1. Docs
  2. Reference
  3. API
  4. Cloudflare
  5. AccessPolicy

AccessPolicy

Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

Create a AccessPolicy Resource

new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
def AccessPolicy(resource_name, opts=None, application_id=None, decision=None, excludes=None, includes=None, name=None, precedence=None, requires=None, zone_id=None, __props__=None);
func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

AccessPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The AccessPolicy resource accepts the following input properties:

ApplicationId string

The ID of the application the policy is associated with.

Decision string

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

Includes List<AccessPolicyIncludeArgs>

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Application.

ZoneId string

The DNS zone to which the access rule should be added.

Excludes List<AccessPolicyExcludeArgs>

A series of access conditions, see Access Groups.

Precedence int

The unique precedence for policies on a single application. Integer.

Requires List<AccessPolicyRequireArgs>

A series of access conditions, see Access Groups.

ApplicationId string

The ID of the application the policy is associated with.

Decision string

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

Includes []AccessPolicyInclude

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Application.

ZoneId string

The DNS zone to which the access rule should be added.

Excludes []AccessPolicyExclude

A series of access conditions, see Access Groups.

Precedence int

The unique precedence for policies on a single application. Integer.

Requires []AccessPolicyRequire

A series of access conditions, see Access Groups.

applicationId string

The ID of the application the policy is associated with.

decision string

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

includes AccessPolicyInclude[]

A series of access conditions, see Access Groups.

name string

Friendly name of the Access Application.

zoneId string

The DNS zone to which the access rule should be added.

excludes AccessPolicyExclude[]

A series of access conditions, see Access Groups.

precedence number

The unique precedence for policies on a single application. Integer.

requires AccessPolicyRequire[]

A series of access conditions, see Access Groups.

application_id str

The ID of the application the policy is associated with.

decision str

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

includes List[AccessPolicyInclude]

A series of access conditions, see Access Groups.

name str

Friendly name of the Access Application.

zone_id str

The DNS zone to which the access rule should be added.

excludes List[AccessPolicyExclude]

A series of access conditions, see Access Groups.

precedence float

The unique precedence for policies on a single application. Integer.

requires List[AccessPolicyRequire]

A series of access conditions, see Access Groups.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing AccessPolicy Resource

Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy
static get(resource_name, id, opts=None, application_id=None, decision=None, excludes=None, includes=None, name=None, precedence=None, requires=None, zone_id=None, __props__=None);
func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)
public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

ApplicationId string

The ID of the application the policy is associated with.

Decision string

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

Excludes List<AccessPolicyExcludeArgs>

A series of access conditions, see Access Groups.

Includes List<AccessPolicyIncludeArgs>

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Application.

Precedence int

The unique precedence for policies on a single application. Integer.

Requires List<AccessPolicyRequireArgs>

A series of access conditions, see Access Groups.

ZoneId string

The DNS zone to which the access rule should be added.

ApplicationId string

The ID of the application the policy is associated with.

Decision string

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

Excludes []AccessPolicyExclude

A series of access conditions, see Access Groups.

Includes []AccessPolicyInclude

A series of access conditions, see Access Groups.

Name string

Friendly name of the Access Application.

Precedence int

The unique precedence for policies on a single application. Integer.

Requires []AccessPolicyRequire

A series of access conditions, see Access Groups.

ZoneId string

The DNS zone to which the access rule should be added.

applicationId string

The ID of the application the policy is associated with.

decision string

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

excludes AccessPolicyExclude[]

A series of access conditions, see Access Groups.

includes AccessPolicyInclude[]

A series of access conditions, see Access Groups.

name string

Friendly name of the Access Application.

precedence number

The unique precedence for policies on a single application. Integer.

requires AccessPolicyRequire[]

A series of access conditions, see Access Groups.

zoneId string

The DNS zone to which the access rule should be added.

application_id str

The ID of the application the policy is associated with.

decision str

Defines the action Access will take if the policy matches the user. Allowed values: allow, deny, non_identity, bypass

excludes List[AccessPolicyExclude]

A series of access conditions, see Access Groups.

includes List[AccessPolicyInclude]

A series of access conditions, see Access Groups.

name str

Friendly name of the Access Application.

precedence float

The unique precedence for policies on a single application. Integer.

requires List[AccessPolicyRequire]

A series of access conditions, see Access Groups.

zone_id str

The DNS zone to which the access rule should be added.

