1. Packages
  2. Cloudflare Provider
  3. API Docs
  4. AccessGroup
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

cloudflare.AccessGroup

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

    Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.

    It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

    Create AccessGroup Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccessGroup(name: string, args: AccessGroupArgs, opts?: CustomResourceOptions);
    @overload
    def AccessGroup(resource_name: str,
                    args: AccessGroupArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccessGroup(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    includes: Optional[Sequence[AccessGroupIncludeArgs]] = None,
                    name: Optional[str] = None,
                    account_id: Optional[str] = None,
                    excludes: Optional[Sequence[AccessGroupExcludeArgs]] = None,
                    requires: Optional[Sequence[AccessGroupRequireArgs]] = None,
                    zone_id: Optional[str] = None)
    func NewAccessGroup(ctx *Context, name string, args AccessGroupArgs, opts ...ResourceOption) (*AccessGroup, error)
    public AccessGroup(string name, AccessGroupArgs args, CustomResourceOptions? opts = null)
    public AccessGroup(String name, AccessGroupArgs args)
    public AccessGroup(String name, AccessGroupArgs args, CustomResourceOptions options)
    
    type: cloudflare:AccessGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccessGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var accessGroupResource = new Cloudflare.AccessGroup("accessGroupResource", new()
    {
        Includes = new[]
        {
            new Cloudflare.Inputs.AccessGroupIncludeArgs
            {
                AnyValidServiceToken = false,
                AuthContexts = new[]
                {
                    new Cloudflare.Inputs.AccessGroupIncludeAuthContextArgs
                    {
                        AcId = "string",
                        Id = "string",
                        IdentityProviderId = "string",
                    },
                },
                AuthMethod = "string",
                Azures = new[]
                {
                    new Cloudflare.Inputs.AccessGroupIncludeAzureArgs
                    {
                        IdentityProviderId = "string",
                        Ids = new[]
                        {
                            "string",
                        },
                    },
                },
                Certificate = false,
                CommonName = "string",
                CommonNames = new[]
                {
                    "string",
                },
                DevicePostures = new[]
                {
                    "string",
                },
                EmailDomains = new[]
                {
                    "string",
                },
                EmailLists = new[]
                {
                    "string",
                },
                Emails = new[]
                {
                    "string",
                },
                Everyone = false,
                ExternalEvaluation = new Cloudflare.Inputs.AccessGroupIncludeExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
                Geos = new[]
                {
                    "string",
                },
                Githubs = new[]
                {
                    new Cloudflare.Inputs.AccessGroupIncludeGithubArgs
                    {
                        IdentityProviderId = "string",
                        Name = "string",
                        Teams = new[]
                        {
                            "string",
                        },
                    },
                },
                Groups = new[]
                {
                    "string",
                },
                Gsuites = new[]
                {
                    new Cloudflare.Inputs.AccessGroupIncludeGsuiteArgs
                    {
                        Emails = new[]
                        {
                            "string",
                        },
                        IdentityProviderId = "string",
                    },
                },
                IpLists = new[]
                {
                    "string",
                },
                Ips = new[]
                {
                    "string",
                },
                LoginMethods = new[]
                {
                    "string",
                },
                Oktas = new[]
                {
                    new Cloudflare.Inputs.AccessGroupIncludeOktaArgs
                    {
                        IdentityProviderId = "string",
                        Names = new[]
                        {
                            "string",
                        },
                    },
                },
                Samls = new[]
                {
                    new Cloudflare.Inputs.AccessGroupIncludeSamlArgs
                    {
                        AttributeName = "string",
                        AttributeValue = "string",
                        IdentityProviderId = "string",
                    },
                },
                ServiceTokens = new[]
                {
                    "string",
                },
            },
        },
        Name = "string",
        AccountId = "string",
        Excludes = new[]
        {
            new Cloudflare.Inputs.AccessGroupExcludeArgs
            {
                AnyValidServiceToken = false,
                AuthContexts = new[]
                {
                    new Cloudflare.Inputs.AccessGroupExcludeAuthContextArgs
                    {
                        AcId = "string",
                        Id = "string",
                        IdentityProviderId = "string",
                    },
                },
                AuthMethod = "string",
                Azures = new[]
                {
                    new Cloudflare.Inputs.AccessGroupExcludeAzureArgs
                    {
                        IdentityProviderId = "string",
                        Ids = new[]
                        {
                            "string",
                        },
                    },
                },
                Certificate = false,
                CommonName = "string",
                CommonNames = new[]
                {
                    "string",
                },
                DevicePostures = new[]
                {
                    "string",
                },
                EmailDomains = new[]
                {
                    "string",
                },
                EmailLists = new[]
                {
                    "string",
                },
                Emails = new[]
                {
                    "string",
                },
                Everyone = false,
                ExternalEvaluation = new Cloudflare.Inputs.AccessGroupExcludeExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
                Geos = new[]
                {
                    "string",
                },
                Githubs = new[]
                {
                    new Cloudflare.Inputs.AccessGroupExcludeGithubArgs
                    {
                        IdentityProviderId = "string",
                        Name = "string",
                        Teams = new[]
                        {
                            "string",
                        },
                    },
                },
                Groups = new[]
                {
                    "string",
                },
                Gsuites = new[]
                {
                    new Cloudflare.Inputs.AccessGroupExcludeGsuiteArgs
                    {
                        Emails = new[]
                        {
                            "string",
                        },
                        IdentityProviderId = "string",
                    },
                },
                IpLists = new[]
                {
                    "string",
                },
                Ips = new[]
                {
                    "string",
                },
                LoginMethods = new[]
                {
                    "string",
                },
                Oktas = new[]
                {
                    new Cloudflare.Inputs.AccessGroupExcludeOktaArgs
                    {
                        IdentityProviderId = "string",
                        Names = new[]
                        {
                            "string",
                        },
                    },
                },
                Samls = new[]
                {
                    new Cloudflare.Inputs.AccessGroupExcludeSamlArgs
                    {
                        AttributeName = "string",
                        AttributeValue = "string",
                        IdentityProviderId = "string",
                    },
                },
                ServiceTokens = new[]
                {
                    "string",
                },
            },
        },
        Requires = new[]
        {
            new Cloudflare.Inputs.AccessGroupRequireArgs
            {
                AnyValidServiceToken = false,
                AuthContexts = new[]
                {
                    new Cloudflare.Inputs.AccessGroupRequireAuthContextArgs
                    {
                        AcId = "string",
                        Id = "string",
                        IdentityProviderId = "string",
                    },
                },
                AuthMethod = "string",
                Azures = new[]
                {
                    new Cloudflare.Inputs.AccessGroupRequireAzureArgs
                    {
                        IdentityProviderId = "string",
                        Ids = new[]
                        {
                            "string",
                        },
                    },
                },
                Certificate = false,
                CommonName = "string",
                CommonNames = new[]
                {
                    "string",
                },
                DevicePostures = new[]
                {
                    "string",
                },
                EmailDomains = new[]
                {
                    "string",
                },
                EmailLists = new[]
                {
                    "string",
                },
                Emails = new[]
                {
                    "string",
                },
                Everyone = false,
                ExternalEvaluation = new Cloudflare.Inputs.AccessGroupRequireExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
                Geos = new[]
                {
                    "string",
                },
                Githubs = new[]
                {
                    new Cloudflare.Inputs.AccessGroupRequireGithubArgs
                    {
                        IdentityProviderId = "string",
                        Name = "string",
                        Teams = new[]
                        {
                            "string",
                        },
                    },
                },
                Groups = new[]
                {
                    "string",
                },
                Gsuites = new[]
                {
                    new Cloudflare.Inputs.AccessGroupRequireGsuiteArgs
                    {
                        Emails = new[]
                        {
                            "string",
                        },
                        IdentityProviderId = "string",
                    },
                },
                IpLists = new[]
                {
                    "string",
                },
                Ips = new[]
                {
                    "string",
                },
                LoginMethods = new[]
                {
                    "string",
                },
                Oktas = new[]
                {
                    new Cloudflare.Inputs.AccessGroupRequireOktaArgs
                    {
                        IdentityProviderId = "string",
                        Names = new[]
                        {
                            "string",
                        },
                    },
                },
                Samls = new[]
                {
                    new Cloudflare.Inputs.AccessGroupRequireSamlArgs
                    {
                        AttributeName = "string",
                        AttributeValue = "string",
                        IdentityProviderId = "string",
                    },
                },
                ServiceTokens = new[]
                {
                    "string",
                },
            },
        },
        ZoneId = "string",
    });
    
