ZoneLockdown

Provides a Cloudflare Zone Lockdown resource. Zone Lockdown allows you to define one or more URLs (with wildcard matching on the domain or path) that will only permit access if the request originates from an IP address that matches a safelist of one or more IP addresses and/or IP ranges.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

class MyStack : Stack
{
    public MyStack()
    {
        // Restrict access to these endpoints to requests from a known IP address.
        var endpointLockdown = new Cloudflare.ZoneLockdown("endpointLockdown", new Cloudflare.ZoneLockdownArgs
        {
            Configurations = 
            {
                new Cloudflare.Inputs.ZoneLockdownConfigurationArgs
                {
                    Target = "ip",
                    Value = "198.51.100.4",
                },
            },
            Description = "Restrict access to these endpoints to requests from a known IP address",
            Paused = false,
            Urls = 
            {
                "api.mysite.com/some/endpoint*",
            },
            ZoneId = "d41d8cd98f00b204e9800998ecf8427e",
        });
    }

}

Coming soon!

import pulumi
import pulumi_cloudflare as cloudflare

# Restrict access to these endpoints to requests from a known IP address.
endpoint_lockdown = cloudflare.ZoneLockdown("endpointLockdown",
    configurations=[{
        "target": "ip",
        "value": "198.51.100.4",
    }],
    description="Restrict access to these endpoints to requests from a known IP address",
    paused="false",
    urls=["api.mysite.com/some/endpoint*"],
    zone_id="d41d8cd98f00b204e9800998ecf8427e")

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

// Restrict access to these endpoints to requests from a known IP address.
const endpointLockdown = new cloudflare.ZoneLockdown("endpoint_lockdown", {
    configurations: [{
        target: "ip",
        value: "198.51.100.4",
    }],
    description: "Restrict access to these endpoints to requests from a known IP address",
    paused: false,
    urls: ["api.mysite.com/some/endpoint*"],
    zoneId: "d41d8cd98f00b204e9800998ecf8427e",
});

Create a ZoneLockdown Resource

new ZoneLockdown(name: string, args: ZoneLockdownArgs, opts?: CustomResourceOptions);

def ZoneLockdown(resource_name, opts=None, configurations=None, description=None, paused=None, priority=None, urls=None, zone_id=None, __props__=None);

func NewZoneLockdown(ctx *Context, name string, args ZoneLockdownArgs, opts ...ResourceOption) (*ZoneLockdown, error)

public ZoneLockdown(string name, ZoneLockdownArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args ZoneLockdownArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ZoneLockdownArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ZoneLockdownArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

ZoneLockdown Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ZoneLockdown resource accepts the following input properties:

Configurations List<ZoneLockdownConfigurationArgs>: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
Urls List<string>: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
ZoneId string: The DNS zone ID to which the access rule should be added.
Description string: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
Paused bool: Boolean of whether this zone lockdown is currently paused. Default: false.
Priority int

Configurations []ZoneLockdownConfiguration: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
Urls []string: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
ZoneId string: The DNS zone ID to which the access rule should be added.
Description string: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
Paused bool: Boolean of whether this zone lockdown is currently paused. Default: false.
Priority int

configurations ZoneLockdownConfiguration[]: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
urls string[]: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
zoneId string: The DNS zone ID to which the access rule should be added.
description string: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
paused boolean: Boolean of whether this zone lockdown is currently paused. Default: false.
priority number

configurations List[ZoneLockdownConfiguration]: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
urls List[str]: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
zone_id str: The DNS zone ID to which the access rule should be added.
description str: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
paused bool: Boolean of whether this zone lockdown is currently paused. Default: false.
priority float

Outputs

All input properties are implicitly available as output properties. Additionally, the ZoneLockdown resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing ZoneLockdown Resource

Get an existing ZoneLockdown resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ZoneLockdownState, opts?: CustomResourceOptions): ZoneLockdown

static get(resource_name, id, opts=None, configurations=None, description=None, paused=None, priority=None, urls=None, zone_id=None, __props__=None);

func GetZoneLockdown(ctx *Context, name string, id IDInput, state *ZoneLockdownState, opts ...ResourceOption) (*ZoneLockdown, error)

public static ZoneLockdown Get(string name, Input<string> id, ZoneLockdownState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Configurations List<ZoneLockdownConfigurationArgs>: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
Description string: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
Paused bool: Boolean of whether this zone lockdown is currently paused. Default: false.
Priority int
Urls List<string>: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
ZoneId string: The DNS zone ID to which the access rule should be added.

Configurations []ZoneLockdownConfiguration: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
Description string: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
Paused bool: Boolean of whether this zone lockdown is currently paused. Default: false.
Priority int
Urls []string: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
ZoneId string: The DNS zone ID to which the access rule should be added.

configurations ZoneLockdownConfiguration[]: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
description string: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
paused boolean: Boolean of whether this zone lockdown is currently paused. Default: false.
priority number
urls string[]: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
zoneId string: The DNS zone ID to which the access rule should be added.

configurations List[ZoneLockdownConfiguration]: A list of IP addresses or IP ranges to match the request against specified in target, value pairs. It’s a complex value. See description below. The order of the configuration entries is unimportant.
description str: A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.
paused bool: Boolean of whether this zone lockdown is currently paused. Default: false.
priority float
urls List[str]: A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.
zone_id str: The DNS zone ID to which the access rule should be added.

Supporting Types

ZoneLockdownConfiguration

See the input and output API doc for this type.

Target string: The request property to target. Allowed values: “ip”, “ip_range”
Value string: The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

Target string: The request property to target. Allowed values: “ip”, “ip_range”
Value string: The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

target string: The request property to target. Allowed values: “ip”, “ip_range”
value string: The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

target str: The request property to target. Allowed values: “ip”, “ip_range”
value str: The value to target. Depends on target’s type. IP addresses should just be standard IPv4/IPv6 notation i.e. 198.51.100.4 or 2001:db8::/32 and IP ranges in CIDR format i.e. 198.51.0.0/16.

Package Details

Repository: https://github.com/pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud