLOCK_ENTERPRISE_COLLABORATION_CHAT, BLOCK_ENTERPRISE_COLLABORATION_UPLOAD, |
ENTERPRISE_COLLABORATION | BLOCK_ENTERPRISE_COLLABORATION_SHARE, BLOCK_ENTERPRISE_COLLABORATION_EDIT, |
ENTERPRISE_COLLABORATION | BLOCK_ENTERPRISE_COLLABORATION_RENAME, BLOCK_ENTERPRISE_COLLABORATION_CREATE, |
ENTERPRISE_COLLABORATION | BLOCK_ENTERPRISE_COLLABORATION_DO WNLOAD, BLOCK_ENTERPRISE_COLLABORATION_DELETE, |
ENTERPRISE_COLLABORATION | BLOCK_ENTERPRISE_COLLABORATION_HUDDLE, BLOCK_ENTERPRISE_COLLABORATION_INVITE, |
ENTERPRISE_COLLABORATION | BLOCK_ENTERPRISE_COLLABORATION_MEETING, BLOCK_ENTERPRISE_COLLABORATION_SCREEN_SHARE, |
ENTERPRISE_COLLABORATION | ISOLATE_ENTERPRISE_COLLABORATION_APPS, CAUTION_ENTERPRISE_COLLABORATION_APPS, |
| ————————– | ————————————————- |
FILE_SHARE | DENY_FILE_SHARE_VIEW, ALLOW_FILE_SHARE_VIEW, CAUTION_FILE_SHARE_VIEW, |
FILE_SHARE | DENY_FILE_SHARE_UPLOAD, ALLOW_FILE_SHARE_UPLOAD, ISOLATE_FILE_SHARE_VIEW, |
FILE_SHARE | DENY_FILE_SHARE_SHARE, ALLOW_FILE_SHARE_SHARE, DENY_FILE_SHARE_EDIT, |
FILE_SHARE | ALLOW_FILE_SHARE_EDIT, DENY_FILE_SHARE_RENAME, ALLOW_FILE_SHARE_RENAME, |
FILE_SHARE | DENY_FILE_SHARE_CREATE, ALLOW_FILE_SHARE_CREATE, DENY_FILE_SHARE_DOWNLOAD, |
FILE_SHARE | ALLOW_FILE_SHARE_DOWNLOAD, DENY_FILE_SHARE_DELETE, ALLOW_FILE_SHARE_DELETE, |
FILE_SHARE | DENY_FILE_SHARE_FORM_SHARE, ALLOW_FILE_SHARE_FORM_SHARE, DENY_FILE_SHARE_INVITE, |
FILE_SHARE | ALLOW_FILE_SHARE_INVITE |
| ————————- | ————————————————- |
FINANCE | ALLOW_FINANCE_USE, CAUTION_FINANCE_USE |
FINANCE | DENY_FINANCE_USE, ISOLATE_FINANCE_USE |
| ————————– | ————————————————- |
HEALTH_CARE | ALLOW_HEALTH_CARE_USE, CAUTION_HEALTH_CARE_USE |
HEALTH_CARE | DENY_HEALTH_CARE_USE, ISOLATE_HEALTH_CARE_USE |
| ————————- | ————————————————- |
HOSTING_PROVIDER | ALLOW_HOSTING_PROVIDER_DELETE, DENY_HOSTING_PROVIDER_EDIT, ALLOW_HOSTING_PROVIDER_EDIT, |
HOSTING_PROVIDER | ALLOW_HOSTING_PROVIDER_CREATE, DENY_HOSTING_PROVIDER_CREATE,DENY_HOSTING_PROVIDER_DELETE, |
HOSTING_PROVIDER | ALLOW_HOSTING_PROVIDER_USE, DENY_HOSTING_PROVIDER_USE, |
HOSTING_PROVIDER | ALLOW_HOSTING_PROVIDER_DOWNLOAD, DENY_HOSTING_PROVIDER_DOWNLOAD, |
HOSTING_PROVIDER | ALLOW_HOSTING_PROVIDER_MOVE, DENY_HOSTING_PROVIDER_MOVE, |
HOSTING_PROVIDER | ISOLATE_HOSTING_PROVIDER_USE, CAUTION_HOSTING_PROVIDER_USE, |
| ————————– | ————————————————- |
HUMAN_RESOURCES | ALLOW_HUMAN_RESOURCES_USE, CAUTION_HUMAN_RESOURCES_USE, |
HUMAN_RESOURCES | DENY_HUMAN_RESOURCES_USE, ISOLATE_HUMAN_RESOURCES_USE, |
| ————————– | ————————————————- |
INSTANT_MESSAGING | ALLOW_CHAT, ALLOW_FILE_TRANSFER_IN_CHAT, |
INSTANT_MESSAGING | ALLOW_FILE_TRANSFER_IN_CHAT, BLOCK_CHAT, |
INSTANT_MESSAGING | BLOCK_FILE_TRANSFER_IN_CHAT, CAUTION_CHAT, |
INSTANT_MESSAGING | CAUTION_FILE_TRANSFER_IN_CHAT, ISOLATE_CHAT |
| ————————– | ————————————————- |
IT_SERVICES | ALLOW_IT_SERVICES_USE, CAUTION_LEGAL_USE, |
IT_SERVICES | DENY_IT_SERVICES_USE, ISOLATE_IT_SERVICES_USE |
| ————————- | ————————————————- |
LEGAL | ALLOW_LEGAL_USE, DENY_DNS_OVER_HTTPS_USE, |
LEGAL | DENY_LEGAL_USE, ISOLATE_LEGAL_USE |
| ————————- | ————————————————- |
SALES_AND_MARKETING | ALLOW_SALES_MARKETING_APPS, BLOCK_SALES_MARKETING_APPS, |
SALES_AND_MARKETING | CAUTION_SALES_MARKETING_APPS, ISOLATE_SALES_MARKETING_APPS |
| ————————- | ————————————————- |
STREAMING_MEDIA | BLOCK_STREAMING_VIEW_LISTEN, ALLOW_STREAMING_VIEW_LISTEN, |
STREAMING_MEDIA | CAUTION_STREAMING_VIEW_LISTEN, BLOCK_STREAMING_UPLOAD, |
STREAMING_MEDIA | ALLOW_STREAMING_UPLOAD, ISOLATE_STREAMING_VIEW_LISTEN |
| ———————– | ————————————————- |
SOCIAL_NETWORKING | ALLOW_SOCIAL_NETWORKING_CHAT, ALLOW_SOCIAL_NETWORKING_COMMENT, |
SOCIAL_NETWORKING | ALLOW_SOCIAL_NETWORKING_CREATE, ALLOW_SOCIAL_NETWORKING_EDIT, |
SOCIAL_NETWORKING | ALLOW_SOCIAL_NETWORKING_POST, ALLOW_SOCIAL_NETWORKING_SHARE, |
SOCIAL_NETWORKING | ALLOW_SOCIAL_NETWORKING_UPLOAD, ALLOW_SOCIAL_NETWORKING_VIEW, |
SOCIAL_NETWORKING | BLOCK_SOCIAL_NETWORKING_CHAT, BLOCK_SOCIAL_NETWORKING_COMMENT, |
SOCIAL_NETWORKING | BLOCK_SOCIAL_NETWORKING_CREATE, BLOCK_SOCIAL_NETWORKING_EDIT, |
SOCIAL_NETWORKING | BLOCK_SOCIAL_NETWORKING_POST,BLOCK_SOCIAL_NETWORKING_SHARE, |
SOCIAL_NETWORKING | BLOCK_SOCIAL_NETWORKING_UPLOAD, BLOCK_SOCIAL_NETWORKING_VIEW, |
SOCIAL_NETWORKING | CAUTION_SOCIAL_NETWORKING_POST, CAUTION_SOCIAL_NETWORKING_VIEW, |
SOCIAL_NETWORKING | ISOLATE_SOCIAL_NETWORKING_VIEW, |
| ————————- | ————————————————- |