    example, err := cloudflare.NewAccessGroup(ctx, "accessGroupResource", &cloudflare.AccessGroupArgs{
    	Includes: cloudflare.AccessGroupIncludeArray{
    		&cloudflare.AccessGroupIncludeArgs{
    			AnyValidServiceToken: pulumi.Bool(false),
    			AuthContexts: cloudflare.AccessGroupIncludeAuthContextArray{
    				&cloudflare.AccessGroupIncludeAuthContextArgs{
    					AcId:               pulumi.String("string"),
    					Id:                 pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			AuthMethod: pulumi.String("string"),
    			Azures: cloudflare.AccessGroupIncludeAzureArray{
    				&cloudflare.AccessGroupIncludeAzureArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Ids: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Certificate: pulumi.Bool(false),
    			CommonName:  pulumi.String("string"),
    			CommonNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DevicePostures: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailDomains: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Emails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Everyone: pulumi.Bool(false),
    			ExternalEvaluation: &cloudflare.AccessGroupIncludeExternalEvaluationArgs{
    				EvaluateUrl: pulumi.String("string"),
    				KeysUrl:     pulumi.String("string"),
    			},
    			Geos: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Githubs: cloudflare.AccessGroupIncludeGithubArray{
    				&cloudflare.AccessGroupIncludeGithubArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Name:               pulumi.String("string"),
    					Teams: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Groups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Gsuites: cloudflare.AccessGroupIncludeGsuiteArray{
    				&cloudflare.AccessGroupIncludeGsuiteArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			IpLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Ips: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			LoginMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Oktas: cloudflare.AccessGroupIncludeOktaArray{
    				&cloudflare.AccessGroupIncludeOktaArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Names: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Samls: cloudflare.AccessGroupIncludeSamlArray{
    				&cloudflare.AccessGroupIncludeSamlArgs{
    					AttributeName:      pulumi.String("string"),
    					AttributeValue:     pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			ServiceTokens: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Name:      pulumi.String("string"),
    	AccountId: pulumi.String("string"),
    	Excludes: cloudflare.AccessGroupExcludeArray{
    		&cloudflare.AccessGroupExcludeArgs{
    			AnyValidServiceToken: pulumi.Bool(false),
    			AuthContexts: cloudflare.AccessGroupExcludeAuthContextArray{
    				&cloudflare.AccessGroupExcludeAuthContextArgs{
    					AcId:               pulumi.String("string"),
    					Id:                 pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			AuthMethod: pulumi.String("string"),
    			Azures: cloudflare.AccessGroupExcludeAzureArray{
    				&cloudflare.AccessGroupExcludeAzureArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Ids: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Certificate: pulumi.Bool(false),
    			CommonName:  pulumi.String("string"),
    			CommonNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DevicePostures: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailDomains: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Emails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Everyone: pulumi.Bool(false),
    			ExternalEvaluation: &cloudflare.AccessGroupExcludeExternalEvaluationArgs{
    				EvaluateUrl: pulumi.String("string"),
    				KeysUrl:     pulumi.String("string"),
    			},
    			Geos: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Githubs: cloudflare.AccessGroupExcludeGithubArray{
    				&cloudflare.AccessGroupExcludeGithubArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Name:               pulumi.String("string"),
    					Teams: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Groups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Gsuites: cloudflare.AccessGroupExcludeGsuiteArray{
    				&cloudflare.AccessGroupExcludeGsuiteArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			IpLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Ips: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			LoginMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Oktas: cloudflare.AccessGroupExcludeOktaArray{
    				&cloudflare.AccessGroupExcludeOktaArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Names: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Samls: cloudflare.AccessGroupExcludeSamlArray{
    				&cloudflare.AccessGroupExcludeSamlArgs{
    					AttributeName:      pulumi.String("string"),
    					AttributeValue:     pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			ServiceTokens: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Requires: cloudflare.AccessGroupRequireArray{
    		&cloudflare.AccessGroupRequireArgs{
    			AnyValidServiceToken: pulumi.Bool(false),
    			AuthContexts: cloudflare.AccessGroupRequireAuthContextArray{
    				&cloudflare.AccessGroupRequireAuthContextArgs{
    					AcId:               pulumi.String("string"),
    					Id:                 pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			AuthMethod: pulumi.String("string"),
    			Azures: cloudflare.AccessGroupRequireAzureArray{
    				&cloudflare.AccessGroupRequireAzureArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Ids: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Certificate: pulumi.Bool(false),
    			CommonName:  pulumi.String("string"),
    			CommonNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DevicePostures: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailDomains: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Emails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Everyone: pulumi.Bool(false),
    			ExternalEvaluation: &cloudflare.AccessGroupRequireExternalEvaluationArgs{
    				EvaluateUrl: pulumi.String("string"),
    				KeysUrl:     pulumi.String("string"),
    			},
    			Geos: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Githubs: cloudflare.AccessGroupRequireGithubArray{
    				&cloudflare.AccessGroupRequireGithubArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Name:               pulumi.String("string"),
    					Teams: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Groups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Gsuites: cloudflare.AccessGroupRequireGsuiteArray{
    				&cloudflare.AccessGroupRequireGsuiteArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			IpLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Ips: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			LoginMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Oktas: cloudflare.AccessGroupRequireOktaArray{
    				&cloudflare.AccessGroupRequireOktaArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Names: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Samls: cloudflare.AccessGroupRequireSamlArray{
    				&cloudflare.AccessGroupRequireSamlArgs{
    					AttributeName:      pulumi.String("string"),
    					AttributeValue:     pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			ServiceTokens: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	ZoneId: pulumi.String("string"),
    })
    
    var accessGroupResource = new AccessGroup("accessGroupResource", AccessGroupArgs.builder()
        .includes(AccessGroupIncludeArgs.builder()
            .anyValidServiceToken(false)
            .authContexts(AccessGroupIncludeAuthContextArgs.builder()
                .acId("string")
                .id("string")
                .identityProviderId("string")
                .build())
            .authMethod("string")
            .azures(AccessGroupIncludeAzureArgs.builder()
                .identityProviderId("string")
                .ids("string")
                .build())
            .certificate(false)
            .commonName("string")
            .commonNames("string")
            .devicePostures("string")
            .emailDomains("string")
            .emailLists("string")
            .emails("string")
            .everyone(false)
            .externalEvaluation(AccessGroupIncludeExternalEvaluationArgs.builder()
                .evaluateUrl("string")
                .keysUrl("string")
                .build())
            .geos("string")
            .githubs(AccessGroupIncludeGithubArgs.builder()
                .identityProviderId("string")
                .name("string")
                .teams("string")
                .build())
            .groups("string")
            .gsuites(AccessGroupIncludeGsuiteArgs.builder()
                .emails("string")
                .identityProviderId("string")
                .build())
            .ipLists("string")
            .ips("string")
            .loginMethods("string")
            .oktas(AccessGroupIncludeOktaArgs.builder()
                .identityProviderId("string")
                .names("string")
                .build())
            .samls(AccessGroupIncludeSamlArgs.builder()
                .attributeName("string")
                .attributeValue("string")
                .identityProviderId("string")
                .build())
            .serviceTokens("string")
            .build())
        .name("string")
        .accountId("string")
        .excludes(AccessGroupExcludeArgs.builder()
            .anyValidServiceToken(false)
            .authContexts(AccessGroupExcludeAuthContextArgs.builder()
                .acId("string")
                .id("string")
                .identityProviderId("string")
                .build())
            .authMethod("string")
            .azures(AccessGroupExcludeAzureArgs.builder()
                .identityProviderId("string")
                .ids("string")
                .build())
            .certificate(false)
            .commonName("string")
            .commonNames("string")
            .devicePostures("string")
            .emailDomains("string")
            .emailLists("string")
            .emails("string")
            .everyone(false)
            .externalEvaluation(AccessGroupExcludeExternalEvaluationArgs.builder()
                .evaluateUrl("string")
                .keysUrl("string")
                .build())
            .geos("string")
            .githubs(AccessGroupExcludeGithubArgs.builder()
                .identityProviderId("string")
                .name("string")
                .teams("string")
                .build())
            .groups("string")
            .gsuites(AccessGroupExcludeGsuiteArgs.builder()
                .emails("string")
                .identityProviderId("string")
                .build())
            .ipLists("string")
            .ips("string")
            .loginMethods("string")
            .oktas(AccessGroupExcludeOktaArgs.builder()
                .identityProviderId("string")
                .names("string")
                .build())
            .samls(AccessGroupExcludeSamlArgs.builder()
                .attributeName("string")
                .attributeValue("string")
                .identityProviderId("string")
                .build())
            .serviceTokens("string")
            .build())
        .requires(AccessGroupRequireArgs.builder()
            .anyValidServiceToken(false)
            .authContexts(AccessGroupRequireAuthContextArgs.builder()
                .acId("string")
                .id("string")
                .identityProviderId("string")
                .build())
            .authMethod("string")
            .azures(AccessGroupRequireAzureArgs.builder()
                .identityProviderId("string")
                .ids("string")
                .build())
            .certificate(false)
            .commonName("string")
            .commonNames("string")
            .devicePostures("string")
            .emailDomains("string")
            .emailLists("string")
            .emails("string")
            .everyone(false)
            .externalEvaluation(AccessGroupRequireExternalEvaluationArgs.builder()
                .evaluateUrl("string")
                .keysUrl("string")
                .build())
            .geos("string")
            .githubs(AccessGroupRequireGithubArgs.builder()
                .identityProviderId("string")
                .name("string")
                .teams("string")
                .build())
            .groups("string")
            .gsuites(AccessGroupRequireGsuiteArgs.builder()
                .emails("string")
                .identityProviderId("string")
                .build())
            .ipLists("string")
            .ips("string")
            .loginMethods("string")
            .oktas(AccessGroupRequireOktaArgs.builder()
                .identityProviderId("string")
                .names("string")
                .build())
            .samls(AccessGroupRequireSamlArgs.builder()
                .attributeName("string")
                .attributeValue("string")
                .identityProviderId("string")
                .build())
            .serviceTokens("string")
            .build())
        .zoneId("string")
        .build());
    
    access_group_resource = cloudflare.AccessGroup("accessGroupResource",
        includes=[{
            "any_valid_service_token": False,
            "auth_contexts": [{
                "ac_id": "string",
                "id": "string",
                "identity_provider_id": "string",
            }],
            "auth_method": "string",
            "azures": [{
                "identity_provider_id": "string",
                "ids": ["string"],
            }],
            "certificate": False,
            "common_name": "string",
            "common_names": ["string"],
            "device_postures": ["string"],
            "email_domains": ["string"],
            "email_lists": ["string"],
            "emails": ["string"],
            "everyone": False,
            "external_evaluation": {
                "evaluate_url": "string",
                "keys_url": "string",
            },
            "geos": ["string"],
            "githubs": [{
                "identity_provider_id": "string",
                "name": "string",
                "teams": ["string"],
            }],
            "groups": ["string"],
            "gsuites": [{
                "emails": ["string"],
                "identity_provider_id": "string",
            }],
            "ip_lists": ["string"],
            "ips": ["string"],
            "login_methods": ["string"],
            "oktas": [{
                "identity_provider_id": "string",
                "names": ["string"],
            }],
            "samls": [{
                "attribute_name": "string",
                "attribute_value": "string",
                "identity_provider_id": "string",
            }],
            "service_tokens": ["string"],
        }],
        name="string",
        account_id="string",
        excludes=[{
            "any_valid_service_token": False,
            "auth_contexts": [{
                "ac_id": "string",
                "id": "string",
                "identity_provider_id": "string",
            }],
            "auth_method": "string",
            "azures": [{
                "identity_provider_id": "string",
                "ids": ["string"],
            }],
            "certificate": False,
            "common_name": "string",
            "common_names": ["string"],
            "device_postures": ["string"],
            "email_domains": ["string"],
            "email_lists": ["string"],
            "emails": ["string"],
            "everyone": False,
            "external_evaluation": {
                "evaluate_url": "string",
                "keys_url": "string",
            },
            "geos": ["string"],
            "githubs": [{
                "identity_provider_id": "string",
                "name": "string",
                "teams": ["string"],
            }],
            "groups": ["string"],
            "gsuites": [{
                "emails": ["string"],
                "identity_provider_id": "string",
            }],
            "ip_lists": ["string"],
            "ips": ["string"],
            "login_methods": ["string"],
            "oktas": [{
                "identity_provider_id": "string",
                "names": ["string"],
            }],
            "samls": [{
                "attribute_name": "string",
                "attribute_value": "string",
                "identity_provider_id": "string",
            }],
            "service_tokens": ["string"],
        }],
        requires=[{
            "any_valid_service_token": False,
            "auth_contexts": [{
                "ac_id": "string",
                "id": "string",
                "identity_provider_id": "string",
            }],
            "auth_method": "string",
            "azures": [{
                "identity_provider_id": "string",
                "ids": ["string"],
            }],
            "certificate": False,
            "common_name": "string",
            "common_names": ["string"],
            "device_postures": ["string"],
            "email_domains": ["string"],
            "email_lists": ["string"],
            "emails": ["string"],
            "everyone": False,
            "external_evaluation": {
                "evaluate_url": "string",
                "keys_url": "string",
            },
            "geos": ["string"],
            "githubs": [{
                "identity_provider_id": "string",
                "name": "string",
                "teams": ["string"],
            }],
            "groups": ["string"],
            "gsuites": [{
                "emails": ["string"],
                "identity_provider_id": "string",
            }],
            "ip_lists": ["string"],
            "ips": ["string"],
            "login_methods": ["string"],
            "oktas": [{
                "identity_provider_id": "string",
                "names": ["string"],
            }],
            "samls": [{
                "attribute_name": "string",
                "attribute_value": "string",
                "identity_provider_id": "string",
            }],
            "service_tokens": ["string"],
        }],
        zone_id="string")
    
    const accessGroupResource = new cloudflare.AccessGroup("accessGroupResource", {
        includes: [{
            anyValidServiceToken: false,
            authContexts: [{
                acId: "string",
                id: "string",
                identityProviderId: "string",
            }],
            authMethod: "string",
            azures: [{
                identityProviderId: "string",
                ids: ["string"],
            }],
            certificate: false,
            commonName: "string",
            commonNames: ["string"],
            devicePostures: ["string"],
            emailDomains: ["string"],
            emailLists: ["string"],
            emails: ["string"],
            everyone: false,
            externalEvaluation: {
                evaluateUrl: "string",
                keysUrl: "string",
            },
            geos: ["string"],
            githubs: [{
                identityProviderId: "string",
                name: "string",
                teams: ["string"],
            }],
            groups: ["string"],
            gsuites: [{
                emails: ["string"],
                identityProviderId: "string",
            }],
            ipLists: ["string"],
            ips: ["string"],
            loginMethods: ["string"],
            oktas: [{
                identityProviderId: "string",
                names: ["string"],
            }],
            samls: [{
                attributeName: "string",
                attributeValue: "string",
                identityProviderId: "string",
            }],
            serviceTokens: ["string"],
        }],
        name: "string",
        accountId: "string",
        excludes: [{
            anyValidServiceToken: false,
            authContexts: [{
                acId: "string",
                id: "string",
                identityProviderId: "string",
            }],
            authMethod: "string",
            azures: [{
                identityProviderId: "string",
                ids: ["string"],
            }],
            certificate: false,
            commonName: "string",
            commonNames: ["string"],
            devicePostures: ["string"],
            emailDomains: ["string"],
            emailLists: ["string"],
            emails: ["string"],
            everyone: false,
            externalEvaluation: {
                evaluateUrl: "string",
                keysUrl: "string",
            },
            geos: ["string"],
            githubs: [{
                identityProviderId: "string",
                name: "string",
                teams: ["string"],
            }],
            groups: ["string"],
            gsuites: [{
                emails: ["string"],
                identityProviderId: "string",
            }],
            ipLists: ["string"],
            ips: ["string"],
            loginMethods: ["string"],
            oktas: [{
                identityProviderId: "string",
                names: ["string"],
            }],
            samls: [{
                attributeName: "string",
                attributeValue: "string",
                identityProviderId: "string",
            }],
            serviceTokens: ["string"],
        }],
        requires: [{
            anyValidServiceToken: false,
            authContexts: [{
                acId: "string",
                id: "string",
                identityProviderId: "string",
            }],
            authMethod: "string",
            azures: [{
                identityProviderId: "string",
                ids: ["string"],
            }],
            certificate: false,
            commonName: "string",
            commonNames: ["string"],
            devicePostures: ["string"],
            emailDomains: ["string"],
            emailLists: ["string"],
            emails: ["string"],
            everyone: false,
            externalEvaluation: {
                evaluateUrl: "string",
                keysUrl: "string",
            },
            geos: ["string"],
            githubs: [{
                identityProviderId: "string",
                name: "string",
                teams: ["string"],
            }],
            groups: ["string"],
            gsuites: [{
                emails: ["string"],
                identityProviderId: "string",
            }],
            ipLists: ["string"],
            ips: ["string"],
            loginMethods: ["string"],
            oktas: [{
                identityProviderId: "string",
                names: ["string"],
            }],
            samls: [{
                attributeName: "string",
                attributeValue: "string",
                identityProviderId: "string",
            }],
            serviceTokens: ["string"],
        }],
        zoneId: "string",
    });
    