Supporting Types

AccessPolicyExclude

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AnyValidServiceToken bool
Azures List<AccessPolicyExcludeAzureArgs>
Certificate bool
CommonName string
EmailDomains List<string>
Emails List<string>
Everyone bool
Githubs List<AccessPolicyExcludeGithubArgs>
Groups List<string>
Gsuites List<AccessPolicyExcludeGsuiteArgs>
Ips List<string>
Oktas List<AccessPolicyExcludeOktaArgs>
Samls List<AccessPolicyExcludeSamlArgs>
ServiceTokens List<string>
AnyValidServiceToken bool
Azures []AccessPolicyExcludeAzure
Certificate bool
CommonName string
EmailDomains []string
Emails []string
Everyone bool
Githubs []AccessPolicyExcludeGithub
Groups []string
Gsuites []AccessPolicyExcludeGsuite
Ips []string
Oktas []AccessPolicyExcludeOkta
Samls []AccessPolicyExcludeSaml
ServiceTokens []string
anyValidServiceToken boolean
azures AccessPolicyExcludeAzure[]
certificate boolean
commonName string
emailDomains string[]
emails string[]
everyone boolean
githubs AccessPolicyExcludeGithub[]
groups string[]
gsuites AccessPolicyExcludeGsuite[]
ips string[]
oktas AccessPolicyExcludeOkta[]
samls AccessPolicyExcludeSaml[]
serviceTokens string[]
anyValidServiceToken bool
azures List[AccessPolicyExcludeAzure]
certificate bool
commonName str
emailDomains List[str]
emails List[str]
everyone bool
githubs List[AccessPolicyExcludeGithub]
groups List[str]
gsuites List[AccessPolicyExcludeGsuite]
ips List[str]
oktas List[AccessPolicyExcludeOkta]
samls List[AccessPolicyExcludeSaml]
serviceTokens List[str]

AccessPolicyExcludeAzure

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Id string
IdentityProviderId string
Id string
IdentityProviderId string
id string
identityProviderId string
id str
identityProviderId str

AccessPolicyExcludeGithub

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

IdentityProviderId string
Name string

Friendly name of the Access Application.

IdentityProviderId string
Name string

Friendly name of the Access Application.

identityProviderId string
name string

Friendly name of the Access Application.

identityProviderId str
name str

Friendly name of the Access Application.

AccessPolicyExcludeGsuite

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Email string
IdentityProviderId string
Email string
IdentityProviderId string
email string
identityProviderId string
email str
identityProviderId str

AccessPolicyExcludeOkta

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

IdentityProviderId string
Name string

Friendly name of the Access Application.

IdentityProviderId string
Name string

Friendly name of the Access Application.

identityProviderId string
name string

Friendly name of the Access Application.

identityProviderId str
name str

Friendly name of the Access Application.

AccessPolicyExcludeSaml

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AttributeName string
AttributeValue string
IdentityProviderId string
AttributeName string
AttributeValue string
IdentityProviderId string
attributeName string
attributeValue string
identityProviderId string
attributeName str
attributeValue str
identityProviderId str

AccessPolicyInclude

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AnyValidServiceToken bool
Azures List<AccessPolicyIncludeAzureArgs>
Certificate bool
CommonName string
EmailDomains List<string>
Emails List<string>
Everyone bool
Githubs List<AccessPolicyIncludeGithubArgs>
Groups List<string>
Gsuites List<AccessPolicyIncludeGsuiteArgs>
Ips List<string>
Oktas List<AccessPolicyIncludeOktaArgs>
Samls List<AccessPolicyIncludeSamlArgs>
ServiceTokens List<string>
AnyValidServiceToken bool
Azures []AccessPolicyIncludeAzure
Certificate bool
CommonName string
EmailDomains []string
Emails []string
Everyone bool
Githubs []AccessPolicyIncludeGithub
Groups []string
Gsuites []AccessPolicyIncludeGsuite
Ips []string
Oktas []AccessPolicyIncludeOkta
Samls []AccessPolicyIncludeSaml
ServiceTokens []string
anyValidServiceToken boolean
azures AccessPolicyIncludeAzure[]
certificate boolean
commonName string
emailDomains string[]
emails string[]
everyone boolean
githubs AccessPolicyIncludeGithub[]
groups string[]
gsuites AccessPolicyIncludeGsuite[]
ips string[]
oktas AccessPolicyIncludeOkta[]
samls AccessPolicyIncludeSaml[]
serviceTokens string[]
anyValidServiceToken bool
azures List[AccessPolicyIncludeAzure]
certificate bool
commonName str
emailDomains List[str]
emails List[str]
everyone bool
githubs List[AccessPolicyIncludeGithub]
groups List[str]
gsuites List[AccessPolicyIncludeGsuite]
ips List[str]
oktas List[AccessPolicyIncludeOkta]
samls List[AccessPolicyIncludeSaml]
serviceTokens List[str]

AccessPolicyIncludeAzure

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Id string
IdentityProviderId string
Id string
IdentityProviderId string
id string
identityProviderId string
id str
identityProviderId str

AccessPolicyIncludeGithub

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

IdentityProviderId string
Name string

Friendly name of the Access Application.