SYSTEM_AND_DEVELOPMENT | BLOCK_SYSTEM_DEVELOPMENT_APPS, ALLOW_SYSTEM_DEVELOPMENT_APPS, |
SYSTEM_AND_DEVELOPMENT | ISOLATE_SYSTEM_DEVELOPMENT_APPS, BLOCK_SYSTEM_DEVELOPMENT_UPLOAD, |
SYSTEM_AND_DEVELOPMENT | ALLOW_SYSTEM_DEVELOPMENT_UPLOAD,CAUTION_SYSTEM_DEVELOPMENT_APPS, |
SYSTEM_AND_DEVELOPMENT | BLOCK_SYSTEM_DEVELOPMENT_CREATE, ALLOW_SYSTEM_DEVELOPMENT_CREATE, |
SYSTEM_AND_DEVELOPMENT | BLOCK_SYSTEM_DEVELOPMENT_EDIT, ALLOW_SYSTEM_DEVELOPMENT_EDIT, |
SYSTEM_AND_DEVELOPMENT | BLOCK_SYSTEM_DEVELOPMENT_SHARE, ALLOW_SYSTEM_DEVELOPMENT_SHARE, |
SYSTEM_AND_DEVELOPMENT | BLOCK_SYSTEM_DEVELOPMENT_COMMENT, ALLOW_SYSTEM_DEVELOPMENT_COMMENT, |
SYSTEM_AND_DEVELOPMENT | BLOCK_SYSTEM_DEVELOPMENT_REACTION,ALLOW_SYSTEM_DEVELOPMENT_REACTION |
| ————————– | ————————————————- |
WEBMAIL | ALLOW_WEBMAIL_VIEW, ALLOW_WEBMAIL_ATTACHMENT_SEND |
WEBMAIL | ALLOW_WEBMAIL_SEND, CAUTION_WEBMAIL_VIEW |
WEBMAIL | BLOCK_WEBMAIL_VIEW, BLOCK_WEBMAIL_ATTACHMENT_SEND |
WEBMAIL | BLOCK_WEBMAIL_SEND, ISOLATE_WEBMAIL_VIEW |
| ————————- | ————————————————- |
Cloud Application Control - Rule Types vs Tenant Profile Support
Note: Refer to this matrix when configuring a Cloud App Control rule with Tenant Profile
| Type | Applications | tenancy_profile_ids |
|---|---|---|
| ———————————- | ——————————- | ——————— |
BUSINESS_PRODUCTIVITY | "GOOGLEANALYTICS" | ✅ |
| ———————————- | ——————————- | ——————— |
ENTERPRISE_COLLABORATION | "GOOGLECALENDAR" | ✅ |
ENTERPRISE_COLLABORATION | "GOOGLEKEEP" | ✅ |
ENTERPRISE_COLLABORATION | "GOOGLEMEET" | ✅ |
ENTERPRISE_COLLABORATION | "GOOGLESITES" | ✅ |
ENTERPRISE_COLLABORATION | "WEBEX" | ✅ |
ENTERPRISE_COLLABORATION | "SLACK" | ✅ |
ENTERPRISE_COLLABORATION | "WEBEX_TEAMS" | ✅ |
ENTERPRISE_COLLABORATION | "ZOOM" | ✅ |
| ———————————- | ——————————- | ——————— |
FILE_SHARE | "DROPBOX" | ✅ |
FILE_SHARE | "GDRIVE" | ✅ |
FILE_SHARE | "GPHOTOS" | ✅ |
| ———————————- | ——————————- | ——————— |
HOSTING_PROVIDER | "GCLOUDCOMPUTE" | ✅ |
HOSTING_PROVIDER | "AWS" | ✅ |
HOSTING_PROVIDER | "IBMSMARTCLOUD" | ✅ |
HOSTING_PROVIDER | "GAPPENGINE" | ✅ |
HOSTING_PROVIDER | "GOOGLE_CLOUD_PLATFORM" | ✅ |
| ———————————- | ——————————- | ——————— |
IT_SERVICES | "MSLOGINSERVICES" | ✅ |
IT_SERVICES | "GOOGLOGINSERVICE" | ✅ |
IT_SERVICES | "WEBEX_LOGIN_SERVICES" | ✅ |
IT_SERVICES | "ZOHO_LOGIN_SERVICES" | ✅ |
| ———————————- | ——————————- | ——————— |
SOCIAL_NETWORKING | "GOOGLE_GROUPS" | ✅ |
SOCIAL_NETWORKING | "GOOGLE_PLUS" | ✅ |
| ———————————- | ——————————- | ——————— |
STREAMING_MEDIA | "YOUTUBE" | ✅ |
STREAMING_MEDIA | "GOOGLE_STREAMING" | ✅ |
| ———————————- | ——————————- | ——————— |
SYSTEM_AND_DEVELOPMENT | "GOOGLE_DEVELOPERS" | ✅ |
SYSTEM_AND_DEVELOPMENT | "GOOGLEAPPMAKER" | ✅ |
| ———————————- | ——————————- | ——————— |
WEBMAIL | "GOOGLE_WEBMAIL" | ✅ |
| ———————————- | ——————————- | ——————— |
Create CloudAppControlRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CloudAppControlRule(name: string, args: CloudAppControlRuleArgs, opts?: CustomResourceOptions);@overload
def CloudAppControlRule(resource_name: str,
args: CloudAppControlRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CloudAppControlRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
order: Optional[int] = None,
locations: Optional[CloudAppControlRuleLocationsArgs] = None,
tenancy_profile_ids: Optional[CloudAppControlRuleTenancyProfileIdsArgs] = None,
cbi_profiles: Optional[Sequence[CloudAppControlRuleCbiProfileArgs]] = None,
cloud_app_risk_profiles: Optional[Sequence[CloudAppControlRuleCloudAppRiskProfileArgs]] = None,
departments: Optional[CloudAppControlRuleDepartmentsArgs] = None,
description: Optional[str] = None,
device_groups: Optional[CloudAppControlRuleDeviceGroupsArgs] = None,
device_trust_levels: Optional[Sequence[str]] = None,
devices: Optional[CloudAppControlRuleDevicesArgs] = None,
enforce_time_validity: Optional[bool] = None,
groups: Optional[CloudAppControlRuleGroupsArgs] = None,
labels: Optional[CloudAppControlRuleLabelsArgs] = None,
location_groups: Optional[CloudAppControlRuleLocationGroupsArgs] = None,
actions: Optional[Sequence[str]] = None,
cascading_enabled: Optional[bool] = None,
rank: Optional[int] = None,
name: Optional[str] = None,
size_quota: Optional[int] = None,
state: Optional[str] = None,
applications: Optional[Sequence[str]] = None,
time_quota: Optional[int] = None,
time_windows: Optional[CloudAppControlRuleTimeWindowsArgs] = None,
type: Optional[str] = None,
user_agent_types: Optional[Sequence[str]] = None,