    type: cloudflare:AccessGroup
    properties:
        accountId: string
        excludes:
            - anyValidServiceToken: false
              authContexts:
                - acId: string
                  id: string
                  identityProviderId: string
              authMethod: string
              azures:
                - identityProviderId: string
                  ids:
                    - string
              certificate: false
              commonName: string
              commonNames:
                - string
              devicePostures:
                - string
              emailDomains:
                - string
              emailLists:
                - string
              emails:
                - string
              everyone: false
              externalEvaluation:
                evaluateUrl: string
                keysUrl: string
              geos:
                - string
              githubs:
                - identityProviderId: string
                  name: string
                  teams:
                    - string
              groups:
                - string
              gsuites:
                - emails:
                    - string
                  identityProviderId: string
              ipLists:
                - string
              ips:
                - string
              loginMethods:
                - string
              oktas:
                - identityProviderId: string
                  names:
                    - string
              samls:
                - attributeName: string
                  attributeValue: string
                  identityProviderId: string
              serviceTokens:
                - string
        includes:
            - anyValidServiceToken: false
              authContexts:
                - acId: string
                  id: string
                  identityProviderId: string
              authMethod: string
              azures:
                - identityProviderId: string
                  ids:
                    - string
              certificate: false
              commonName: string
              commonNames:
                - string
              devicePostures:
                - string
              emailDomains:
                - string
              emailLists:
                - string
              emails:
                - string
              everyone: false
              externalEvaluation:
                evaluateUrl: string
                keysUrl: string
              geos:
                - string
              githubs:
                - identityProviderId: string
                  name: string
                  teams:
                    - string
              groups:
                - string
              gsuites:
                - emails:
                    - string
                  identityProviderId: string
              ipLists:
                - string
              ips:
                - string
              loginMethods:
                - string
              oktas:
                - identityProviderId: string
                  names:
                    - string
              samls:
                - attributeName: string
                  attributeValue: string
                  identityProviderId: string
              serviceTokens:
                - string
        name: string
        requires:
            - anyValidServiceToken: false
              authContexts:
                - acId: string
                  id: string
                  identityProviderId: string
              authMethod: string
              azures:
                - identityProviderId: string
                  ids:
                    - string
              certificate: false
              commonName: string
              commonNames:
                - string
              devicePostures:
                - string
              emailDomains:
                - string
              emailLists:
                - string
              emails:
                - string
              everyone: false
              externalEvaluation:
                evaluateUrl: string
                keysUrl: string
              geos:
                - string
              githubs:
                - identityProviderId: string
                  name: string
                  teams:
                    - string
              groups:
                - string
              gsuites:
                - emails:
                    - string
                  identityProviderId: string
              ipLists:
                - string
              ips:
                - string
              loginMethods:
                - string
              oktas:
                - identityProviderId: string
                  names:
                    - string
              samls:
                - attributeName: string
                  attributeValue: string
                  identityProviderId: string
              serviceTokens:
                - string
        zoneId: string
    

    AccessGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AccessGroup resource accepts the following input properties:

    Includes List<AccessGroupInclude>
    Name string
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Excludes List<AccessGroupExclude>
    Requires List<AccessGroupRequire>
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    Includes []AccessGroupIncludeArgs
    Name string
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Excludes []AccessGroupExcludeArgs
    Requires []AccessGroupRequireArgs
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    includes List<AccessGroupInclude>
    name String
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes List<AccessGroupExclude>
    requires List<AccessGroupRequire>
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.
    includes AccessGroupInclude[]
    name string
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes AccessGroupExclude[]
    requires AccessGroupRequire[]
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    includes Sequence[AccessGroupIncludeArgs]
    name str
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes Sequence[AccessGroupExcludeArgs]
    requires Sequence[AccessGroupRequireArgs]
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id.
    includes List<Property Map>
    name String
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes List<Property Map>
    requires List<Property Map>
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessGroup resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AccessGroup Resource

    Get an existing AccessGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessGroupState, opts?: CustomResourceOptions): AccessGroup
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            excludes: Optional[Sequence[AccessGroupExcludeArgs]] = None,
            includes: Optional[Sequence[AccessGroupIncludeArgs]] = None,
            name: Optional[str] = None,
            requires: Optional[Sequence[AccessGroupRequireArgs]] = None,
            zone_id: Optional[str] = None) -> AccessGroup
    func GetAccessGroup(ctx *Context, name string, id IDInput, state *AccessGroupState, opts ...ResourceOption) (*AccessGroup, error)
    public static AccessGroup Get(string name, Input<string> id, AccessGroupState? state, CustomResourceOptions? opts = null)
    public static AccessGroup get(String name, Output<String> id, AccessGroupState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Excludes List<AccessGroupExclude>
    Includes List<AccessGroupInclude>
    Name string
    Requires List<AccessGroupRequire>
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Excludes []AccessGroupExcludeArgs
    Includes []AccessGroupIncludeArgs
    Name string
    Requires []AccessGroupRequireArgs
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes List<AccessGroupExclude>
    includes List<AccessGroupInclude>
    name String
    requires List<AccessGroupRequire>
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes AccessGroupExclude[]
    includes AccessGroupInclude[]
    name string
    requires AccessGroupRequire[]
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes Sequence[AccessGroupExcludeArgs]
    includes Sequence[AccessGroupIncludeArgs]
    name str
    requires Sequence[AccessGroupRequireArgs]
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    excludes List<Property Map>
    includes List<Property Map>
    name String
    requires List<Property Map>
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.

    Supporting Types

    AccessGroupExclude, AccessGroupExcludeArgs

    AnyValidServiceToken bool
    Matches any valid Access service token.
    AuthContexts List<AccessGroupExcludeAuthContext>
    AuthMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    Azures List<AccessGroupExcludeAzure>
    Matches an Azure group. Requires an Azure identity provider.
    Certificate bool
    Matches any valid client certificate.
    CommonName string
    Matches a valid client certificate common name.
    CommonNames List<string>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures List<string>
    The ID of a device posture integration.
    EmailDomains List<string>
    The email domain to match.
    EmailLists List<string>
    The ID of a previously created email list.
    Emails List<string>
    The email of the user.
    Everyone bool
    Matches everyone.
    ExternalEvaluation AccessGroupExcludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    Geos List<string>
    Matches a specific country.
    Githubs List<AccessGroupExcludeGithub>
    Matches a Github organization. Requires a Github identity provider.
    Groups List<string>
    The ID of a previously created Access group.
    Gsuites List<AccessGroupExcludeGsuite>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    IpLists List<string>
    The ID of a previously created IP list.
    Ips List<string>
    An IPv4 or IPv6 CIDR block.
    LoginMethods List<string>
    The ID of a configured identity provider.
    Oktas List<AccessGroupExcludeOkta>
    Matches an Okta group. Requires an Okta identity provider.
    Samls List<AccessGroupExcludeSaml>
    Matches a SAML group. Requires a SAML identity provider.
    ServiceTokens List<string>
    The ID of an Access service token.
    AnyValidServiceToken bool
    Matches any valid Access service token.
    AuthContexts []AccessGroupExcludeAuthContext
    AuthMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    Azures []AccessGroupExcludeAzure
    Matches an Azure group. Requires an Azure identity provider.
    Certificate bool
    Matches any valid client certificate.
    CommonName string
    Matches a valid client certificate common name.
    CommonNames []string
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures []string
    The ID of a device posture integration.
    EmailDomains []string
    The email domain to match.
    EmailLists []string
    The ID of a previously created email list.
    Emails []string
    The email of the user.
    Everyone bool
    Matches everyone.
    ExternalEvaluation AccessGroupExcludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    Geos []string
    Matches a specific country.
    Githubs []AccessGroupExcludeGithub
    Matches a Github organization. Requires a Github identity provider.
    Groups []string
    The ID of a previously created Access group.
    Gsuites []AccessGroupExcludeGsuite
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    IpLists []string
    The ID of a previously created IP list.
    Ips []string
    An IPv4 or IPv6 CIDR block.
    LoginMethods []string
    The ID of a configured identity provider.
    Oktas []AccessGroupExcludeOkta
    Matches an Okta group. Requires an Okta identity provider.
    Samls []AccessGroupExcludeSaml
    Matches a SAML group. Requires a SAML identity provider.
    ServiceTokens []string
    The ID of an Access service token.
    anyValidServiceToken Boolean
    Matches any valid Access service token.
    authContexts List<AccessGroupExcludeAuthContext>
    authMethod String
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures List<AccessGroupExcludeAzure>
    Matches an Azure group. Requires an Azure identity provider.
    certificate Boolean
    Matches any valid client certificate.
    commonName String
    Matches a valid client certificate common name.
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    The ID of a device posture integration.
    emailDomains List<String>
    The email domain to match.
    emailLists List<String>
    The ID of a previously created email list.
    emails List<String>
    The email of the user.
    everyone Boolean
    Matches everyone.
    externalEvaluation AccessGroupExcludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos List<String>
    Matches a specific country.
    githubs List<AccessGroupExcludeGithub>
    Matches a Github organization. Requires a Github identity provider.
    groups List<String>
    The ID of a previously created Access group.
    gsuites List<AccessGroupExcludeGsuite>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists List<String>
    The ID of a previously created IP list.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    The ID of a configured identity provider.
    oktas List<AccessGroupExcludeOkta>
    Matches an Okta group. Requires an Okta identity provider.
    samls List<AccessGroupExcludeSaml>
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens List<String>
    The ID of an Access service token.
    anyValidServiceToken boolean
    Matches any valid Access service token.
    authContexts AccessGroupExcludeAuthContext[]
    authMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures AccessGroupExcludeAzure[]
    Matches an Azure group. Requires an Azure identity provider.
    certificate boolean
    Matches any valid client certificate.
    commonName string
    Matches a valid client certificate common name.
    commonNames string[]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures string[]
    The ID of a device posture integration.
    emailDomains string[]
    The email domain to match.
    emailLists string[]
    The ID of a previously created email list.
    emails string[]
    The email of the user.
    everyone boolean
    Matches everyone.
    externalEvaluation AccessGroupExcludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos string[]
    Matches a specific country.
    githubs AccessGroupExcludeGithub[]
    Matches a Github organization. Requires a Github identity provider.
    groups string[]
    The ID of a previously created Access group.
    gsuites AccessGroupExcludeGsuite[]
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists string[]
    The ID of a previously created IP list.
    ips string[]
    An IPv4 or IPv6 CIDR block.
    loginMethods string[]
    The ID of a configured identity provider.
    oktas AccessGroupExcludeOkta[]
    Matches an Okta group. Requires an Okta identity provider.
    samls AccessGroupExcludeSaml[]
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens string[]
    The ID of an Access service token.
    any_valid_service_token bool
    Matches any valid Access service token.
    auth_contexts Sequence[AccessGroupExcludeAuthContext]
    auth_method str
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures Sequence[AccessGroupExcludeAzure]
    Matches an Azure group. Requires an Azure identity provider.
    certificate bool
    Matches any valid client certificate.
    common_name str
    Matches a valid client certificate common name.
    common_names Sequence[str]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    device_postures Sequence[str]
    The ID of a device posture integration.
    email_domains Sequence[str]
    The email domain to match.
    email_lists Sequence[str]
    The ID of a previously created email list.
    emails Sequence[str]
    The email of the user.
    everyone bool
    Matches everyone.
    external_evaluation AccessGroupExcludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos Sequence[str]
    Matches a specific country.
    githubs Sequence[AccessGroupExcludeGithub]
    Matches a Github organization. Requires a Github identity provider.
    groups Sequence[str]
    The ID of a previously created Access group.
    gsuites Sequence[AccessGroupExcludeGsuite]
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ip_lists Sequence[str]
    The ID of a previously created IP list.
    ips Sequence[str]
    An IPv4 or IPv6 CIDR block.
    login_methods Sequence[str]
    The ID of a configured identity provider.
    oktas Sequence[AccessGroupExcludeOkta]
    Matches an Okta group. Requires an Okta identity provider.
    samls Sequence[AccessGroupExcludeSaml]
    Matches a SAML group. Requires a SAML identity provider.
    service_tokens Sequence[str]
    The ID of an Access service token.
    anyValidServiceToken Boolean
    Matches any valid Access service token.
    authContexts List<Property Map>
    authMethod String
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures List<Property Map>
    Matches an Azure group. Requires an Azure identity provider.
    certificate Boolean
    Matches any valid client certificate.
    commonName String
    Matches a valid client certificate common name.
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    The ID of a device posture integration.
    emailDomains List<String>
    The email domain to match.
    emailLists List<String>
    The ID of a previously created email list.
    emails List<String>
    The email of the user.
    everyone Boolean
    Matches everyone.
    externalEvaluation Property Map
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos List<String>
    Matches a specific country.
    githubs List<Property Map>
    Matches a Github organization. Requires a Github identity provider.
    groups List<String>
    The ID of a previously created Access group.
    gsuites List<Property Map>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists List<String>
    The ID of a previously created IP list.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    The ID of a configured identity provider.
    oktas List<Property Map>
    Matches an Okta group. Requires an Okta identity provider.
    samls List<Property Map>
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens List<String>
    The ID of an Access service token.

