Class AccessGroup

Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.

Conditions

require, exclude and include arguments share the available conditions which can be applied. The conditions are:

ip - (Optional) A list of IP addresses or ranges. Example: ip = ["1.2.3.4", "10.0.0.0/2"]
email - (Optional) A list of email addresses. Example: email = ["test@example.com"]
email_domain - (Optional) A list of email domains. Example: email_domain = ["example.com"]
service_token - (Optional) A list of service token ids. Example: service_token = [cloudflare_access_service_token.demo.id]
any_valid_service_token - (Optional) Boolean indicating if allow all tokens to be granted. Example: any_valid_service_token = true
group - (Optional) A list of access group ids. Example: group = [cloudflare_access_group.demo.id]
everyone - (Optional) Boolean indicating permitting access for all requests. Example: everyone = true
certificate - (Optional) Whether to use mTLS certificate authentication.
common_name - (Optional) Use a certificate common name to authenticate with.
gsuite - (Optional) Use GSuite as the authentication mechanism. Example:

# ... other configuration
include {
gsuite {
  email = &quot;admins@example.com&quot;
  identity_provider_id = &quot;ca298b82-93b5-41bf-bc2d-10493f09b761&quot;
}
}

github - (Optional) Use a GitHub team as the include condition. Example:

# ... other configuration
include {
github {
  name = &quot;my-github-team-name&quot;
  identity_provider_id = &quot;ca298b82-93b5-41bf-bc2d-10493f09b761&quot;
}
}

azure - (Optional) Use Azure AD as the include condition. Example:

# ... other configuration
include {
azure {
  id = &quot;86773093-5feb-48dd-814b-7ccd3676ff50e&quot;
  identity_provider_id = &quot;ca298b82-93b5-41bf-bc2d-10493f09b761&quot;
}
}

okta - (Optional) Use Okta as the include condition. Example:

# ... other configuration
include {
okta {
  name = &quot;admins&quot;
  identity_provider_id = &quot;ca298b82-93b5-41bf-bc2d-10493f09b761&quot;
}
}

saml - (Optional) Use an external SAML setup as the include condition. Example:

# ... other configuration
include {
saml {
  attribute_name = &quot;group&quot;
  attribute_value = &quot;admins&quot;
  identity_provider_id = &quot;ca298b82-93b5-41bf-bc2d-10493f09b761&quot;
}
}

Inheritance

System.Object

Resource

CustomResource

AccessGroup

Inherited Members

CustomResource.Id

Resource.GetResourceType()

Resource.GetResourceName()

Resource.Urn

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Pulumi.Cloudflare

Assembly: Pulumi.Cloudflare.dll

Syntax

public class AccessGroup : CustomResource

Constructors

View Source

AccessGroup(String, AccessGroupArgs, CustomResourceOptions)

Create a AccessGroup resource with the given unique name, arguments, and options.

Declaration

public AccessGroup(string name, AccessGroupArgs args, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resource
AccessGroupArgs	args	The arguments used to populate this resource's properties
CustomResourceOptions	options	A bag of options that control this resource's behavior

Properties

View Source

AccountId

The ID of the account the group is associated with.

Declaration

public Output<string> AccountId { get; }

Property Value

Type	Description
Output<System.String>

View Source

Excludes

A series of access conditions, see below for full list.

Declaration

public Output<ImmutableArray<AccessGroupExclude>> Excludes { get; }

Property Value

Type	Description
Output<System.Collections.Immutable.ImmutableArray<AccessGroupExclude>>

View Source

Includes

A series of access conditions, see below for full list.

Declaration

public Output<ImmutableArray<AccessGroupInclude>> Includes { get; }

Property Value

Type	Description
Output<System.Collections.Immutable.ImmutableArray<AccessGroupInclude>>

View Source

Name

Friendly name of the Access Group.

Declaration

public Output<string> Name { get; }

Property Value

Type	Description
Output<System.String>

View Source

Requires

A series of access conditions, see below for full list.

Declaration

public Output<ImmutableArray<AccessGroupRequire>> Requires { get; }

Property Value

Type	Description
Output<System.Collections.Immutable.ImmutableArray<AccessGroupRequire>>

Methods

View Source

Get(String, Input<String>, AccessGroupState, CustomResourceOptions)

Get an existing AccessGroup resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration

public static AccessGroup Get(string name, Input<string> id, AccessGroupState state = null, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resulting resource.
Input<System.String>	id	The unique provider ID of the resource to lookup.
AccessGroupState	state	Any extra arguments used during the lookup.
CustomResourceOptions	options	A bag of options that control this resource's behavior

Returns

Type	Description
AccessGroup