user_risk_score_levels: Optional[Sequence[str]] = None,
users: Optional[CloudAppControlRuleUsersArgs] = None,
validity_end_time: Optional[str] = None,
validity_start_time: Optional[str] = None,
validity_time_zone_id: Optional[str] = None)func NewCloudAppControlRule(ctx *Context, name string, args CloudAppControlRuleArgs, opts ...ResourceOption) (*CloudAppControlRule, error)public CloudAppControlRule(string name, CloudAppControlRuleArgs args, CustomResourceOptions? opts = null)
public CloudAppControlRule(String name, CloudAppControlRuleArgs args)
public CloudAppControlRule(String name, CloudAppControlRuleArgs args, CustomResourceOptions options)
type: zia:CloudAppControlRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CloudAppControlRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cloudAppControlRuleResource = new Zia.CloudAppControlRule("cloudAppControlRuleResource", new()
{
Order = 0,
Locations = new Zia.Inputs.CloudAppControlRuleLocationsArgs
{
Ids = new[]
{
0,
},
},
TenancyProfileIds = new Zia.Inputs.CloudAppControlRuleTenancyProfileIdsArgs
{
Ids = new[]
{
0,
},
},
CbiProfiles = new[]
{
new Zia.Inputs.CloudAppControlRuleCbiProfileArgs
{
Id = "string",
Name = "string",
Url = "string",
},
},
CloudAppRiskProfiles = new[]
{
new Zia.Inputs.CloudAppControlRuleCloudAppRiskProfileArgs
{
Id = 0,
},
},
Departments = new Zia.Inputs.CloudAppControlRuleDepartmentsArgs
{
Ids = new[]
{
0,
},
},
Description = "string",
DeviceGroups = new Zia.Inputs.CloudAppControlRuleDeviceGroupsArgs
{
Ids = new[]
{
0,
},
},
DeviceTrustLevels = new[]
{
"string",
},
Devices = new Zia.Inputs.CloudAppControlRuleDevicesArgs
{
Ids = new[]
{
0,
},
},
EnforceTimeValidity = false,
Groups = new Zia.Inputs.CloudAppControlRuleGroupsArgs
{
Ids = new[]
{
0,
},
},
Labels = new Zia.Inputs.CloudAppControlRuleLabelsArgs
{
Ids = new[]
{
0,
},
},
LocationGroups = new Zia.Inputs.CloudAppControlRuleLocationGroupsArgs
{
Ids = new[]
{
0,
},
},
Actions = new[]
{
"string",
},
CascadingEnabled = false,
Rank = 0,
Name = "string",
SizeQuota = 0,
State = "string",
Applications = new[]
{
"string",
},
TimeQuota = 0,
TimeWindows = new Zia.Inputs.CloudAppControlRuleTimeWindowsArgs
{
Ids = new[]
{
0,
},
},
Type = "string",
UserAgentTypes = new[]
{
"string",
},
UserRiskScoreLevels = new[]
{
"string",
},
Users = new Zia.Inputs.CloudAppControlRuleUsersArgs
{
Ids = new[]
{
0,
},
},
ValidityEndTime = "string",
ValidityStartTime = "string",
ValidityTimeZoneId = "string",
});
example, err := zia.NewCloudAppControlRule(ctx, "cloudAppControlRuleResource", &zia.CloudAppControlRuleArgs{
Order: pulumi.Int(0),
Locations: &zia.CloudAppControlRuleLocationsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
TenancyProfileIds: &zia.CloudAppControlRuleTenancyProfileIdsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
CbiProfiles: zia.CloudAppControlRuleCbiProfileArray{
&zia.CloudAppControlRuleCbiProfileArgs{
Id: pulumi.String("string"),
Name: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
CloudAppRiskProfiles: zia.CloudAppControlRuleCloudAppRiskProfileArray{
&zia.CloudAppControlRuleCloudAppRiskProfileArgs{
Id: pulumi.Int(0),
},
},
Departments: &zia.CloudAppControlRuleDepartmentsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Description: pulumi.String("string"),
DeviceGroups: &zia.CloudAppControlRuleDeviceGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
DeviceTrustLevels: pulumi.StringArray{
pulumi.String("string"),
},
Devices: &zia.CloudAppControlRuleDevicesArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
EnforceTimeValidity: pulumi.Bool(false),
Groups: &zia.CloudAppControlRuleGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Labels: &zia.CloudAppControlRuleLabelsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
LocationGroups: &zia.CloudAppControlRuleLocationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Actions: pulumi.StringArray{
pulumi.String("string"),
},
CascadingEnabled: pulumi.Bool(false),
Rank: pulumi.Int(0),
Name: pulumi.String("string"),
SizeQuota: pulumi.Int(0),
State: pulumi.String("string"),
Applications: pulumi.StringArray{
pulumi.String("string"),
},
TimeQuota: pulumi.Int(0),
TimeWindows: &zia.CloudAppControlRuleTimeWindowsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Type: pulumi.String("string"),
UserAgentTypes: pulumi.StringArray{
pulumi.String("string"),
},
UserRiskScoreLevels: pulumi.StringArray{
pulumi.String("string"),
},
Users: &zia.CloudAppControlRuleUsersArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
ValidityEndTime: pulumi.String("string"),
ValidityStartTime: pulumi.String("string"),
ValidityTimeZoneId: pulumi.String("string"),
})
var cloudAppControlRuleResource = new CloudAppControlRule("cloudAppControlRuleResource", CloudAppControlRuleArgs.builder()
.order(0)
.locations(CloudAppControlRuleLocationsArgs.builder()
.ids(0)
.build())
.tenancyProfileIds(CloudAppControlRuleTenancyProfileIdsArgs.builder()
.ids(0)
.build())
.cbiProfiles(CloudAppControlRuleCbiProfileArgs.builder()
.id("string")
.name("string")
.url("string")
.build())
.cloudAppRiskProfiles(CloudAppControlRuleCloudAppRiskProfileArgs.builder()
.id(0)
.build())
.departments(CloudAppControlRuleDepartmentsArgs.builder()
.ids(0)
.build())
.description("string")
.deviceGroups(CloudAppControlRuleDeviceGroupsArgs.builder()
.ids(0)
.build())
.deviceTrustLevels("string")
.devices(CloudAppControlRuleDevicesArgs.builder()
.ids(0)
.build())
.enforceTimeValidity(false)
.groups(CloudAppControlRuleGroupsArgs.builder()
.ids(0)
.build())
.labels(CloudAppControlRuleLabelsArgs.builder()
.ids(0)
.build())
.locationGroups(CloudAppControlRuleLocationGroupsArgs.builder()
.ids(0)
.build())
.actions("string")
.cascadingEnabled(false)
.rank(0)
.name("string")
.sizeQuota(0)
.state("string")
.applications("string")
.timeQuota(0)
.timeWindows(CloudAppControlRuleTimeWindowsArgs.builder()
.ids(0)
.build())
.type("string")
.userAgentTypes("string")
.userRiskScoreLevels("string")
.users(CloudAppControlRuleUsersArgs.builder()
.ids(0)
.build())
.validityEndTime("string")
.validityStartTime("string")
.validityTimeZoneId("string")
.build());
cloud_app_control_rule_resource = zia.CloudAppControlRule("cloudAppControlRuleResource",
order=0,
locations={
"ids": [0],
},
tenancy_profile_ids={
"ids": [0],
},
cbi_profiles=[{
"id": "string",
"name": "string",
"url": "string",
}],
cloud_app_risk_profiles=[{
"id": 0,
}],
departments={
"ids": [0],
},
description="string",
device_groups={
"ids": [0],
},
device_trust_levels=["string"],
devices={
"ids": [0],
},
enforce_time_validity=False,
groups={
"ids": [0],
},
labels={
"ids": [0],
},
location_groups={
"ids": [0],
},
actions=["string"],
cascading_enabled=False,
rank=0,
name="string",
size_quota=0,
state="string",
applications=["string"],
time_quota=0,
time_windows={
"ids": [0],
},
type="string",
user_agent_types=["string"],
user_risk_score_levels=["string"],
users={
"ids": [0],
},
validity_end_time="string",
validity_start_time="string",
validity_time_zone_id="string")
const cloudAppControlRuleResource = new zia.CloudAppControlRule("cloudAppControlRuleResource", {
order: 0,
locations: {
ids: [0],
},
tenancyProfileIds: {
ids: [0],
},
cbiProfiles: [{
id: "string",
name: "string",
url: "string",
}],
cloudAppRiskProfiles: [{
id: 0,
}],
departments: {
ids: [0],
},
description: "string",
deviceGroups: {
ids: [0],
},
deviceTrustLevels: ["string"],
devices: {
ids: [0],
},
enforceTimeValidity: false,
groups: {
ids: [0],
},
labels: {
ids: [0],
},
locationGroups: {
ids: [0],
},
actions: ["string"],
cascadingEnabled: false,
rank: 0,
name: "string",
sizeQuota: 0,
state: "string",
applications: ["string"],
timeQuota: 0,
timeWindows: {
ids: [0],
},
type: "string",
userAgentTypes: ["string"],
userRiskScoreLevels: ["string"],
users: {
ids: [0],
},
validityEndTime: "string",
validityStartTime: "string",
validityTimeZoneId: "string",
});
type: zia:CloudAppControlRule
properties:
actions:
- string
applications:
- string
cascadingEnabled: false
cbiProfiles:
- id: string
name: string
url: string
cloudAppRiskProfiles:
- id: 0
departments:
ids:
- 0
description: string
deviceGroups:
ids:
- 0
deviceTrustLevels:
- string
devices:
ids:
- 0
enforceTimeValidity: false
groups:
ids:
- 0
labels:
ids:
- 0
locationGroups:
ids:
- 0
locations:
ids:
- 0
name: string
order: 0
rank: 0
sizeQuota: 0
state: string
tenancyProfileIds:
ids:
- 0
timeQuota: 0
timeWindows:
ids:
- 0
type: string
userAgentTypes:
- string
userRiskScoreLevels:
- string
users:
ids:
- 0
validityEndTime: string
validityStartTime: string
validityTimeZoneId: string
CloudAppControlRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CloudAppControlRule resource accepts the following input properties:
- Order int
- The order of execution for the forwarding rule order
- Actions List<string>
- Actions allowed for the specified type.
- Applications List<string>
- List of cloud applications for which rule will be applied
- Cascading
Enabled bool - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- Cbi
Profiles List<zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Cbi Profile> - Cloud
App List<zscaler.Risk Profiles Pulumi Package. Zia. Inputs. Cloud App Control Rule Cloud App Risk Profile> - The DLP server, using ICAP, to which the transaction content is forwarded.
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Departments - Name-ID pairs of departments for which rule must be applied
- Description string
- Additional information about the forwarding rule
- Device
Groups zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust List<string>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Devices - Name-ID pairs of devices for which rule must be applied.
- Enforce
Time boolValidity - Enforce a set a validity time period for the URL Filtering rule.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Groups - Name-ID pairs of groups for which rule must be applied
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Labels - The URL Filtering rule's label.
- Location
Groups zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Location Groups - Name-ID pairs of the location groups to which the rule must be applied.
- Locations
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Locations - Name-ID pairs of locations for which rule must be applied
- Name string
- The name of the forwarding rule
- Rank int
- Admin rank assigned to the forwarding rule
- Size
Quota int - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Tenancy
Profile zscaler.Ids Pulumi Package. Zia. Inputs. Cloud App Control Rule Tenancy Profile Ids - Name-ID pairs of groups for which rule must be applied
- Time
Quota int - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- Time
Windows zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Time Windows - Name-ID pairs of time interval during which rule must be enforced.
- Type string
- Supported App Control Types
- User
Agent List<string>Types - Supported User Agent Types
- User
Risk List<string>Score Levels - Users
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Users - Name-ID pairs of users for which rule must be applied
- Validity
End stringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- Validity
Start stringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- Validity
Time stringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- Order int
- The order of execution for the forwarding rule order
- Actions []string
- Actions allowed for the specified type.
- Applications []string
- List of cloud applications for which rule will be applied
- Cascading
Enabled bool - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- Cbi
Profiles []CloudApp Control Rule Cbi Profile Args - Cloud
App []CloudRisk Profiles App Control Rule Cloud App Risk Profile Args - The DLP server, using ICAP, to which the transaction content is forwarded.
- Departments
Cloud
App Control Rule Departments Args - Name-ID pairs of departments for which rule must be applied
- Description string
- Additional information about the forwarding rule
- Device
Groups CloudApp Control Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust []stringLevels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
Cloud
App Control Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- Enforce
Time boolValidity - Enforce a set a validity time period for the URL Filtering rule.
- Groups
Cloud
App Control Rule Groups Args - Name-ID pairs of groups for which rule must be applied
- Labels
Cloud
App Control Rule Labels Args - The URL Filtering rule's label.
- Location
Groups CloudApp Control Rule Location Groups Args - Name-ID pairs of the location groups to which the rule must be applied.
- Locations
Cloud
App Control Rule Locations Args - Name-ID pairs of locations for which rule must be applied
- Name string
- The name of the forwarding rule
- Rank int
- Admin rank assigned to the forwarding rule
- Size
Quota int - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Tenancy
Profile CloudIds App Control Rule Tenancy Profile Ids Args - Name-ID pairs of groups for which rule must be applied
- Time
Quota int - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- Time
Windows CloudApp Control Rule Time Windows Args - Name-ID pairs of time interval during which rule must be enforced.
- Type string
- Supported App Control Types
- User
Agent []stringTypes - Supported User Agent Types
- User
Risk []stringScore Levels - Users
Cloud
App Control Rule Users Args - Name-ID pairs of users for which rule must be applied
- Validity
End stringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- Validity
Start stringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- Validity
Time stringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- order Integer
- The order of execution for the forwarding rule order
- actions List<String>
- Actions allowed for the specified type.
- applications List<String>
- List of cloud applications for which rule will be applied
- cascading
Enabled Boolean - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi
Profiles List<CloudApp Control Rule Cbi Profile> - cloud
App List<CloudRisk Profiles App Control Rule Cloud App Risk Profile> - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments
Cloud
App Control Rule Departments - Name-ID pairs of departments for which rule must be applied
- description String
- Additional information about the forwarding rule
- device
Groups CloudApp Control Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Cloud
App Control Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enforce
Time BooleanValidity - Enforce a set a validity time period for the URL Filtering rule.
- groups
Cloud
App Control Rule Groups - Name-ID pairs of groups for which rule must be applied
- labels
Cloud
App Control Rule Labels - The URL Filtering rule's label.
- location
Groups CloudApp Control Rule Location Groups - Name-ID pairs of the location groups to which the rule must be applied.
- locations
Cloud
App Control Rule Locations - Name-ID pairs of locations for which rule must be applied
- name String
- The name of the forwarding rule
- rank Integer
- Admin rank assigned to the forwarding rule
- size
Quota Integer - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy
Profile CloudIds App Control Rule Tenancy Profile Ids - Name-ID pairs of groups for which rule must be applied
- time
Quota Integer - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time
Windows CloudApp Control Rule Time Windows - Name-ID pairs of time interval during which rule must be enforced.
- type String
- Supported App Control Types
- user
Agent List<String>Types - Supported User Agent Types
- user
Risk List<String>Score Levels - users
Cloud
App Control Rule Users - Name-ID pairs of users for which rule must be applied
- validity
End StringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity
Start StringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity
Time StringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- order number
- The order of execution for the forwarding rule order
- actions string[]
- Actions allowed for the specified type.
- applications string[]
- List of cloud applications for which rule will be applied
- cascading
Enabled boolean - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi
Profiles CloudApp Control Rule Cbi Profile[] - cloud
App CloudRisk Profiles App Control Rule Cloud App Risk Profile[] - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments
Cloud
App Control Rule Departments - Name-ID pairs of departments for which rule must be applied
- description string
- Additional information about the forwarding rule
- device
Groups CloudApp Control Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust string[]Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Cloud
App Control Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enforce
Time booleanValidity - Enforce a set a validity time period for the URL Filtering rule.
- groups
Cloud
App Control Rule Groups - Name-ID pairs of groups for which rule must be applied
- labels
Cloud
App Control Rule Labels - The URL Filtering rule's label.
- location
Groups CloudApp Control Rule Location Groups - Name-ID pairs of the location groups to which the rule must be applied.
- locations
Cloud
App Control Rule Locations - Name-ID pairs of locations for which rule must be applied
- name string
- The name of the forwarding rule
- rank number
- Admin rank assigned to the forwarding rule
- size
Quota number - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy
Profile CloudIds App Control Rule Tenancy Profile Ids - Name-ID pairs of groups for which rule must be applied
- time
Quota number - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time
Windows CloudApp Control Rule Time Windows - Name-ID pairs of time interval during which rule must be enforced.
- type string
- Supported App Control Types
- user
Agent string[]Types - Supported User Agent Types
- user
Risk string[]Score Levels - users
Cloud
App Control Rule Users - Name-ID pairs of users for which rule must be applied
- validity
End stringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity
Start stringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity
Time stringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- order int
- The order of execution for the forwarding rule order
- actions Sequence[str]
- Actions allowed for the specified type.
- applications Sequence[str]
- List of cloud applications for which rule will be applied
- cascading_
enabled bool - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi_
profiles Sequence[CloudApp Control Rule Cbi Profile Args] - cloud_
app_ Sequence[Cloudrisk_ profiles App Control Rule Cloud App Risk Profile Args] - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments
Cloud
App Control Rule Departments Args - Name-ID pairs of departments for which rule must be applied
- description str
- Additional information about the forwarding rule
- device_
groups CloudApp Control Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- device_
trust_ Sequence[str]levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Cloud
App Control Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- enforce_
time_ boolvalidity - Enforce a set a validity time period for the URL Filtering rule.
- groups
Cloud
App Control Rule Groups Args - Name-ID pairs of groups for which rule must be applied
- labels
Cloud
App Control Rule Labels Args - The URL Filtering rule's label.
- location_
groups CloudApp Control Rule Location Groups Args - Name-ID pairs of the location groups to which the rule must be applied.
- locations
Cloud
App Control Rule Locations Args - Name-ID pairs of locations for which rule must be applied
- name str
- The name of the forwarding rule
- rank int
- Admin rank assigned to the forwarding rule
- size_
quota int - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state str
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy_
profile_ Cloudids App Control Rule Tenancy Profile Ids Args - Name-ID pairs of groups for which rule must be applied
- time_
quota int - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time_
windows CloudApp Control Rule Time Windows Args - Name-ID pairs of time interval during which rule must be enforced.
- type str
- Supported App Control Types
- user_
agent_ Sequence[str]types - Supported User Agent Types
- user_
risk_ Sequence[str]score_ levels - users
Cloud
App Control Rule Users Args - Name-ID pairs of users for which rule must be applied
- validity_
end_ strtime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity_
start_ strtime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity_
time_ strzone_ id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- order Number
- The order of execution for the forwarding rule order
- actions List<String>
- Actions allowed for the specified type.
- applications List<String>
- List of cloud applications for which rule will be applied
- cascading
Enabled Boolean - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi
Profiles List<Property Map> - cloud
App List<Property Map>Risk Profiles - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments Property Map
- Name-ID pairs of departments for which rule must be applied
- description String
- Additional information about the forwarding rule
- device
Groups Property Map - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices Property Map
- Name-ID pairs of devices for which rule must be applied.
- enforce
Time BooleanValidity - Enforce a set a validity time period for the URL Filtering rule.
- groups Property Map
- Name-ID pairs of groups for which rule must be applied
- labels Property Map
- The URL Filtering rule's label.
- location
Groups Property Map - Name-ID pairs of the location groups to which the rule must be applied.
- locations Property Map
- Name-ID pairs of locations for which rule must be applied
- name String
- The name of the forwarding rule
- rank Number
- Admin rank assigned to the forwarding rule
- size
Quota Number - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy
Profile Property MapIds - Name-ID pairs of groups for which rule must be applied
- time
Quota Number - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time
Windows Property Map - Name-ID pairs of time interval during which rule must be enforced.
- type String
- Supported App Control Types
- user
Agent List<String>Types - Supported User Agent Types
- user
Risk List<String>Score Levels - users Property Map
- Name-ID pairs of users for which rule must be applied
- validity
End StringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity
Start StringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity
Time StringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
Outputs
All input properties are implicitly available as output properties. Additionally, the CloudAppControlRule resource produces the following output properties:
Look up Existing CloudAppControlRule Resource
Get an existing CloudAppControlRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CloudAppControlRuleState, opts?: CustomResourceOptions): CloudAppControlRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[str]] = None,
applications: Optional[Sequence[str]] = None,
cascading_enabled: Optional[bool] = None,
cbi_profiles: Optional[Sequence[CloudAppControlRuleCbiProfileArgs]] = None,
cloud_app_risk_profiles: Optional[Sequence[CloudAppControlRuleCloudAppRiskProfileArgs]] = None,
departments: Optional[CloudAppControlRuleDepartmentsArgs] = None,
description: Optional[str] = None,
device_groups: Optional[CloudAppControlRuleDeviceGroupsArgs] = None,
device_trust_levels: Optional[Sequence[str]] = None,
devices: Optional[CloudAppControlRuleDevicesArgs] = None,
enforce_time_validity: Optional[bool] = None,
groups: Optional[CloudAppControlRuleGroupsArgs] = None,
labels: Optional[CloudAppControlRuleLabelsArgs] = None,
location_groups: Optional[CloudAppControlRuleLocationGroupsArgs] = None,
locations: Optional[CloudAppControlRuleLocationsArgs] = None,
name: Optional[str] = None,
order: Optional[int] = None,
rank: Optional[int] = None,
rule_id: Optional[int] = None,
size_quota: Optional[int] = None,
state: Optional[str] = None,
tenancy_profile_ids: Optional[CloudAppControlRuleTenancyProfileIdsArgs] = None,
time_quota: Optional[int] = None,
time_windows: Optional[CloudAppControlRuleTimeWindowsArgs] = None,
type: Optional[str] = None,
user_agent_types: Optional[Sequence[str]] = None,
user_risk_score_levels: Optional[Sequence[str]] = None,
users: Optional[CloudAppControlRuleUsersArgs] = None,
validity_end_time: Optional[str] = None,
validity_start_time: Optional[str] = None,
validity_time_zone_id: Optional[str] = None) -> CloudAppControlRulefunc GetCloudAppControlRule(ctx *Context, name string, id IDInput, state *CloudAppControlRuleState, opts ...ResourceOption) (*CloudAppControlRule, error)public static CloudAppControlRule Get(string name, Input<string> id, CloudAppControlRuleState? state, CustomResourceOptions? opts = null)public static CloudAppControlRule get(String name, Output<String> id, CloudAppControlRuleState state, CustomResourceOptions options)resources: _: type: zia:CloudAppControlRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions List<string>
- Actions allowed for the specified type.
- Applications List<string>
- List of cloud applications for which rule will be applied
- Cascading
Enabled bool - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- Cbi
Profiles List<zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Cbi Profile> - Cloud
App List<zscaler.Risk Profiles Pulumi Package. Zia. Inputs. Cloud App Control Rule Cloud App Risk Profile> - The DLP server, using ICAP, to which the transaction content is forwarded.
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Departments - Name-ID pairs of departments for which rule must be applied
- Description string
- Additional information about the forwarding rule
- Device
Groups zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust List<string>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Devices - Name-ID pairs of devices for which rule must be applied.
- Enforce
Time boolValidity - Enforce a set a validity time period for the URL Filtering rule.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Groups - Name-ID pairs of groups for which rule must be applied
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Labels - The URL Filtering rule's label.
- Location
Groups zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Location Groups - Name-ID pairs of the location groups to which the rule must be applied.
- Locations
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Locations - Name-ID pairs of locations for which rule must be applied
- Name string
- The name of the forwarding rule
- Order int
- The order of execution for the forwarding rule order
- Rank int
- Admin rank assigned to the forwarding rule
- Rule
Id int - A unique identifier assigned to the forwarding rule
- Size
Quota int - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Tenancy
Profile zscaler.Ids Pulumi Package. Zia. Inputs. Cloud App Control Rule Tenancy Profile Ids - Name-ID pairs of groups for which rule must be applied
- Time
Quota int - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- Time
Windows zscaler.Pulumi Package. Zia. Inputs. Cloud App Control Rule Time Windows - Name-ID pairs of time interval during which rule must be enforced.
- Type string
- Supported App Control Types
- User
Agent List<string>Types - Supported User Agent Types
- User
Risk List<string>Score Levels - Users
zscaler.
Pulumi Package. Zia. Inputs. Cloud App Control Rule Users - Name-ID pairs of users for which rule must be applied
- Validity
End stringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- Validity
Start stringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- Validity
Time stringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- Actions []string
- Actions allowed for the specified type.
- Applications []string
- List of cloud applications for which rule will be applied
- Cascading
Enabled bool - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- Cbi
Profiles []CloudApp Control Rule Cbi Profile Args - Cloud
App []CloudRisk Profiles App Control Rule Cloud App Risk Profile Args - The DLP server, using ICAP, to which the transaction content is forwarded.
- Departments
Cloud
App Control Rule Departments Args - Name-ID pairs of departments for which rule must be applied
- Description string
- Additional information about the forwarding rule
- Device
Groups CloudApp Control Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust []stringLevels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
Cloud
App Control Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- Enforce
Time boolValidity - Enforce a set a validity time period for the URL Filtering rule.
- Groups
Cloud
App Control Rule Groups Args - Name-ID pairs of groups for which rule must be applied
- Labels
Cloud
App Control Rule Labels Args - The URL Filtering rule's label.
- Location
Groups CloudApp Control Rule Location Groups Args - Name-ID pairs of the location groups to which the rule must be applied.
- Locations
Cloud
App Control Rule Locations Args - Name-ID pairs of locations for which rule must be applied
- Name string
- The name of the forwarding rule
- Order int
- The order of execution for the forwarding rule order
- Rank int
- Admin rank assigned to the forwarding rule
- Rule
Id int - A unique identifier assigned to the forwarding rule
- Size
Quota int - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Tenancy
Profile CloudIds App Control Rule Tenancy Profile Ids Args - Name-ID pairs of groups for which rule must be applied
- Time
Quota int - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- Time
Windows CloudApp Control Rule Time Windows Args - Name-ID pairs of time interval during which rule must be enforced.
- Type string
- Supported App Control Types
- User
Agent []stringTypes - Supported User Agent Types
- User
Risk []stringScore Levels - Users
Cloud
App Control Rule Users Args - Name-ID pairs of users for which rule must be applied
- Validity
End stringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- Validity
Start stringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- Validity
Time stringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- actions List<String>
- Actions allowed for the specified type.
- applications List<String>
- List of cloud applications for which rule will be applied
- cascading
Enabled Boolean - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi
Profiles List<CloudApp Control Rule Cbi Profile> - cloud
App List<CloudRisk Profiles App Control Rule Cloud App Risk Profile> - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments
Cloud
App Control Rule Departments - Name-ID pairs of departments for which rule must be applied
- description String
- Additional information about the forwarding rule
- device
Groups CloudApp Control Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Cloud
App Control Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enforce
Time BooleanValidity - Enforce a set a validity time period for the URL Filtering rule.
- groups
Cloud
App Control Rule Groups - Name-ID pairs of groups for which rule must be applied
- labels
Cloud
App Control Rule Labels - The URL Filtering rule's label.
- location
Groups CloudApp Control Rule Location Groups - Name-ID pairs of the location groups to which the rule must be applied.
- locations
Cloud
App Control Rule Locations - Name-ID pairs of locations for which rule must be applied
- name String
- The name of the forwarding rule
- order Integer
- The order of execution for the forwarding rule order
- rank Integer
- Admin rank assigned to the forwarding rule
- rule
Id Integer - A unique identifier assigned to the forwarding rule
- size
Quota Integer - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy
Profile CloudIds App Control Rule Tenancy Profile Ids - Name-ID pairs of groups for which rule must be applied
- time
Quota Integer - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time
Windows CloudApp Control Rule Time Windows - Name-ID pairs of time interval during which rule must be enforced.
- type String
- Supported App Control Types
- user
Agent List<String>Types - Supported User Agent Types
- user
Risk List<String>Score Levels - users
Cloud
App Control Rule Users - Name-ID pairs of users for which rule must be applied
- validity
End StringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity
Start StringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity
Time StringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- actions string[]
- Actions allowed for the specified type.
- applications string[]
- List of cloud applications for which rule will be applied
- cascading
Enabled boolean - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi
Profiles CloudApp Control Rule Cbi Profile[] - cloud
App CloudRisk Profiles App Control Rule Cloud App Risk Profile[] - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments
Cloud
App Control Rule Departments - Name-ID pairs of departments for which rule must be applied
- description string
- Additional information about the forwarding rule
- device
Groups CloudApp Control Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust string[]Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Cloud
App Control Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enforce
Time booleanValidity - Enforce a set a validity time period for the URL Filtering rule.
- groups
Cloud
App Control Rule Groups - Name-ID pairs of groups for which rule must be applied
- labels
Cloud
App Control Rule Labels - The URL Filtering rule's label.
- location
Groups CloudApp Control Rule Location Groups - Name-ID pairs of the location groups to which the rule must be applied.
- locations
Cloud
App Control Rule Locations - Name-ID pairs of locations for which rule must be applied
- name string
- The name of the forwarding rule
- order number
- The order of execution for the forwarding rule order
- rank number
- Admin rank assigned to the forwarding rule
- rule
Id number - A unique identifier assigned to the forwarding rule
- size
Quota number - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy
Profile CloudIds App Control Rule Tenancy Profile Ids - Name-ID pairs of groups for which rule must be applied
- time
Quota number - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time
Windows CloudApp Control Rule Time Windows - Name-ID pairs of time interval during which rule must be enforced.
- type string
- Supported App Control Types
- user
Agent string[]Types - Supported User Agent Types
- user
Risk string[]Score Levels - users
Cloud
App Control Rule Users - Name-ID pairs of users for which rule must be applied
- validity
End stringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity
Start stringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity
Time stringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- actions Sequence[str]
- Actions allowed for the specified type.
- applications Sequence[str]
- List of cloud applications for which rule will be applied
- cascading_
enabled bool - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi_
profiles Sequence[CloudApp Control Rule Cbi Profile Args] - cloud_
app_ Sequence[Cloudrisk_ profiles App Control Rule Cloud App Risk Profile Args] - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments
Cloud
App Control Rule Departments Args - Name-ID pairs of departments for which rule must be applied
- description str
- Additional information about the forwarding rule
- device_
groups CloudApp Control Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- device_
trust_ Sequence[str]levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Cloud
App Control Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- enforce_
time_ boolvalidity - Enforce a set a validity time period for the URL Filtering rule.
- groups
Cloud
App Control Rule Groups Args - Name-ID pairs of groups for which rule must be applied
- labels
Cloud
App Control Rule Labels Args - The URL Filtering rule's label.
- location_
groups CloudApp Control Rule Location Groups Args - Name-ID pairs of the location groups to which the rule must be applied.
- locations
Cloud
App Control Rule Locations Args - Name-ID pairs of locations for which rule must be applied
- name str
- The name of the forwarding rule
- order int
- The order of execution for the forwarding rule order
- rank int
- Admin rank assigned to the forwarding rule
- rule_
id int - A unique identifier assigned to the forwarding rule
- size_
quota int - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state str
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy_
profile_ Cloudids App Control Rule Tenancy Profile Ids Args - Name-ID pairs of groups for which rule must be applied
- time_
quota int - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time_
windows CloudApp Control Rule Time Windows Args - Name-ID pairs of time interval during which rule must be enforced.
- type str
- Supported App Control Types
- user_
agent_ Sequence[str]types - Supported User Agent Types
- user_
risk_ Sequence[str]score_ levels - users
Cloud
App Control Rule Users Args - Name-ID pairs of users for which rule must be applied
- validity_
end_ strtime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity_
start_ strtime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity_
time_ strzone_ id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
- actions List<String>
- Actions allowed for the specified type.
- applications List<String>
- List of cloud applications for which rule will be applied
- cascading
Enabled Boolean - nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy.
- cbi
Profiles List<Property Map> - cloud
App List<Property Map>Risk Profiles - The DLP server, using ICAP, to which the transaction content is forwarded.
- departments Property Map
- Name-ID pairs of departments for which rule must be applied
- description String
- Additional information about the forwarding rule
- device
Groups Property Map - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices Property Map
- Name-ID pairs of devices for which rule must be applied.
- enforce
Time BooleanValidity - Enforce a set a validity time period for the URL Filtering rule.
- groups Property Map
- Name-ID pairs of groups for which rule must be applied
- labels Property Map
- The URL Filtering rule's label.
- location
Groups Property Map - Name-ID pairs of the location groups to which the rule must be applied.
- locations Property Map
- Name-ID pairs of locations for which rule must be applied
- name String
- The name of the forwarding rule
- order Number
- The order of execution for the forwarding rule order
- rank Number
- Admin rank assigned to the forwarding rule
- rule
Id Number - A unique identifier assigned to the forwarding rule
- size
Quota Number - Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- tenancy
Profile Property MapIds - Name-ID pairs of groups for which rule must be applied
- time
Quota Number - Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
- time
Windows Property Map - Name-ID pairs of time interval during which rule must be enforced.
- type String
- Supported App Control Types
- user
Agent List<String>Types - Supported User Agent Types
- user
Risk List<String>Score Levels - users Property Map
- Name-ID pairs of users for which rule must be applied
- validity
End StringTime - If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
- validity
Start StringTime - If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
- validity
Time StringZone Id - If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone.
Supporting Types
CloudAppControlRuleCbiProfile, CloudAppControlRuleCbiProfileArgs
CloudAppControlRuleCloudAppRiskProfile, CloudAppControlRuleCloudAppRiskProfileArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CloudAppControlRuleDepartments, CloudAppControlRuleDepartmentsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleDeviceGroups, CloudAppControlRuleDeviceGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleDevices, CloudAppControlRuleDevicesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleGroups, CloudAppControlRuleGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleLabels, CloudAppControlRuleLabelsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleLocationGroups, CloudAppControlRuleLocationGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleLocations, CloudAppControlRuleLocationsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleTenancyProfileIds, CloudAppControlRuleTenancyProfileIdsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleTimeWindows, CloudAppControlRuleTimeWindowsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CloudAppControlRuleUsers, CloudAppControlRuleUsersArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
Policy access rule can be imported by using <RULE_TYPE:RULE_ID> or <RULE_TYPE:RULE_NAME> as the import ID.
For example:
$ pulumi import zia:index/cloudAppControlRule:CloudAppControlRule this <rule_type:rule_id>
$ pulumi import zia:index/cloudAppControlRule:CloudAppControlRule this <"rule_type:rule_name">
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
ziaTerraform Provider.