    AccessGroupExcludeAuthContext, AccessGroupExcludeAuthContextArgs

    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure identity provider.
    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure identity provider.
    acId string
    The ACID of the Authentication Context.
    id string
    The ID of the Authentication Context.
    identityProviderId string
    The ID of the Azure identity provider.
    ac_id str
    The ACID of the Authentication Context.
    id str
    The ID of the Authentication Context.
    identity_provider_id str
    The ID of the Azure identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure identity provider.

    AccessGroupExcludeAzure, AccessGroupExcludeAzureArgs

    IdentityProviderId string
    The ID of the Azure identity provider.
    Ids List<string>
    The ID of the Azure group or user.
    IdentityProviderId string
    The ID of the Azure identity provider.
    Ids []string
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure identity provider.
    ids List<String>
    The ID of the Azure group or user.
    identityProviderId string
    The ID of the Azure identity provider.
    ids string[]
    The ID of the Azure group or user.
    identity_provider_id str
    The ID of the Azure identity provider.
    ids Sequence[str]
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure identity provider.
    ids List<String>
    The ID of the Azure group or user.

    AccessGroupExcludeExternalEvaluation, AccessGroupExcludeExternalEvaluationArgs

    EvaluateUrl string
    The API endpoint containing your business logic.
    KeysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    EvaluateUrl string
    The API endpoint containing your business logic.
    KeysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl String
    The API endpoint containing your business logic.
    keysUrl String
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl string
    The API endpoint containing your business logic.
    keysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluate_url str
    The API endpoint containing your business logic.
    keys_url str
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl String
    The API endpoint containing your business logic.
    keysUrl String
    The API endpoint containing the key that Access uses to verify that the response came from your API.

    AccessGroupExcludeGithub, AccessGroupExcludeGithubArgs

    IdentityProviderId string
    The ID of your Github identity provider.
    Name string
    The name of the organization.
    Teams List<string>
    The teams that should be matched.
    IdentityProviderId string
    The ID of your Github identity provider.
    Name string
    The name of the organization.
    Teams []string
    The teams that should be matched.
    identityProviderId String
    The ID of your Github identity provider.
    name String
    The name of the organization.
    teams List<String>
    The teams that should be matched.
    identityProviderId string
    The ID of your Github identity provider.
    name string
    The name of the organization.
    teams string[]
    The teams that should be matched.
    identity_provider_id str
    The ID of your Github identity provider.
    name str
    The name of the organization.
    teams Sequence[str]
    The teams that should be matched.
    identityProviderId String
    The ID of your Github identity provider.
    name String
    The name of the organization.
    teams List<String>
    The teams that should be matched.

    AccessGroupExcludeGsuite, AccessGroupExcludeGsuiteArgs

    Emails List<string>
    The email of the Google Workspace group.
    IdentityProviderId string
    The ID of your Google Workspace identity provider.
    Emails []string
    The email of the Google Workspace group.
    IdentityProviderId string
    The ID of your Google Workspace identity provider.
    emails List<String>
    The email of the Google Workspace group.
    identityProviderId String
    The ID of your Google Workspace identity provider.
    emails string[]
    The email of the Google Workspace group.
    identityProviderId string
    The ID of your Google Workspace identity provider.
    emails Sequence[str]
    The email of the Google Workspace group.
    identity_provider_id str
    The ID of your Google Workspace identity provider.
    emails List<String>
    The email of the Google Workspace group.
    identityProviderId String
    The ID of your Google Workspace identity provider.

    AccessGroupExcludeOkta, AccessGroupExcludeOktaArgs

    IdentityProviderId string
    The ID of your Okta identity provider.
    Names List<string>
    The name of the Okta Group.
    IdentityProviderId string
    The ID of your Okta identity provider.
    Names []string
    The name of the Okta Group.
    identityProviderId String
    The ID of your Okta identity provider.
    names List<String>
    The name of the Okta Group.
    identityProviderId string
    The ID of your Okta identity provider.
    names string[]
    The name of the Okta Group.
    identity_provider_id str
    The ID of your Okta identity provider.
    names Sequence[str]
    The name of the Okta Group.
    identityProviderId String
    The ID of your Okta identity provider.
    names List<String>
    The name of the Okta Group.

    AccessGroupExcludeSaml, AccessGroupExcludeSamlArgs

    AttributeName string
    The name of the SAML attribute.
    AttributeValue string
    The SAML attribute value to look for.
    IdentityProviderId string
    The ID of your SAML identity provider.
    AttributeName string
    The name of the SAML attribute.
    AttributeValue string
    The SAML attribute value to look for.
    IdentityProviderId string
    The ID of your SAML identity provider.
    attributeName String
    The name of the SAML attribute.
    attributeValue String
    The SAML attribute value to look for.
    identityProviderId String
    The ID of your SAML identity provider.
    attributeName string
    The name of the SAML attribute.
    attributeValue string
    The SAML attribute value to look for.
    identityProviderId string
    The ID of your SAML identity provider.
    attribute_name str
    The name of the SAML attribute.
    attribute_value str
    The SAML attribute value to look for.
    identity_provider_id str
    The ID of your SAML identity provider.
    attributeName String
    The name of the SAML attribute.
    attributeValue String
    The SAML attribute value to look for.
    identityProviderId String
    The ID of your SAML identity provider.