IdentityProviderId string
Name string

Friendly name of the Access Application.

identityProviderId string
name string

Friendly name of the Access Application.

identityProviderId str
name str

Friendly name of the Access Application.

AccessPolicyIncludeGsuite

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Email string
IdentityProviderId string
Email string
IdentityProviderId string
email string
identityProviderId string
email str
identityProviderId str

AccessPolicyIncludeOkta

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

IdentityProviderId string
Name string

Friendly name of the Access Application.

IdentityProviderId string
Name string

Friendly name of the Access Application.

identityProviderId string
name string

Friendly name of the Access Application.

identityProviderId str
name str

Friendly name of the Access Application.

AccessPolicyIncludeSaml

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AttributeName string
AttributeValue string
IdentityProviderId string
AttributeName string
AttributeValue string
IdentityProviderId string
attributeName string
attributeValue string
identityProviderId string
attributeName str
attributeValue str
identityProviderId str

AccessPolicyRequire

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AnyValidServiceToken bool
Azures List<AccessPolicyRequireAzureArgs>
Certificate bool
CommonName string
EmailDomains List<string>
Emails List<string>
Everyone bool
Githubs List<AccessPolicyRequireGithubArgs>
Groups List<string>
Gsuites List<AccessPolicyRequireGsuiteArgs>
Ips List<string>
Oktas List<AccessPolicyRequireOktaArgs>
Samls List<AccessPolicyRequireSamlArgs>
ServiceTokens List<string>
AnyValidServiceToken bool
Azures []AccessPolicyRequireAzure
Certificate bool
CommonName string
EmailDomains []string
Emails []string
Everyone bool
Githubs []AccessPolicyRequireGithub
Groups []string
Gsuites []AccessPolicyRequireGsuite
Ips []string
Oktas []AccessPolicyRequireOkta
Samls []AccessPolicyRequireSaml
ServiceTokens []string
anyValidServiceToken boolean
azures AccessPolicyRequireAzure[]
certificate boolean
commonName string
emailDomains string[]
emails string[]
everyone boolean
githubs AccessPolicyRequireGithub[]
groups string[]
gsuites AccessPolicyRequireGsuite[]
ips string[]
oktas AccessPolicyRequireOkta[]
samls AccessPolicyRequireSaml[]
serviceTokens string[]
anyValidServiceToken bool
azures List[AccessPolicyRequireAzure]
certificate bool
commonName str
emailDomains List[str]
emails List[str]
everyone bool
githubs List[AccessPolicyRequireGithub]
groups List[str]
gsuites List[AccessPolicyRequireGsuite]
ips List[str]
oktas List[AccessPolicyRequireOkta]
samls List[AccessPolicyRequireSaml]
serviceTokens List[str]

AccessPolicyRequireAzure

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Id string
IdentityProviderId string
Id string
IdentityProviderId string
id string
identityProviderId string
id str
identityProviderId str

AccessPolicyRequireGithub

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

IdentityProviderId string
Name string

Friendly name of the Access Application.

IdentityProviderId string
Name string

Friendly name of the Access Application.

identityProviderId string
name string

Friendly name of the Access Application.

identityProviderId str
name str

Friendly name of the Access Application.

AccessPolicyRequireGsuite

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Email string
IdentityProviderId string
Email string
IdentityProviderId string
email string
identityProviderId string
email str
identityProviderId str

AccessPolicyRequireOkta

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

IdentityProviderId string
Name string

Friendly name of the Access Application.

IdentityProviderId string
Name string

Friendly name of the Access Application.

identityProviderId string
name string

Friendly name of the Access Application.

identityProviderId str
name str

Friendly name of the Access Application.

AccessPolicyRequireSaml

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AttributeName string
AttributeValue string
IdentityProviderId string
AttributeName string
AttributeValue string
IdentityProviderId string
attributeName string
attributeValue string
identityProviderId string
attributeName str
attributeValue str
identityProviderId str

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes
This Pulumi package is based on the cloudflare Terraform Provider.