    AccessGroupInclude, AccessGroupIncludeArgs

    AnyValidServiceToken bool
    Matches any valid Access service token.
    AuthContexts List<AccessGroupIncludeAuthContext>
    AuthMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    Azures List<AccessGroupIncludeAzure>
    Matches an Azure group. Requires an Azure identity provider.
    Certificate bool
    Matches any valid client certificate.
    CommonName string
    Matches a valid client certificate common name.
    CommonNames List<string>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures List<string>
    The ID of a device posture integration.
    EmailDomains List<string>
    The email domain to match.
    EmailLists List<string>
    The ID of a previously created email list.
    Emails List<string>
    The email of the user.
    Everyone bool
    Matches everyone.
    ExternalEvaluation AccessGroupIncludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    Geos List<string>
    Matches a specific country.
    Githubs List<AccessGroupIncludeGithub>
    Matches a Github organization. Requires a Github identity provider.
    Groups List<string>
    The ID of a previously created Access group.
    Gsuites List<AccessGroupIncludeGsuite>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    IpLists List<string>
    The ID of a previously created IP list.
    Ips List<string>
    An IPv4 or IPv6 CIDR block.
    LoginMethods List<string>
    The ID of a configured identity provider.
    Oktas List<AccessGroupIncludeOkta>
    Matches an Okta group. Requires an Okta identity provider.
    Samls List<AccessGroupIncludeSaml>
    Matches a SAML group. Requires a SAML identity provider.
    ServiceTokens List<string>
    The ID of an Access service token.
    AnyValidServiceToken bool
    Matches any valid Access service token.
    AuthContexts []AccessGroupIncludeAuthContext
    AuthMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    Azures []AccessGroupIncludeAzure
    Matches an Azure group. Requires an Azure identity provider.
    Certificate bool
    Matches any valid client certificate.
    CommonName string
    Matches a valid client certificate common name.
    CommonNames []string
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures []string
    The ID of a device posture integration.
    EmailDomains []string
    The email domain to match.
    EmailLists []string
    The ID of a previously created email list.
    Emails []string
    The email of the user.
    Everyone bool
    Matches everyone.
    ExternalEvaluation AccessGroupIncludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    Geos []string
    Matches a specific country.
    Githubs []AccessGroupIncludeGithub
    Matches a Github organization. Requires a Github identity provider.
    Groups []string
    The ID of a previously created Access group.
    Gsuites []AccessGroupIncludeGsuite
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    IpLists []string
    The ID of a previously created IP list.
    Ips []string
    An IPv4 or IPv6 CIDR block.
    LoginMethods []string
    The ID of a configured identity provider.
    Oktas []AccessGroupIncludeOkta
    Matches an Okta group. Requires an Okta identity provider.
    Samls []AccessGroupIncludeSaml
    Matches a SAML group. Requires a SAML identity provider.
    ServiceTokens []string
    The ID of an Access service token.
    anyValidServiceToken Boolean
    Matches any valid Access service token.
    authContexts List<AccessGroupIncludeAuthContext>
    authMethod String
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures List<AccessGroupIncludeAzure>
    Matches an Azure group. Requires an Azure identity provider.
    certificate Boolean
    Matches any valid client certificate.
    commonName String
    Matches a valid client certificate common name.
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    The ID of a device posture integration.
    emailDomains List<String>
    The email domain to match.
    emailLists List<String>
    The ID of a previously created email list.
    emails List<String>
    The email of the user.
    everyone Boolean
    Matches everyone.
    externalEvaluation AccessGroupIncludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos List<String>
    Matches a specific country.
    githubs List<AccessGroupIncludeGithub>
    Matches a Github organization. Requires a Github identity provider.
    groups List<String>
    The ID of a previously created Access group.
    gsuites List<AccessGroupIncludeGsuite>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists List<String>
    The ID of a previously created IP list.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    The ID of a configured identity provider.
    oktas List<AccessGroupIncludeOkta>
    Matches an Okta group. Requires an Okta identity provider.
    samls List<AccessGroupIncludeSaml>
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens List<String>
    The ID of an Access service token.
    anyValidServiceToken boolean
    Matches any valid Access service token.
    authContexts AccessGroupIncludeAuthContext[]
    authMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures AccessGroupIncludeAzure[]
    Matches an Azure group. Requires an Azure identity provider.
    certificate boolean
    Matches any valid client certificate.
    commonName string
    Matches a valid client certificate common name.
    commonNames string[]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures string[]
    The ID of a device posture integration.
    emailDomains string[]
    The email domain to match.
    emailLists string[]
    The ID of a previously created email list.
    emails string[]
    The email of the user.
    everyone boolean
    Matches everyone.
    externalEvaluation AccessGroupIncludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos string[]
    Matches a specific country.
    githubs AccessGroupIncludeGithub[]
    Matches a Github organization. Requires a Github identity provider.
    groups string[]
    The ID of a previously created Access group.
    gsuites AccessGroupIncludeGsuite[]
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists string[]
    The ID of a previously created IP list.
    ips string[]
    An IPv4 or IPv6 CIDR block.
    loginMethods string[]
    The ID of a configured identity provider.
    oktas AccessGroupIncludeOkta[]
    Matches an Okta group. Requires an Okta identity provider.
    samls AccessGroupIncludeSaml[]
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens string[]
    The ID of an Access service token.
    any_valid_service_token bool
    Matches any valid Access service token.
    auth_contexts Sequence[AccessGroupIncludeAuthContext]
    auth_method str
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures Sequence[AccessGroupIncludeAzure]
    Matches an Azure group. Requires an Azure identity provider.
    certificate bool
    Matches any valid client certificate.
    common_name str
    Matches a valid client certificate common name.
    common_names Sequence[str]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    device_postures Sequence[str]
    The ID of a device posture integration.
    email_domains Sequence[str]
    The email domain to match.
    email_lists Sequence[str]
    The ID of a previously created email list.
    emails Sequence[str]
    The email of the user.
    everyone bool
    Matches everyone.
    external_evaluation AccessGroupIncludeExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos Sequence[str]
    Matches a specific country.
    githubs Sequence[AccessGroupIncludeGithub]
    Matches a Github organization. Requires a Github identity provider.
    groups Sequence[str]
    The ID of a previously created Access group.
    gsuites Sequence[AccessGroupIncludeGsuite]
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ip_lists Sequence[str]
    The ID of a previously created IP list.
    ips Sequence[str]
    An IPv4 or IPv6 CIDR block.
    login_methods Sequence[str]
    The ID of a configured identity provider.
    oktas Sequence[AccessGroupIncludeOkta]
    Matches an Okta group. Requires an Okta identity provider.
    samls Sequence[AccessGroupIncludeSaml]
    Matches a SAML group. Requires a SAML identity provider.
    service_tokens Sequence[str]
    The ID of an Access service token.
    anyValidServiceToken Boolean
    Matches any valid Access service token.
    authContexts List<Property Map>
    authMethod String
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures List<Property Map>
    Matches an Azure group. Requires an Azure identity provider.
    certificate Boolean
    Matches any valid client certificate.
    commonName String
    Matches a valid client certificate common name.
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    The ID of a device posture integration.
    emailDomains List<String>
    The email domain to match.
    emailLists List<String>
    The ID of a previously created email list.
    emails List<String>
    The email of the user.
    everyone Boolean
    Matches everyone.
    externalEvaluation Property Map
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos List<String>
    Matches a specific country.
    githubs List<Property Map>
    Matches a Github organization. Requires a Github identity provider.
    groups List<String>
    The ID of a previously created Access group.
    gsuites List<Property Map>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists List<String>
    The ID of a previously created IP list.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    The ID of a configured identity provider.
    oktas List<Property Map>
    Matches an Okta group. Requires an Okta identity provider.
    samls List<Property Map>
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens List<String>
    The ID of an Access service token.

    AccessGroupIncludeAuthContext, AccessGroupIncludeAuthContextArgs

    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure identity provider.
    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure identity provider.
    acId string
    The ACID of the Authentication Context.
    id string
    The ID of the Authentication Context.
    identityProviderId string
    The ID of the Azure identity provider.
    ac_id str
    The ACID of the Authentication Context.
    id str
    The ID of the Authentication Context.
    identity_provider_id str
    The ID of the Azure identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure identity provider.

    AccessGroupIncludeAzure, AccessGroupIncludeAzureArgs

    IdentityProviderId string
    The ID of the Azure identity provider.
    Ids List<string>
    The ID of the Azure group or user.
    IdentityProviderId string
    The ID of the Azure identity provider.
    Ids []string
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure identity provider.
    ids List<String>
    The ID of the Azure group or user.
    identityProviderId string
    The ID of the Azure identity provider.
    ids string[]
    The ID of the Azure group or user.
    identity_provider_id str
    The ID of the Azure identity provider.
    ids Sequence[str]
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure identity provider.
    ids List<String>
    The ID of the Azure group or user.

    AccessGroupIncludeExternalEvaluation, AccessGroupIncludeExternalEvaluationArgs

    EvaluateUrl string
    The API endpoint containing your business logic.
    KeysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    EvaluateUrl string
    The API endpoint containing your business logic.
    KeysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl String
    The API endpoint containing your business logic.
    keysUrl String
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl string
    The API endpoint containing your business logic.
    keysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluate_url str
    The API endpoint containing your business logic.
    keys_url str
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl String
    The API endpoint containing your business logic.
    keysUrl String
    The API endpoint containing the key that Access uses to verify that the response came from your API.

    AccessGroupIncludeGithub, AccessGroupIncludeGithubArgs

    IdentityProviderId string
    The ID of your Github identity provider.
    Name string
    The name of the organization.
    Teams List<string>
    The teams that should be matched.
    IdentityProviderId string
    The ID of your Github identity provider.
    Name string
    The name of the organization.
    Teams []string
    The teams that should be matched.
    identityProviderId String
    The ID of your Github identity provider.
    name String
    The name of the organization.
    teams List<String>
    The teams that should be matched.
    identityProviderId string
    The ID of your Github identity provider.
    name string
    The name of the organization.
    teams string[]
    The teams that should be matched.
    identity_provider_id str
    The ID of your Github identity provider.
    name str
    The name of the organization.
    teams Sequence[str]
    The teams that should be matched.
    identityProviderId String
    The ID of your Github identity provider.
    name String
    The name of the organization.
    teams List<String>
    The teams that should be matched.

    AccessGroupIncludeGsuite, AccessGroupIncludeGsuiteArgs

    Emails List<string>
    The email of the Google Workspace group.
    IdentityProviderId string
    The ID of your Google Workspace identity provider.
    Emails []string
    The email of the Google Workspace group.
    IdentityProviderId string
    The ID of your Google Workspace identity provider.
    emails List<String>
    The email of the Google Workspace group.
    identityProviderId String
    The ID of your Google Workspace identity provider.
    emails string[]
    The email of the Google Workspace group.
    identityProviderId string
    The ID of your Google Workspace identity provider.
    emails Sequence[str]
    The email of the Google Workspace group.
    identity_provider_id str
    The ID of your Google Workspace identity provider.
    emails List<String>
    The email of the Google Workspace group.
    identityProviderId String
    The ID of your Google Workspace identity provider.

    AccessGroupIncludeOkta, AccessGroupIncludeOktaArgs

    IdentityProviderId string
    The ID of your Okta identity provider.
    Names List<string>
    The name of the Okta Group.
    IdentityProviderId string
    The ID of your Okta identity provider.
    Names []string
    The name of the Okta Group.
    identityProviderId String
    The ID of your Okta identity provider.
    names List<String>
    The name of the Okta Group.
    identityProviderId string
    The ID of your Okta identity provider.
    names string[]
    The name of the Okta Group.
    identity_provider_id str
    The ID of your Okta identity provider.
    names Sequence[str]
    The name of the Okta Group.
    identityProviderId String
    The ID of your Okta identity provider.
    names List<String>
    The name of the Okta Group.

    AccessGroupIncludeSaml, AccessGroupIncludeSamlArgs

    AttributeName string
    The name of the SAML attribute.
    AttributeValue string
    The SAML attribute value to look for.
    IdentityProviderId string
    The ID of your SAML identity provider.
    AttributeName string
    The name of the SAML attribute.
    AttributeValue string
    The SAML attribute value to look for.
    IdentityProviderId string
    The ID of your SAML identity provider.
    attributeName String
    The name of the SAML attribute.
    attributeValue String
    The SAML attribute value to look for.
    identityProviderId String
    The ID of your SAML identity provider.
    attributeName string
    The name of the SAML attribute.
    attributeValue string
    The SAML attribute value to look for.
    identityProviderId string
    The ID of your SAML identity provider.
    attribute_name str
    The name of the SAML attribute.
    attribute_value str
    The SAML attribute value to look for.
    identity_provider_id str
    The ID of your SAML identity provider.
    attributeName String
    The name of the SAML attribute.
    attributeValue String
    The SAML attribute value to look for.
    identityProviderId String
    The ID of your SAML identity provider.

    AccessGroupRequire, AccessGroupRequireArgs

    AnyValidServiceToken bool
    Matches any valid Access service token.
    AuthContexts List<AccessGroupRequireAuthContext>
    AuthMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    Azures List<AccessGroupRequireAzure>
    Matches an Azure group. Requires an Azure identity provider.
    Certificate bool
    Matches any valid client certificate.
    CommonName string
    Matches a valid client certificate common name.
    CommonNames List<string>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures List<string>
    The ID of a device posture integration.
    EmailDomains List<string>
    The email domain to match.
    EmailLists List<string>
    The ID of a previously created email list.
    Emails List<string>
    The email of the user.
    Everyone bool
    Matches everyone.
    ExternalEvaluation AccessGroupRequireExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    Geos List<string>
    Matches a specific country.
    Githubs List<AccessGroupRequireGithub>
    Matches a Github organization. Requires a Github identity provider.
    Groups List<string>
    The ID of a previously created Access group.
    Gsuites List<AccessGroupRequireGsuite>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    IpLists List<string>
    The ID of a previously created IP list.
    Ips List<string>
    An IPv4 or IPv6 CIDR block.
    LoginMethods List<string>
    The ID of a configured identity provider.
    Oktas List<AccessGroupRequireOkta>
    Matches an Okta group. Requires an Okta identity provider.
    Samls List<AccessGroupRequireSaml>
    Matches a SAML group. Requires a SAML identity provider.
    ServiceTokens List<string>
    The ID of an Access service token.
    AnyValidServiceToken bool
    Matches any valid Access service token.
    AuthContexts []AccessGroupRequireAuthContext
    AuthMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    Azures []AccessGroupRequireAzure
    Matches an Azure group. Requires an Azure identity provider.
    Certificate bool
    Matches any valid client certificate.
    CommonName string
    Matches a valid client certificate common name.
    CommonNames []string
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures []string
    The ID of a device posture integration.
    EmailDomains []string
    The email domain to match.
    EmailLists []string
    The ID of a previously created email list.
    Emails []string
    The email of the user.
    Everyone bool
    Matches everyone.
    ExternalEvaluation AccessGroupRequireExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    Geos []string
    Matches a specific country.
    Githubs []AccessGroupRequireGithub
    Matches a Github organization. Requires a Github identity provider.
    Groups []string
    The ID of a previously created Access group.
    Gsuites []AccessGroupRequireGsuite
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    IpLists []string
    The ID of a previously created IP list.
    Ips []string
    An IPv4 or IPv6 CIDR block.
    LoginMethods []string
    The ID of a configured identity provider.
    Oktas []AccessGroupRequireOkta
    Matches an Okta group. Requires an Okta identity provider.
    Samls []AccessGroupRequireSaml
    Matches a SAML group. Requires a SAML identity provider.
    ServiceTokens []string
    The ID of an Access service token.
    anyValidServiceToken Boolean
    Matches any valid Access service token.
    authContexts List<AccessGroupRequireAuthContext>
    authMethod String
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures List<AccessGroupRequireAzure>
    Matches an Azure group. Requires an Azure identity provider.
    certificate Boolean
    Matches any valid client certificate.
    commonName String
    Matches a valid client certificate common name.
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    The ID of a device posture integration.
    emailDomains List<String>
    The email domain to match.
    emailLists List<String>
    The ID of a previously created email list.
    emails List<String>
    The email of the user.
    everyone Boolean
    Matches everyone.
    externalEvaluation AccessGroupRequireExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos List<String>
    Matches a specific country.
    githubs List<AccessGroupRequireGithub>
    Matches a Github organization. Requires a Github identity provider.
    groups List<String>
    The ID of a previously created Access group.
    gsuites List<AccessGroupRequireGsuite>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists List<String>
    The ID of a previously created IP list.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    The ID of a configured identity provider.
    oktas List<AccessGroupRequireOkta>
    Matches an Okta group. Requires an Okta identity provider.
    samls List<AccessGroupRequireSaml>
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens List<String>
    The ID of an Access service token.
    anyValidServiceToken boolean
    Matches any valid Access service token.
    authContexts AccessGroupRequireAuthContext[]
    authMethod string
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures AccessGroupRequireAzure[]
    Matches an Azure group. Requires an Azure identity provider.
    certificate boolean
    Matches any valid client certificate.
    commonName string
    Matches a valid client certificate common name.
    commonNames string[]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures string[]
    The ID of a device posture integration.
    emailDomains string[]
    The email domain to match.
    emailLists string[]
    The ID of a previously created email list.
    emails string[]
    The email of the user.
    everyone boolean
    Matches everyone.
    externalEvaluation AccessGroupRequireExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos string[]
    Matches a specific country.
    githubs AccessGroupRequireGithub[]
    Matches a Github organization. Requires a Github identity provider.
    groups string[]
    The ID of a previously created Access group.
    gsuites AccessGroupRequireGsuite[]
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists string[]
    The ID of a previously created IP list.
    ips string[]
    An IPv4 or IPv6 CIDR block.
    loginMethods string[]
    The ID of a configured identity provider.
    oktas AccessGroupRequireOkta[]
    Matches an Okta group. Requires an Okta identity provider.
    samls AccessGroupRequireSaml[]
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens string[]
    The ID of an Access service token.
    any_valid_service_token bool
    Matches any valid Access service token.
    auth_contexts Sequence[AccessGroupRequireAuthContext]
    auth_method str
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures Sequence[AccessGroupRequireAzure]
    Matches an Azure group. Requires an Azure identity provider.
    certificate bool
    Matches any valid client certificate.
    common_name str
    Matches a valid client certificate common name.
    common_names Sequence[str]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    device_postures Sequence[str]
    The ID of a device posture integration.
    email_domains Sequence[str]
    The email domain to match.
    email_lists Sequence[str]
    The ID of a previously created email list.
    emails Sequence[str]
    The email of the user.
    everyone bool
    Matches everyone.
    external_evaluation AccessGroupRequireExternalEvaluation
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos Sequence[str]
    Matches a specific country.
    githubs Sequence[AccessGroupRequireGithub]
    Matches a Github organization. Requires a Github identity provider.
    groups Sequence[str]
    The ID of a previously created Access group.
    gsuites Sequence[AccessGroupRequireGsuite]
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ip_lists Sequence[str]
    The ID of a previously created IP list.
    ips Sequence[str]
    An IPv4 or IPv6 CIDR block.
    login_methods Sequence[str]
    The ID of a configured identity provider.
    oktas Sequence[AccessGroupRequireOkta]
    Matches an Okta group. Requires an Okta identity provider.
    samls Sequence[AccessGroupRequireSaml]
    Matches a SAML group. Requires a SAML identity provider.
    service_tokens Sequence[str]
    The ID of an Access service token.
    anyValidServiceToken Boolean
    Matches any valid Access service token.
    authContexts List<Property Map>
    authMethod String
    The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
    azures List<Property Map>
    Matches an Azure group. Requires an Azure identity provider.
    certificate Boolean
    Matches any valid client certificate.
    commonName String
    Matches a valid client certificate common name.
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    The ID of a device posture integration.
    emailDomains List<String>
    The email domain to match.
    emailLists List<String>
    The ID of a previously created email list.
    emails List<String>
    The email of the user.
    everyone Boolean
    Matches everyone.
    externalEvaluation Property Map
    Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
    geos List<String>
    Matches a specific country.
    githubs List<Property Map>
    Matches a Github organization. Requires a Github identity provider.
    groups List<String>
    The ID of a previously created Access group.
    gsuites List<Property Map>
    Matches a group in Google Workspace. Requires a Google Workspace identity provider.
    ipLists List<String>
    The ID of a previously created IP list.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    The ID of a configured identity provider.
    oktas List<Property Map>
    Matches an Okta group. Requires an Okta identity provider.
    samls List<Property Map>
    Matches a SAML group. Requires a SAML identity provider.
    serviceTokens List<String>
    The ID of an Access service token.

    AccessGroupRequireAuthContext, AccessGroupRequireAuthContextArgs

    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure identity provider.
    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure identity provider.
    acId string
    The ACID of the Authentication Context.
    id string
    The ID of the Authentication Context.
    identityProviderId string
    The ID of the Azure identity provider.
    ac_id str
    The ACID of the Authentication Context.
    id str
    The ID of the Authentication Context.
    identity_provider_id str
    The ID of the Azure identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure identity provider.

    AccessGroupRequireAzure, AccessGroupRequireAzureArgs

    IdentityProviderId string
    The ID of the Azure identity provider.
    Ids List<string>
    The ID of the Azure group or user.
    IdentityProviderId string
    The ID of the Azure identity provider.
    Ids []string
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure identity provider.
    ids List<String>
    The ID of the Azure group or user.
    identityProviderId string
    The ID of the Azure identity provider.
    ids string[]
    The ID of the Azure group or user.
    identity_provider_id str
    The ID of the Azure identity provider.
    ids Sequence[str]
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure identity provider.
    ids List<String>
    The ID of the Azure group or user.

    AccessGroupRequireExternalEvaluation, AccessGroupRequireExternalEvaluationArgs

    EvaluateUrl string
    The API endpoint containing your business logic.
    KeysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    EvaluateUrl string
    The API endpoint containing your business logic.
    KeysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl String
    The API endpoint containing your business logic.
    keysUrl String
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl string
    The API endpoint containing your business logic.
    keysUrl string
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluate_url str
    The API endpoint containing your business logic.
    keys_url str
    The API endpoint containing the key that Access uses to verify that the response came from your API.
    evaluateUrl String
    The API endpoint containing your business logic.
    keysUrl String
    The API endpoint containing the key that Access uses to verify that the response came from your API.

    AccessGroupRequireGithub, AccessGroupRequireGithubArgs

    IdentityProviderId string
    The ID of your Github identity provider.
    Name string
    The name of the organization.
    Teams List<string>
    The teams that should be matched.
    IdentityProviderId string
    The ID of your Github identity provider.
    Name string
    The name of the organization.
    Teams []string
    The teams that should be matched.
    identityProviderId String
    The ID of your Github identity provider.
    name String
    The name of the organization.
    teams List<String>
    The teams that should be matched.
    identityProviderId string
    The ID of your Github identity provider.
    name string
    The name of the organization.
    teams string[]
    The teams that should be matched.
    identity_provider_id str
    The ID of your Github identity provider.
    name str
    The name of the organization.
    teams Sequence[str]
    The teams that should be matched.
    identityProviderId String
    The ID of your Github identity provider.
    name String
    The name of the organization.
    teams List<String>
    The teams that should be matched.

    AccessGroupRequireGsuite, AccessGroupRequireGsuiteArgs

    Emails List<string>
    The email of the Google Workspace group.
    IdentityProviderId string
    The ID of your Google Workspace identity provider.
    Emails []string
    The email of the Google Workspace group.
    IdentityProviderId string
    The ID of your Google Workspace identity provider.
    emails List<String>
    The email of the Google Workspace group.
    identityProviderId String
    The ID of your Google Workspace identity provider.
    emails string[]
    The email of the Google Workspace group.
    identityProviderId string
    The ID of your Google Workspace identity provider.
    emails Sequence[str]
    The email of the Google Workspace group.
    identity_provider_id str
    The ID of your Google Workspace identity provider.
    emails List<String>
    The email of the Google Workspace group.
    identityProviderId String
    The ID of your Google Workspace identity provider.

    AccessGroupRequireOkta, AccessGroupRequireOktaArgs

    IdentityProviderId string
    The ID of your Okta identity provider.
    Names List<string>
    The name of the Okta Group.
    IdentityProviderId string
    The ID of your Okta identity provider.
    Names []string
    The name of the Okta Group.
    identityProviderId String
    The ID of your Okta identity provider.
    names List<String>
    The name of the Okta Group.
    identityProviderId string
    The ID of your Okta identity provider.
    names string[]
    The name of the Okta Group.
    identity_provider_id str
    The ID of your Okta identity provider.
    names Sequence[str]
    The name of the Okta Group.
    identityProviderId String
    The ID of your Okta identity provider.
    names List<String>
    The name of the Okta Group.

    AccessGroupRequireSaml, AccessGroupRequireSamlArgs

    AttributeName string
    The name of the SAML attribute.
    AttributeValue string
    The SAML attribute value to look for.
    IdentityProviderId string
    The ID of your SAML identity provider.
    AttributeName string
    The name of the SAML attribute.
    AttributeValue string
    The SAML attribute value to look for.
    IdentityProviderId string
    The ID of your SAML identity provider.
    attributeName String
    The name of the SAML attribute.
    attributeValue String
    The SAML attribute value to look for.
    identityProviderId String
    The ID of your SAML identity provider.
    attributeName string
    The name of the SAML attribute.
    attributeValue string
    The SAML attribute value to look for.
    identityProviderId string
    The ID of your SAML identity provider.
    attribute_name str
    The name of the SAML attribute.
    attribute_value str
    The SAML attribute value to look for.
    identity_provider_id str
    The ID of your SAML identity provider.
    attributeName String
    The name of the SAML attribute.
    attributeValue String
    The SAML attribute value to look for.
    identityProviderId String
    The ID of your SAML identity provider.

    Import

    $ pulumi import cloudflare:index/accessGroup:AccessGroup example <account_id>/<group_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the cloudflare Terraform Provider.
    cloudflare logo
    Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi