cloudflare.ZeroTrustAccessPolicy
Explore with Pulumi AI
Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.
It’s required that an
account_id
orzone_id
is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use thezone_id
argument. If ‘application_id’ is omitted, the policy created can be reused by multiple access applications. Any cloudflare.AccessApplication resource can reference reusable policies through itspolicies
argument. To destroy a reusable policy and remove it from all applications’ policies lists on the same apply, preemptively set the lifecycle optioncreate_before_destroy
to true on the ‘cloudflare_access_policy’ resource.
Create ZeroTrustAccessPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZeroTrustAccessPolicy(name: string, args: ZeroTrustAccessPolicyArgs, opts?: CustomResourceOptions);
@overload
def ZeroTrustAccessPolicy(resource_name: str,
args: ZeroTrustAccessPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ZeroTrustAccessPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
decision: Optional[str] = None,
name: Optional[str] = None,
includes: Optional[Sequence[ZeroTrustAccessPolicyIncludeArgs]] = None,
isolation_required: Optional[bool] = None,
connection_rules: Optional[ZeroTrustAccessPolicyConnectionRulesArgs] = None,
approval_required: Optional[bool] = None,
excludes: Optional[Sequence[ZeroTrustAccessPolicyExcludeArgs]] = None,
approval_groups: Optional[Sequence[ZeroTrustAccessPolicyApprovalGroupArgs]] = None,
account_id: Optional[str] = None,
application_id: Optional[str] = None,
precedence: Optional[int] = None,
purpose_justification_prompt: Optional[str] = None,
purpose_justification_required: Optional[bool] = None,
requires: Optional[Sequence[ZeroTrustAccessPolicyRequireArgs]] = None,
session_duration: Optional[str] = None,
zone_id: Optional[str] = None)
func NewZeroTrustAccessPolicy(ctx *Context, name string, args ZeroTrustAccessPolicyArgs, opts ...ResourceOption) (*ZeroTrustAccessPolicy, error)
public ZeroTrustAccessPolicy(string name, ZeroTrustAccessPolicyArgs args, CustomResourceOptions? opts = null)
public ZeroTrustAccessPolicy(String name, ZeroTrustAccessPolicyArgs args)
public ZeroTrustAccessPolicy(String name, ZeroTrustAccessPolicyArgs args, CustomResourceOptions options)
type: cloudflare:ZeroTrustAccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zeroTrustAccessPolicyResource = new Cloudflare.ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource", new()
{
Decision = "string",
Name = "string",
Includes = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeArgs
{
AnyValidServiceToken = false,
AuthContexts = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
},
AuthMethod = "string",
Azures = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeAzureArgs
{
IdentityProviderId = "string",
Ids = new[]
{
"string",
},
},
},
Certificate = false,
CommonName = "string",
CommonNames = new[]
{
"string",
},
DevicePostures = new[]
{
"string",
},
EmailDomains = new[]
{
"string",
},
EmailLists = new[]
{
"string",
},
Emails = new[]
{
"string",
},
Everyone = false,
ExternalEvaluations = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
},
Geos = new[]
{
"string",
},
Githubs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeGithubArgs
{
IdentityProviderId = "string",
Name = "string",
Teams = new[]
{
"string",
},
},
},
Groups = new[]
{
"string",
},
Gsuites = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeGsuiteArgs
{
Emails = new[]
{
"string",
},
IdentityProviderId = "string",
},
},
IpLists = new[]
{
"string",
},
Ips = new[]
{
"string",
},
LoginMethods = new[]
{
"string",
},
Oktas = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeOktaArgs
{
IdentityProviderId = "string",
Names = new[]
{
"string",
},
},
},
Samls = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
},
ServiceTokens = new[]
{
"string",
},
},
},
IsolationRequired = false,
ConnectionRules = new Cloudflare.Inputs.ZeroTrustAccessPolicyConnectionRulesArgs
{
Ssh = new Cloudflare.Inputs.ZeroTrustAccessPolicyConnectionRulesSshArgs
{
Usernames = new[]
{
"string",
},
},
},
ApprovalRequired = false,
Excludes = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeArgs
{
AnyValidServiceToken = false,
AuthContexts = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
},
AuthMethod = "string",
Azures = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeAzureArgs
{
IdentityProviderId = "string",
Ids = new[]
{
"string",
},
},
},
Certificate = false,
CommonName = "string",
CommonNames = new[]
{
"string",
},
DevicePostures = new[]
{
"string",
},
EmailDomains = new[]
{
"string",
},
EmailLists = new[]
{
"string",
},
Emails = new[]
{
"string",
},
Everyone = false,
ExternalEvaluations = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
},
Geos = new[]
{
"string",
},
Githubs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeGithubArgs
{
IdentityProviderId = "string",
Name = "string",
Teams = new[]
{
"string",
},
},
},
Groups = new[]
{
"string",
},
Gsuites = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeGsuiteArgs
{
Emails = new[]
{
"string",
},
IdentityProviderId = "string",
},
},
IpLists = new[]
{
"string",
},
Ips = new[]
{
"string",
},
LoginMethods = new[]
{
"string",
},
Oktas = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeOktaArgs
{
IdentityProviderId = "string",
Names = new[]
{
"string",
},
},
},
Samls = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
},
ServiceTokens = new[]
{
"string",
},
},
},
ApprovalGroups = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyApprovalGroupArgs
{
ApprovalsNeeded = 0,
EmailAddresses = new[]
{
"string",
},
EmailListUuid = "string",
},
},
AccountId = "string",
ApplicationId = "string",
Precedence = 0,
PurposeJustificationPrompt = "string",
PurposeJustificationRequired = false,
Requires = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireArgs
{
AnyValidServiceToken = false,
AuthContexts = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
},
AuthMethod = "string",
Azures = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireAzureArgs
{
IdentityProviderId = "string",
Ids = new[]
{
"string",
},
},
},
Certificate = false,
CommonName = "string",
CommonNames = new[]
{
"string",
},
DevicePostures = new[]
{
"string",
},
EmailDomains = new[]
{
"string",
},
EmailLists = new[]
{
"string",
},
Emails = new[]
{
"string",
},
Everyone = false,
ExternalEvaluations = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
},
Geos = new[]
{
"string",
},
Githubs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireGithubArgs
{
IdentityProviderId = "string",
Name = "string",
Teams = new[]
{
"string",
},
},
},
Groups = new[]
{
"string",
},
Gsuites = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireGsuiteArgs
{
Emails = new[]
{
"string",
},
IdentityProviderId = "string",
},
},
IpLists = new[]
{
"string",
},
Ips = new[]
{
"string",
},
LoginMethods = new[]
{
"string",
},
Oktas = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireOktaArgs
{
IdentityProviderId = "string",
Names = new[]
{
"string",
},
},
},
Samls = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
},
ServiceTokens = new[]
{
"string",
},
},
},
SessionDuration = "string",
ZoneId = "string",
});
example, err := cloudflare.NewZeroTrustAccessPolicy(ctx, "zeroTrustAccessPolicyResource", &cloudflare.ZeroTrustAccessPolicyArgs{
Decision: pulumi.String("string"),
Name: pulumi.String("string"),
Includes: cloudflare.ZeroTrustAccessPolicyIncludeArray{
&cloudflare.ZeroTrustAccessPolicyIncludeArgs{
AnyValidServiceToken: pulumi.Bool(false),
AuthContexts: cloudflare.ZeroTrustAccessPolicyIncludeAuthContextArray{
&cloudflare.ZeroTrustAccessPolicyIncludeAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
},
AuthMethod: pulumi.String("string"),
Azures: cloudflare.ZeroTrustAccessPolicyIncludeAzureArray{
&cloudflare.ZeroTrustAccessPolicyIncludeAzureArgs{
IdentityProviderId: pulumi.String("string"),
Ids: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Certificate: pulumi.Bool(false),
CommonName: pulumi.String("string"),
CommonNames: pulumi.StringArray{
pulumi.String("string"),
},
DevicePostures: pulumi.StringArray{
pulumi.String("string"),
},
EmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
EmailLists: pulumi.StringArray{
pulumi.String("string"),
},
Emails: pulumi.StringArray{
pulumi.String("string"),
},
Everyone: pulumi.Bool(false),
ExternalEvaluations: cloudflare.ZeroTrustAccessPolicyIncludeExternalEvaluationArray{
&cloudflare.ZeroTrustAccessPolicyIncludeExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
},
Geos: pulumi.StringArray{
pulumi.String("string"),
},
Githubs: cloudflare.ZeroTrustAccessPolicyIncludeGithubArray{
&cloudflare.ZeroTrustAccessPolicyIncludeGithubArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Teams: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Groups: pulumi.StringArray{
pulumi.String("string"),
},
Gsuites: cloudflare.ZeroTrustAccessPolicyIncludeGsuiteArray{
&cloudflare.ZeroTrustAccessPolicyIncludeGsuiteArgs{
Emails: pulumi.StringArray{
pulumi.String("string"),
},
IdentityProviderId: pulumi.String("string"),
},
},
IpLists: pulumi.StringArray{
pulumi.String("string"),
},
Ips: pulumi.StringArray{
pulumi.String("string"),
},
LoginMethods: pulumi.StringArray{
pulumi.String("string"),
},
Oktas: cloudflare.ZeroTrustAccessPolicyIncludeOktaArray{
&cloudflare.ZeroTrustAccessPolicyIncludeOktaArgs{
IdentityProviderId: pulumi.String("string"),
Names: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Samls: cloudflare.ZeroTrustAccessPolicyIncludeSamlArray{
&cloudflare.ZeroTrustAccessPolicyIncludeSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
},
ServiceTokens: pulumi.StringArray{
pulumi.String("string"),
},
},
},
IsolationRequired: pulumi.Bool(false),
ConnectionRules: &cloudflare.ZeroTrustAccessPolicyConnectionRulesArgs{
Ssh: &cloudflare.ZeroTrustAccessPolicyConnectionRulesSshArgs{
Usernames: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ApprovalRequired: pulumi.Bool(false),
Excludes: cloudflare.ZeroTrustAccessPolicyExcludeArray{
&cloudflare.ZeroTrustAccessPolicyExcludeArgs{
AnyValidServiceToken: pulumi.Bool(false),
AuthContexts: cloudflare.ZeroTrustAccessPolicyExcludeAuthContextArray{
&cloudflare.ZeroTrustAccessPolicyExcludeAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
},
AuthMethod: pulumi.String("string"),
Azures: cloudflare.ZeroTrustAccessPolicyExcludeAzureArray{
&cloudflare.ZeroTrustAccessPolicyExcludeAzureArgs{
IdentityProviderId: pulumi.String("string"),
Ids: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Certificate: pulumi.Bool(false),
CommonName: pulumi.String("string"),
CommonNames: pulumi.StringArray{
pulumi.String("string"),
},
DevicePostures: pulumi.StringArray{
pulumi.String("string"),
},
EmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
EmailLists: pulumi.StringArray{
pulumi.String("string"),
},
Emails: pulumi.StringArray{
pulumi.String("string"),
},
Everyone: pulumi.Bool(false),
ExternalEvaluations: cloudflare.ZeroTrustAccessPolicyExcludeExternalEvaluationArray{
&cloudflare.ZeroTrustAccessPolicyExcludeExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
},
Geos: pulumi.StringArray{
pulumi.String("string"),
},
Githubs: cloudflare.ZeroTrustAccessPolicyExcludeGithubArray{
&cloudflare.ZeroTrustAccessPolicyExcludeGithubArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Teams: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Groups: pulumi.StringArray{
pulumi.String("string"),
},
Gsuites: cloudflare.ZeroTrustAccessPolicyExcludeGsuiteArray{
&cloudflare.ZeroTrustAccessPolicyExcludeGsuiteArgs{
Emails: pulumi.StringArray{
pulumi.String("string"),
},
IdentityProviderId: pulumi.String("string"),
},
},
IpLists: pulumi.StringArray{
pulumi.String("string"),
},
Ips: pulumi.StringArray{
pulumi.String("string"),
},
LoginMethods: pulumi.StringArray{
pulumi.String("string"),
},
Oktas: cloudflare.ZeroTrustAccessPolicyExcludeOktaArray{
&cloudflare.ZeroTrustAccessPolicyExcludeOktaArgs{
IdentityProviderId: pulumi.String("string"),
Names: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Samls: cloudflare.ZeroTrustAccessPolicyExcludeSamlArray{
&cloudflare.ZeroTrustAccessPolicyExcludeSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
},
ServiceTokens: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ApprovalGroups: cloudflare.ZeroTrustAccessPolicyApprovalGroupArray{
&cloudflare.ZeroTrustAccessPolicyApprovalGroupArgs{
ApprovalsNeeded: pulumi.Int(0),
EmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
EmailListUuid: pulumi.String("string"),
},
},
AccountId: pulumi.String("string"),
ApplicationId: pulumi.String("string"),
Precedence: pulumi.Int(0),
PurposeJustificationPrompt: pulumi.String("string"),
PurposeJustificationRequired: pulumi.Bool(false),
Requires: cloudflare.ZeroTrustAccessPolicyRequireArray{
&cloudflare.ZeroTrustAccessPolicyRequireArgs{
AnyValidServiceToken: pulumi.Bool(false),
AuthContexts: cloudflare.ZeroTrustAccessPolicyRequireAuthContextArray{
&cloudflare.ZeroTrustAccessPolicyRequireAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
},
AuthMethod: pulumi.String("string"),
Azures: cloudflare.ZeroTrustAccessPolicyRequireAzureArray{
&cloudflare.ZeroTrustAccessPolicyRequireAzureArgs{
IdentityProviderId: pulumi.String("string"),
Ids: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Certificate: pulumi.Bool(false),
CommonName: pulumi.String("string"),
CommonNames: pulumi.StringArray{
pulumi.String("string"),
},
DevicePostures: pulumi.StringArray{
pulumi.String("string"),
},
EmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
EmailLists: pulumi.StringArray{
pulumi.String("string"),
},
Emails: pulumi.StringArray{
pulumi.String("string"),
},
Everyone: pulumi.Bool(false),
ExternalEvaluations: cloudflare.ZeroTrustAccessPolicyRequireExternalEvaluationArray{
&cloudflare.ZeroTrustAccessPolicyRequireExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
},
Geos: pulumi.StringArray{
pulumi.String("string"),
},
Githubs: cloudflare.ZeroTrustAccessPolicyRequireGithubArray{
&cloudflare.ZeroTrustAccessPolicyRequireGithubArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Teams: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Groups: pulumi.StringArray{
pulumi.String("string"),
},
Gsuites: cloudflare.ZeroTrustAccessPolicyRequireGsuiteArray{
&cloudflare.ZeroTrustAccessPolicyRequireGsuiteArgs{
Emails: pulumi.StringArray{
pulumi.String("string"),
},
IdentityProviderId: pulumi.String("string"),
},
},
IpLists: pulumi.StringArray{
pulumi.String("string"),
},
Ips: pulumi.StringArray{
pulumi.String("string"),
},
LoginMethods: pulumi.StringArray{
pulumi.String("string"),
},
Oktas: cloudflare.ZeroTrustAccessPolicyRequireOktaArray{
&cloudflare.ZeroTrustAccessPolicyRequireOktaArgs{
IdentityProviderId: pulumi.String("string"),
Names: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Samls: cloudflare.ZeroTrustAccessPolicyRequireSamlArray{
&cloudflare.ZeroTrustAccessPolicyRequireSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
},
ServiceTokens: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SessionDuration: pulumi.String("string"),
ZoneId: pulumi.String("string"),
})
var zeroTrustAccessPolicyResource = new ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource", ZeroTrustAccessPolicyArgs.builder()
.decision("string")
.name("string")
.includes(ZeroTrustAccessPolicyIncludeArgs.builder()
.anyValidServiceToken(false)
.authContexts(ZeroTrustAccessPolicyIncludeAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod("string")
.azures(ZeroTrustAccessPolicyIncludeAzureArgs.builder()
.identityProviderId("string")
.ids("string")
.build())
.certificate(false)
.commonName("string")
.commonNames("string")
.devicePostures("string")
.emailDomains("string")
.emailLists("string")
.emails("string")
.everyone(false)
.externalEvaluations(ZeroTrustAccessPolicyIncludeExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geos("string")
.githubs(ZeroTrustAccessPolicyIncludeGithubArgs.builder()
.identityProviderId("string")
.name("string")
.teams("string")
.build())
.groups("string")
.gsuites(ZeroTrustAccessPolicyIncludeGsuiteArgs.builder()
.emails("string")
.identityProviderId("string")
.build())
.ipLists("string")
.ips("string")
.loginMethods("string")
.oktas(ZeroTrustAccessPolicyIncludeOktaArgs.builder()
.identityProviderId("string")
.names("string")
.build())
.samls(ZeroTrustAccessPolicyIncludeSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceTokens("string")
.build())
.isolationRequired(false)
.connectionRules(ZeroTrustAccessPolicyConnectionRulesArgs.builder()
.ssh(ZeroTrustAccessPolicyConnectionRulesSshArgs.builder()
.usernames("string")
.build())
.build())
.approvalRequired(false)
.excludes(ZeroTrustAccessPolicyExcludeArgs.builder()
.anyValidServiceToken(false)
.authContexts(ZeroTrustAccessPolicyExcludeAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod("string")
.azures(ZeroTrustAccessPolicyExcludeAzureArgs.builder()
.identityProviderId("string")
.ids("string")
.build())
.certificate(false)
.commonName("string")
.commonNames("string")
.devicePostures("string")
.emailDomains("string")
.emailLists("string")
.emails("string")
.everyone(false)
.externalEvaluations(ZeroTrustAccessPolicyExcludeExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geos("string")
.githubs(ZeroTrustAccessPolicyExcludeGithubArgs.builder()
.identityProviderId("string")
.name("string")
.teams("string")
.build())
.groups("string")
.gsuites(ZeroTrustAccessPolicyExcludeGsuiteArgs.builder()
.emails("string")
.identityProviderId("string")
.build())
.ipLists("string")
.ips("string")
.loginMethods("string")
.oktas(ZeroTrustAccessPolicyExcludeOktaArgs.builder()
.identityProviderId("string")
.names("string")
.build())
.samls(ZeroTrustAccessPolicyExcludeSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceTokens("string")
.build())
.approvalGroups(ZeroTrustAccessPolicyApprovalGroupArgs.builder()
.approvalsNeeded(0)
.emailAddresses("string")
.emailListUuid("string")
.build())
.accountId("string")
.applicationId("string")
.precedence(0)
.purposeJustificationPrompt("string")
.purposeJustificationRequired(false)
.requires(ZeroTrustAccessPolicyRequireArgs.builder()
.anyValidServiceToken(false)
.authContexts(ZeroTrustAccessPolicyRequireAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod("string")
.azures(ZeroTrustAccessPolicyRequireAzureArgs.builder()
.identityProviderId("string")
.ids("string")
.build())
.certificate(false)
.commonName("string")
.commonNames("string")
.devicePostures("string")
.emailDomains("string")
.emailLists("string")
.emails("string")
.everyone(false)
.externalEvaluations(ZeroTrustAccessPolicyRequireExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geos("string")
.githubs(ZeroTrustAccessPolicyRequireGithubArgs.builder()
.identityProviderId("string")
.name("string")
.teams("string")
.build())
.groups("string")
.gsuites(ZeroTrustAccessPolicyRequireGsuiteArgs.builder()
.emails("string")
.identityProviderId("string")
.build())
.ipLists("string")
.ips("string")
.loginMethods("string")
.oktas(ZeroTrustAccessPolicyRequireOktaArgs.builder()
.identityProviderId("string")
.names("string")
.build())
.samls(ZeroTrustAccessPolicyRequireSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceTokens("string")
.build())
.sessionDuration("string")
.zoneId("string")
.build());
zero_trust_access_policy_resource = cloudflare.ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource",
decision="string",
name="string",
includes=[{
"any_valid_service_token": False,
"auth_contexts": [{
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
}],
"auth_method": "string",
"azures": [{
"identity_provider_id": "string",
"ids": ["string"],
}],
"certificate": False,
"common_name": "string",
"common_names": ["string"],
"device_postures": ["string"],
"email_domains": ["string"],
"email_lists": ["string"],
"emails": ["string"],
"everyone": False,
"external_evaluations": [{
"evaluate_url": "string",
"keys_url": "string",
}],
"geos": ["string"],
"githubs": [{
"identity_provider_id": "string",
"name": "string",
"teams": ["string"],
}],
"groups": ["string"],
"gsuites": [{
"emails": ["string"],
"identity_provider_id": "string",
}],
"ip_lists": ["string"],
"ips": ["string"],
"login_methods": ["string"],
"oktas": [{
"identity_provider_id": "string",
"names": ["string"],
}],
"samls": [{
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
}],
"service_tokens": ["string"],
}],
isolation_required=False,
connection_rules={
"ssh": {
"usernames": ["string"],
},
},
approval_required=False,
excludes=[{
"any_valid_service_token": False,
"auth_contexts": [{
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
}],
"auth_method": "string",
"azures": [{
"identity_provider_id": "string",
"ids": ["string"],
}],
"certificate": False,
"common_name": "string",
"common_names": ["string"],
"device_postures": ["string"],
"email_domains": ["string"],
"email_lists": ["string"],
"emails": ["string"],
"everyone": False,
"external_evaluations": [{
"evaluate_url": "string",
"keys_url": "string",
}],
"geos": ["string"],
"githubs": [{
"identity_provider_id": "string",
"name": "string",
"teams": ["string"],
}],
"groups": ["string"],
"gsuites": [{
"emails": ["string"],
"identity_provider_id": "string",
}],
"ip_lists": ["string"],
"ips": ["string"],
"login_methods": ["string"],
"oktas": [{
"identity_provider_id": "string",
"names": ["string"],
}],
"samls": [{
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
}],
"service_tokens": ["string"],
}],
approval_groups=[{
"approvals_needed": 0,
"email_addresses": ["string"],
"email_list_uuid": "string",
}],
account_id="string",
application_id="string",
precedence=0,
purpose_justification_prompt="string",
purpose_justification_required=False,
requires=[{
"any_valid_service_token": False,
"auth_contexts": [{
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
}],
"auth_method": "string",
"azures": [{
"identity_provider_id": "string",
"ids": ["string"],
}],
"certificate": False,
"common_name": "string",
"common_names": ["string"],
"device_postures": ["string"],
"email_domains": ["string"],
"email_lists": ["string"],
"emails": ["string"],
"everyone": False,
"external_evaluations": [{
"evaluate_url": "string",
"keys_url": "string",
}],
"geos": ["string"],
"githubs": [{
"identity_provider_id": "string",
"name": "string",
"teams": ["string"],
}],
"groups": ["string"],
"gsuites": [{
"emails": ["string"],
"identity_provider_id": "string",
}],
"ip_lists": ["string"],
"ips": ["string"],
"login_methods": ["string"],
"oktas": [{
"identity_provider_id": "string",
"names": ["string"],
}],
"samls": [{
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
}],
"service_tokens": ["string"],
}],
session_duration="string",
zone_id="string")
const zeroTrustAccessPolicyResource = new cloudflare.ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource", {
decision: "string",
name: "string",
includes: [{
anyValidServiceToken: false,
authContexts: [{
acId: "string",
id: "string",
identityProviderId: "string",
}],
authMethod: "string",
azures: [{
identityProviderId: "string",
ids: ["string"],
}],
certificate: false,
commonName: "string",
commonNames: ["string"],
devicePostures: ["string"],
emailDomains: ["string"],
emailLists: ["string"],
emails: ["string"],
everyone: false,
externalEvaluations: [{
evaluateUrl: "string",
keysUrl: "string",
}],
geos: ["string"],
githubs: [{
identityProviderId: "string",
name: "string",
teams: ["string"],
}],
groups: ["string"],
gsuites: [{
emails: ["string"],
identityProviderId: "string",
}],
ipLists: ["string"],
ips: ["string"],
loginMethods: ["string"],
oktas: [{
identityProviderId: "string",
names: ["string"],
}],
samls: [{
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
}],
serviceTokens: ["string"],
}],
isolationRequired: false,
connectionRules: {
ssh: {
usernames: ["string"],
},
},
approvalRequired: false,
excludes: [{
anyValidServiceToken: false,
authContexts: [{
acId: "string",
id: "string",
identityProviderId: "string",
}],
authMethod: "string",
azures: [{
identityProviderId: "string",
ids: ["string"],
}],
certificate: false,
commonName: "string",
commonNames: ["string"],
devicePostures: ["string"],
emailDomains: ["string"],
emailLists: ["string"],
emails: ["string"],
everyone: false,
externalEvaluations: [{
evaluateUrl: "string",
keysUrl: "string",
}],
geos: ["string"],
githubs: [{
identityProviderId: "string",
name: "string",
teams: ["string"],
}],
groups: ["string"],
gsuites: [{
emails: ["string"],
identityProviderId: "string",
}],
ipLists: ["string"],
ips: ["string"],
loginMethods: ["string"],
oktas: [{
identityProviderId: "string",
names: ["string"],
}],
samls: [{
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
}],
serviceTokens: ["string"],
}],
approvalGroups: [{
approvalsNeeded: 0,
emailAddresses: ["string"],
emailListUuid: "string",
}],
accountId: "string",
applicationId: "string",
precedence: 0,
purposeJustificationPrompt: "string",
purposeJustificationRequired: false,
requires: [{
anyValidServiceToken: false,
authContexts: [{
acId: "string",
id: "string",
identityProviderId: "string",
}],
authMethod: "string",
azures: [{
identityProviderId: "string",
ids: ["string"],
}],
certificate: false,
commonName: "string",
commonNames: ["string"],
devicePostures: ["string"],
emailDomains: ["string"],
emailLists: ["string"],
emails: ["string"],
everyone: false,
externalEvaluations: [{
evaluateUrl: "string",
keysUrl: "string",
}],
geos: ["string"],
githubs: [{
identityProviderId: "string",
name: "string",
teams: ["string"],
}],
groups: ["string"],
gsuites: [{
emails: ["string"],
identityProviderId: "string",
}],
ipLists: ["string"],
ips: ["string"],
loginMethods: ["string"],
oktas: [{
identityProviderId: "string",
names: ["string"],
}],
samls: [{
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
}],
serviceTokens: ["string"],
}],
sessionDuration: "string",
zoneId: "string",
});
type: cloudflare:ZeroTrustAccessPolicy
properties:
accountId: string
applicationId: string
approvalGroups:
- approvalsNeeded: 0
emailAddresses:
- string
emailListUuid: string
approvalRequired: false
connectionRules:
ssh:
usernames:
- string
decision: string
excludes:
- anyValidServiceToken: false
authContexts:
- acId: string
id: string
identityProviderId: string
authMethod: string
azures:
- identityProviderId: string
ids:
- string
certificate: false
commonName: string
commonNames:
- string
devicePostures:
- string
emailDomains:
- string
emailLists:
- string
emails:
- string
everyone: false
externalEvaluations:
- evaluateUrl: string
keysUrl: string
geos:
- string
githubs:
- identityProviderId: string
name: string
teams:
- string
groups:
- string
gsuites:
- emails:
- string
identityProviderId: string
ipLists:
- string
ips:
- string
loginMethods:
- string
oktas:
- identityProviderId: string
names:
- string
samls:
- attributeName: string
attributeValue: string
identityProviderId: string
serviceTokens:
- string
includes:
- anyValidServiceToken: false
authContexts:
- acId: string
id: string
identityProviderId: string
authMethod: string
azures:
- identityProviderId: string
ids:
- string
certificate: false
commonName: string
commonNames:
- string
devicePostures:
- string
emailDomains:
- string
emailLists:
- string
emails:
- string
everyone: false
externalEvaluations:
- evaluateUrl: string
keysUrl: string
geos:
- string
githubs:
- identityProviderId: string
name: string
teams:
- string
groups:
- string
gsuites:
- emails:
- string
identityProviderId: string
ipLists:
- string
ips:
- string
loginMethods:
- string
oktas:
- identityProviderId: string
names:
- string
samls:
- attributeName: string
attributeValue: string
identityProviderId: string
serviceTokens:
- string
isolationRequired: false
name: string
precedence: 0
purposeJustificationPrompt: string
purposeJustificationRequired: false
requires:
- anyValidServiceToken: false
authContexts:
- acId: string
id: string
identityProviderId: string
authMethod: string
azures:
- identityProviderId: string
ids:
- string
certificate: false
commonName: string
commonNames:
- string
devicePostures:
- string
emailDomains:
- string
emailLists:
- string
emails:
- string
everyone: false
externalEvaluations:
- evaluateUrl: string
keysUrl: string
geos:
- string
githubs:
- identityProviderId: string
name: string
teams:
- string
groups:
- string
gsuites:
- emails:
- string
identityProviderId: string
ipLists:
- string
ips:
- string
loginMethods:
- string
oktas:
- identityProviderId: string
names:
- string
samls:
- attributeName: string
attributeValue: string
identityProviderId: string
serviceTokens:
- string
sessionDuration: string
zoneId: string
ZeroTrustAccessPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ZeroTrustAccessPolicy resource accepts the following input properties:
- Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Includes
List<Zero
Trust Access Policy Include> - A series of access conditions, see Access Groups.
- Name string
- Friendly name of the Access Policy.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Application
Id string - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - Approval
Groups List<ZeroTrust Access Policy Approval Group> - Approval
Required bool - Connection
Rules ZeroTrust Access Policy Connection Rules - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- Excludes
List<Zero
Trust Access Policy Exclude> - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Precedence int
- The unique precedence for policies on a single application. Required when using
application_id
. - Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
List<Zero
Trust Access Policy Require> - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Includes
[]Zero
Trust Access Policy Include Args - A series of access conditions, see Access Groups.
- Name string
- Friendly name of the Access Policy.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Application
Id string - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - Approval
Groups []ZeroTrust Access Policy Approval Group Args - Approval
Required bool - Connection
Rules ZeroTrust Access Policy Connection Rules Args - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- Excludes
[]Zero
Trust Access Policy Exclude Args - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Precedence int
- The unique precedence for policies on a single application. Required when using
application_id
. - Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
[]Zero
Trust Access Policy Require Args - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes
List<Zero
Trust Access Policy Include> - A series of access conditions, see Access Groups.
- name String
- Friendly name of the Access Policy.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id String - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval
Groups List<ZeroTrust Access Policy Approval Group> - approval
Required Boolean - connection
Rules ZeroTrust Access Policy Connection Rules - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- excludes
List<Zero
Trust Access Policy Exclude> - A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- precedence Integer
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
List<Zero
Trust Access Policy Require> - A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
- decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes
Zero
Trust Access Policy Include[] - A series of access conditions, see Access Groups.
- name string
- Friendly name of the Access Policy.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id string - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval
Groups ZeroTrust Access Policy Approval Group[] - approval
Required boolean - connection
Rules ZeroTrust Access Policy Connection Rules - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- excludes
Zero
Trust Access Policy Exclude[] - A series of access conditions, see Access Groups.
- isolation
Required boolean - Require this application to be served in an isolated browser for users matching this policy.
- precedence number
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification booleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Zero
Trust Access Policy Require[] - A series of access conditions, see Access Groups.
- session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- decision str
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes
Sequence[Zero
Trust Access Policy Include Args] - A series of access conditions, see Access Groups.
- name str
- Friendly name of the Access Policy.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. - application_
id str - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval_
groups Sequence[ZeroTrust Access Policy Approval Group Args] - approval_
required bool - connection_
rules ZeroTrust Access Policy Connection Rules Args - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- excludes
Sequence[Zero
Trust Access Policy Exclude Args] - A series of access conditions, see Access Groups.
- isolation_
required bool - Require this application to be served in an isolated browser for users matching this policy.
- precedence int
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose_
justification_ strprompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose_
justification_ boolrequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Sequence[Zero
Trust Access Policy Require Args] - A series of access conditions, see Access Groups.
- session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
.
- decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - includes List<Property Map>
- A series of access conditions, see Access Groups.
- name String
- Friendly name of the Access Policy.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id String - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval
Groups List<Property Map> - approval
Required Boolean - connection
Rules Property Map - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- excludes List<Property Map>
- A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- precedence Number
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires List<Property Map>
- A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZeroTrustAccessPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ZeroTrustAccessPolicy Resource
Get an existing ZeroTrustAccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZeroTrustAccessPolicyState, opts?: CustomResourceOptions): ZeroTrustAccessPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
application_id: Optional[str] = None,
approval_groups: Optional[Sequence[ZeroTrustAccessPolicyApprovalGroupArgs]] = None,
approval_required: Optional[bool] = None,
connection_rules: Optional[ZeroTrustAccessPolicyConnectionRulesArgs] = None,
decision: Optional[str] = None,
excludes: Optional[Sequence[ZeroTrustAccessPolicyExcludeArgs]] = None,
includes: Optional[Sequence[ZeroTrustAccessPolicyIncludeArgs]] = None,
isolation_required: Optional[bool] = None,
name: Optional[str] = None,
precedence: Optional[int] = None,
purpose_justification_prompt: Optional[str] = None,
purpose_justification_required: Optional[bool] = None,
requires: Optional[Sequence[ZeroTrustAccessPolicyRequireArgs]] = None,
session_duration: Optional[str] = None,
zone_id: Optional[str] = None) -> ZeroTrustAccessPolicy
func GetZeroTrustAccessPolicy(ctx *Context, name string, id IDInput, state *ZeroTrustAccessPolicyState, opts ...ResourceOption) (*ZeroTrustAccessPolicy, error)
public static ZeroTrustAccessPolicy Get(string name, Input<string> id, ZeroTrustAccessPolicyState? state, CustomResourceOptions? opts = null)
public static ZeroTrustAccessPolicy get(String name, Output<String> id, ZeroTrustAccessPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Application
Id string - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - Approval
Groups List<ZeroTrust Access Policy Approval Group> - Approval
Required bool - Connection
Rules ZeroTrust Access Policy Connection Rules - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Excludes
List<Zero
Trust Access Policy Exclude> - A series of access conditions, see Access Groups.
- Includes
List<Zero
Trust Access Policy Include> - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Name string
- Friendly name of the Access Policy.
- Precedence int
- The unique precedence for policies on a single application. Required when using
application_id
. - Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
List<Zero
Trust Access Policy Require> - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Application
Id string - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - Approval
Groups []ZeroTrust Access Policy Approval Group Args - Approval
Required bool - Connection
Rules ZeroTrust Access Policy Connection Rules Args - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- Decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - Excludes
[]Zero
Trust Access Policy Exclude Args - A series of access conditions, see Access Groups.
- Includes
[]Zero
Trust Access Policy Include Args - A series of access conditions, see Access Groups.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy.
- Name string
- Friendly name of the Access Policy.
- Precedence int
- The unique precedence for policies on a single application. Required when using
application_id
. - Purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - Purpose
Justification boolRequired - Whether to prompt the user for a justification for accessing the resource.
- Requires
[]Zero
Trust Access Policy Require Args - A series of access conditions, see Access Groups.
- Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id String - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval
Groups List<ZeroTrust Access Policy Approval Group> - approval
Required Boolean - connection
Rules ZeroTrust Access Policy Connection Rules - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes
List<Zero
Trust Access Policy Exclude> - A series of access conditions, see Access Groups.
- includes
List<Zero
Trust Access Policy Include> - A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- name String
- Friendly name of the Access Policy.
- precedence Integer
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
List<Zero
Trust Access Policy Require> - A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id string - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval
Groups ZeroTrust Access Policy Approval Group[] - approval
Required boolean - connection
Rules ZeroTrust Access Policy Connection Rules - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- decision string
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes
Zero
Trust Access Policy Exclude[] - A series of access conditions, see Access Groups.
- includes
Zero
Trust Access Policy Include[] - A series of access conditions, see Access Groups.
- isolation
Required boolean - Require this application to be served in an isolated browser for users matching this policy.
- name string
- Friendly name of the Access Policy.
- precedence number
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose
Justification stringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification booleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Zero
Trust Access Policy Require[] - A series of access conditions, see Access Groups.
- session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. - application_
id str - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval_
groups Sequence[ZeroTrust Access Policy Approval Group Args] - approval_
required bool - connection_
rules ZeroTrust Access Policy Connection Rules Args - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- decision str
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes
Sequence[Zero
Trust Access Policy Exclude Args] - A series of access conditions, see Access Groups.
- includes
Sequence[Zero
Trust Access Policy Include Args] - A series of access conditions, see Access Groups.
- isolation_
required bool - Require this application to be served in an isolated browser for users matching this policy.
- name str
- Friendly name of the Access Policy.
- precedence int
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose_
justification_ strprompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose_
justification_ boolrequired - Whether to prompt the user for a justification for accessing the resource.
- requires
Sequence[Zero
Trust Access Policy Require Args] - A series of access conditions, see Access Groups.
- session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - application
Id String - The ID of the application the policy is associated with. Required when using
precedence
. Modifying this attribute will force creation of a new resource. - approval
Groups List<Property Map> - approval
Required Boolean - connection
Rules Property Map - The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required.
- decision String
- Defines the action Access will take if the policy matches the user. Available values:
allow
,deny
,non_identity
,bypass
. - excludes List<Property Map>
- A series of access conditions, see Access Groups.
- includes List<Property Map>
- A series of access conditions, see Access Groups.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy.
- name String
- Friendly name of the Access Policy.
- precedence Number
- The unique precedence for policies on a single application. Required when using
application_id
. - purpose
Justification StringPrompt - The prompt to display to the user for a justification for accessing the resource. Required when using
purpose_justification_required
. - purpose
Justification BooleanRequired - Whether to prompt the user for a justification for accessing the resource.
- requires List<Property Map>
- A series of access conditions, see Access Groups.
- session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
Supporting Types
ZeroTrustAccessPolicyApprovalGroup, ZeroTrustAccessPolicyApprovalGroupArgs
- Approvals
Needed int - Number of approvals needed.
- Email
Addresses List<string> - List of emails to request approval from.
- Email
List stringUuid
- Approvals
Needed int - Number of approvals needed.
- Email
Addresses []string - List of emails to request approval from.
- Email
List stringUuid
- approvals
Needed Integer - Number of approvals needed.
- email
Addresses List<String> - List of emails to request approval from.
- email
List StringUuid
- approvals
Needed number - Number of approvals needed.
- email
Addresses string[] - List of emails to request approval from.
- email
List stringUuid
- approvals_
needed int - Number of approvals needed.
- email_
addresses Sequence[str] - List of emails to request approval from.
- email_
list_ struuid
- approvals
Needed Number - Number of approvals needed.
- email
Addresses List<String> - List of emails to request approval from.
- email
List StringUuid
ZeroTrustAccessPolicyConnectionRules, ZeroTrustAccessPolicyConnectionRulesArgs
- Ssh
Zero
Trust Access Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- Ssh
Zero
Trust Access Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh
Zero
Trust Access Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh
Zero
Trust Access Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh
Zero
Trust Access Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh Property Map
- The SSH-specific rules that define how users may connect to the targets secured by your application.
ZeroTrustAccessPolicyConnectionRulesSsh, ZeroTrustAccessPolicyConnectionRulesSshArgs
- Usernames List<string>
- Contains the Unix usernames that may be used when connecting over SSH.
- Usernames []string
- Contains the Unix usernames that may be used when connecting over SSH.
- usernames List<String>
- Contains the Unix usernames that may be used when connecting over SSH.
- usernames string[]
- Contains the Unix usernames that may be used when connecting over SSH.
- usernames Sequence[str]
- Contains the Unix usernames that may be used when connecting over SSH.
- usernames List<String>
- Contains the Unix usernames that may be used when connecting over SSH.
ZeroTrustAccessPolicyExclude, ZeroTrustAccessPolicyExcludeArgs
- Any
Valid boolService Token - Matches any valid Access service token.
- Auth
Contexts List<ZeroTrust Access Policy Exclude Auth Context> - Auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- Azures
List<Zero
Trust Access Policy Exclude Azure> - Matches an Azure group. Requires an Azure identity provider.
- Certificate bool
- Matches any valid client certificate.
- Common
Name string - Matches a valid client certificate common name.
- Common
Names List<string> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- Device
Postures List<string> - The ID of a device posture integration.
- Email
Domains List<string> - The email domain to match.
- Email
Lists List<string> - The ID of a previously created email list.
- Emails List<string>
- The email of the user.
- Everyone bool
- Matches everyone.
- External
Evaluations List<ZeroTrust Access Policy Exclude External Evaluation> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- Geos List<string>
- Matches a specific country.
- Githubs
List<Zero
Trust Access Policy Exclude Github> - Matches a Github organization. Requires a Github identity provider.
- Groups List<string>
- The ID of a previously created Access group.
- Gsuites
List<Zero
Trust Access Policy Exclude Gsuite> - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- Ip
Lists List<string> - The ID of a previously created IP list.
- Ips List<string>
- An IPv4 or IPv6 CIDR block.
- Login
Methods List<string> - The ID of a configured identity provider.
- Oktas
List<Zero
Trust Access Policy Exclude Okta> - Matches an Okta group. Requires an Okta identity provider.
- Samls
List<Zero
Trust Access Policy Exclude Saml> - Matches a SAML group. Requires a SAML identity provider.
- Service
Tokens List<string> - The ID of an Access service token.
- Any
Valid boolService Token - Matches any valid Access service token.
- Auth
Contexts []ZeroTrust Access Policy Exclude Auth Context - Auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- Azures
[]Zero
Trust Access Policy Exclude Azure - Matches an Azure group. Requires an Azure identity provider.
- Certificate bool
- Matches any valid client certificate.
- Common
Name string - Matches a valid client certificate common name.
- Common
Names []string - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- Device
Postures []string - The ID of a device posture integration.
- Email
Domains []string - The email domain to match.
- Email
Lists []string - The ID of a previously created email list.
- Emails []string
- The email of the user.
- Everyone bool
- Matches everyone.
- External
Evaluations []ZeroTrust Access Policy Exclude External Evaluation - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- Geos []string
- Matches a specific country.
- Githubs
[]Zero
Trust Access Policy Exclude Github - Matches a Github organization. Requires a Github identity provider.
- Groups []string
- The ID of a previously created Access group.
- Gsuites
[]Zero
Trust Access Policy Exclude Gsuite - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- Ip
Lists []string - The ID of a previously created IP list.
- Ips []string
- An IPv4 or IPv6 CIDR block.
- Login
Methods []string - The ID of a configured identity provider.
- Oktas
[]Zero
Trust Access Policy Exclude Okta - Matches an Okta group. Requires an Okta identity provider.
- Samls
[]Zero
Trust Access Policy Exclude Saml - Matches a SAML group. Requires a SAML identity provider.
- Service
Tokens []string - The ID of an Access service token.
- any
Valid BooleanService Token - Matches any valid Access service token.
- auth
Contexts List<ZeroTrust Access Policy Exclude Auth Context> - auth
Method String - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
List<Zero
Trust Access Policy Exclude Azure> - Matches an Azure group. Requires an Azure identity provider.
- certificate Boolean
- Matches any valid client certificate.
- common
Name String - Matches a valid client certificate common name.
- common
Names List<String> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures List<String> - The ID of a device posture integration.
- email
Domains List<String> - The email domain to match.
- email
Lists List<String> - The ID of a previously created email list.
- emails List<String>
- The email of the user.
- everyone Boolean
- Matches everyone.
- external
Evaluations List<ZeroTrust Access Policy Exclude External Evaluation> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos List<String>
- Matches a specific country.
- githubs
List<Zero
Trust Access Policy Exclude Github> - Matches a Github organization. Requires a Github identity provider.
- groups List<String>
- The ID of a previously created Access group.
- gsuites
List<Zero
Trust Access Policy Exclude Gsuite> - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists List<String> - The ID of a previously created IP list.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - The ID of a configured identity provider.
- oktas
List<Zero
Trust Access Policy Exclude Okta> - Matches an Okta group. Requires an Okta identity provider.
- samls
List<Zero
Trust Access Policy Exclude Saml> - Matches a SAML group. Requires a SAML identity provider.
- service
Tokens List<String> - The ID of an Access service token.
- any
Valid booleanService Token - Matches any valid Access service token.
- auth
Contexts ZeroTrust Access Policy Exclude Auth Context[] - auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
Zero
Trust Access Policy Exclude Azure[] - Matches an Azure group. Requires an Azure identity provider.
- certificate boolean
- Matches any valid client certificate.
- common
Name string - Matches a valid client certificate common name.
- common
Names string[] - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures string[] - The ID of a device posture integration.
- email
Domains string[] - The email domain to match.
- email
Lists string[] - The ID of a previously created email list.
- emails string[]
- The email of the user.
- everyone boolean
- Matches everyone.
- external
Evaluations ZeroTrust Access Policy Exclude External Evaluation[] - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos string[]
- Matches a specific country.
- githubs
Zero
Trust Access Policy Exclude Github[] - Matches a Github organization. Requires a Github identity provider.
- groups string[]
- The ID of a previously created Access group.
- gsuites
Zero
Trust Access Policy Exclude Gsuite[] - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists string[] - The ID of a previously created IP list.
- ips string[]
- An IPv4 or IPv6 CIDR block.
- login
Methods string[] - The ID of a configured identity provider.
- oktas
Zero
Trust Access Policy Exclude Okta[] - Matches an Okta group. Requires an Okta identity provider.
- samls
Zero
Trust Access Policy Exclude Saml[] - Matches a SAML group. Requires a SAML identity provider.
- service
Tokens string[] - The ID of an Access service token.
- any_
valid_ boolservice_ token - Matches any valid Access service token.
- auth_
contexts Sequence[ZeroTrust Access Policy Exclude Auth Context] - auth_
method str - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
Sequence[Zero
Trust Access Policy Exclude Azure] - Matches an Azure group. Requires an Azure identity provider.
- certificate bool
- Matches any valid client certificate.
- common_
name str - Matches a valid client certificate common name.
- common_
names Sequence[str] - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device_
postures Sequence[str] - The ID of a device posture integration.
- email_
domains Sequence[str] - The email domain to match.
- email_
lists Sequence[str] - The ID of a previously created email list.
- emails Sequence[str]
- The email of the user.
- everyone bool
- Matches everyone.
- external_
evaluations Sequence[ZeroTrust Access Policy Exclude External Evaluation] - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos Sequence[str]
- Matches a specific country.
- githubs
Sequence[Zero
Trust Access Policy Exclude Github] - Matches a Github organization. Requires a Github identity provider.
- groups Sequence[str]
- The ID of a previously created Access group.
- gsuites
Sequence[Zero
Trust Access Policy Exclude Gsuite] - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip_
lists Sequence[str] - The ID of a previously created IP list.
- ips Sequence[str]
- An IPv4 or IPv6 CIDR block.
- login_
methods Sequence[str] - The ID of a configured identity provider.
- oktas
Sequence[Zero
Trust Access Policy Exclude Okta] - Matches an Okta group. Requires an Okta identity provider.
- samls
Sequence[Zero
Trust Access Policy Exclude Saml] - Matches a SAML group. Requires a SAML identity provider.
- service_
tokens Sequence[str] - The ID of an Access service token.
- any
Valid BooleanService Token - Matches any valid Access service token.
- auth
Contexts List<Property Map> - auth
Method String - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures List<Property Map>
- Matches an Azure group. Requires an Azure identity provider.
- certificate Boolean
- Matches any valid client certificate.
- common
Name String - Matches a valid client certificate common name.
- common
Names List<String> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures List<String> - The ID of a device posture integration.
- email
Domains List<String> - The email domain to match.
- email
Lists List<String> - The ID of a previously created email list.
- emails List<String>
- The email of the user.
- everyone Boolean
- Matches everyone.
- external
Evaluations List<Property Map> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos List<String>
- Matches a specific country.
- githubs List<Property Map>
- Matches a Github organization. Requires a Github identity provider.
- groups List<String>
- The ID of a previously created Access group.
- gsuites List<Property Map>
- Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists List<String> - The ID of a previously created IP list.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - The ID of a configured identity provider.
- oktas List<Property Map>
- Matches an Okta group. Requires an Okta identity provider.
- samls List<Property Map>
- Matches a SAML group. Requires a SAML identity provider.
- service
Tokens List<String> - The ID of an Access service token.
ZeroTrustAccessPolicyExcludeAuthContext, ZeroTrustAccessPolicyExcludeAuthContextArgs
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure identity provider.
- ac
Id string - The ACID of the Authentication Context.
- id string
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure identity provider.
- ac_
id str - The ACID of the Authentication Context.
- id str
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure identity provider.
ZeroTrustAccessPolicyExcludeAzure, ZeroTrustAccessPolicyExcludeAzureArgs
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ids List<string>
- The ID of the Azure group or user.
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ids []string
- The ID of the Azure group or user.
- identity
Provider StringId - The ID of the Azure identity provider.
- ids List<String>
- The ID of the Azure group or user.
- identity
Provider stringId - The ID of the Azure identity provider.
- ids string[]
- The ID of the Azure group or user.
- identity_
provider_ strid - The ID of the Azure identity provider.
- ids Sequence[str]
- The ID of the Azure group or user.
- identity
Provider StringId - The ID of the Azure identity provider.
- ids List<String>
- The ID of the Azure group or user.
ZeroTrustAccessPolicyExcludeExternalEvaluation, ZeroTrustAccessPolicyExcludeExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessPolicyExcludeGithub, ZeroTrustAccessPolicyExcludeGithubArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Teams List<string>
- The teams that should be matched.
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Teams []string
- The teams that should be matched.
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- teams List<String>
- The teams that should be matched.
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- teams string[]
- The teams that should be matched.
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- teams Sequence[str]
- The teams that should be matched.
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- teams List<String>
- The teams that should be matched.
ZeroTrustAccessPolicyExcludeGsuite, ZeroTrustAccessPolicyExcludeGsuiteArgs
- Emails List<string>
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Emails []string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- emails List<String>
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- emails string[]
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- emails Sequence[str]
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- emails List<String>
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessPolicyExcludeOkta, ZeroTrustAccessPolicyExcludeOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Names List<string>
- The name of the Okta Group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Names []string
- The name of the Okta Group.
- identity
Provider StringId - The ID of your Okta identity provider.
- names List<String>
- The name of the Okta Group.
- identity
Provider stringId - The ID of your Okta identity provider.
- names string[]
- The name of the Okta Group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- names Sequence[str]
- The name of the Okta Group.
- identity
Provider StringId - The ID of your Okta identity provider.
- names List<String>
- The name of the Okta Group.
ZeroTrustAccessPolicyExcludeSaml, ZeroTrustAccessPolicyExcludeSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessPolicyInclude, ZeroTrustAccessPolicyIncludeArgs
- Any
Valid boolService Token - Matches any valid Access service token.
- Auth
Contexts List<ZeroTrust Access Policy Include Auth Context> - Auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- Azures
List<Zero
Trust Access Policy Include Azure> - Matches an Azure group. Requires an Azure identity provider.
- Certificate bool
- Matches any valid client certificate.
- Common
Name string - Matches a valid client certificate common name.
- Common
Names List<string> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- Device
Postures List<string> - The ID of a device posture integration.
- Email
Domains List<string> - The email domain to match.
- Email
Lists List<string> - The ID of a previously created email list.
- Emails List<string>
- The email of the user.
- Everyone bool
- Matches everyone.
- External
Evaluations List<ZeroTrust Access Policy Include External Evaluation> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- Geos List<string>
- Matches a specific country.
- Githubs
List<Zero
Trust Access Policy Include Github> - Matches a Github organization. Requires a Github identity provider.
- Groups List<string>
- The ID of a previously created Access group.
- Gsuites
List<Zero
Trust Access Policy Include Gsuite> - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- Ip
Lists List<string> - The ID of a previously created IP list.
- Ips List<string>
- An IPv4 or IPv6 CIDR block.
- Login
Methods List<string> - The ID of a configured identity provider.
- Oktas
List<Zero
Trust Access Policy Include Okta> - Matches an Okta group. Requires an Okta identity provider.
- Samls
List<Zero
Trust Access Policy Include Saml> - Matches a SAML group. Requires a SAML identity provider.
- Service
Tokens List<string> - The ID of an Access service token.
- Any
Valid boolService Token - Matches any valid Access service token.
- Auth
Contexts []ZeroTrust Access Policy Include Auth Context - Auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- Azures
[]Zero
Trust Access Policy Include Azure - Matches an Azure group. Requires an Azure identity provider.
- Certificate bool
- Matches any valid client certificate.
- Common
Name string - Matches a valid client certificate common name.
- Common
Names []string - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- Device
Postures []string - The ID of a device posture integration.
- Email
Domains []string - The email domain to match.
- Email
Lists []string - The ID of a previously created email list.
- Emails []string
- The email of the user.
- Everyone bool
- Matches everyone.
- External
Evaluations []ZeroTrust Access Policy Include External Evaluation - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- Geos []string
- Matches a specific country.
- Githubs
[]Zero
Trust Access Policy Include Github - Matches a Github organization. Requires a Github identity provider.
- Groups []string
- The ID of a previously created Access group.
- Gsuites
[]Zero
Trust Access Policy Include Gsuite - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- Ip
Lists []string - The ID of a previously created IP list.
- Ips []string
- An IPv4 or IPv6 CIDR block.
- Login
Methods []string - The ID of a configured identity provider.
- Oktas
[]Zero
Trust Access Policy Include Okta - Matches an Okta group. Requires an Okta identity provider.
- Samls
[]Zero
Trust Access Policy Include Saml - Matches a SAML group. Requires a SAML identity provider.
- Service
Tokens []string - The ID of an Access service token.
- any
Valid BooleanService Token - Matches any valid Access service token.
- auth
Contexts List<ZeroTrust Access Policy Include Auth Context> - auth
Method String - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
List<Zero
Trust Access Policy Include Azure> - Matches an Azure group. Requires an Azure identity provider.
- certificate Boolean
- Matches any valid client certificate.
- common
Name String - Matches a valid client certificate common name.
- common
Names List<String> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures List<String> - The ID of a device posture integration.
- email
Domains List<String> - The email domain to match.
- email
Lists List<String> - The ID of a previously created email list.
- emails List<String>
- The email of the user.
- everyone Boolean
- Matches everyone.
- external
Evaluations List<ZeroTrust Access Policy Include External Evaluation> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos List<String>
- Matches a specific country.
- githubs
List<Zero
Trust Access Policy Include Github> - Matches a Github organization. Requires a Github identity provider.
- groups List<String>
- The ID of a previously created Access group.
- gsuites
List<Zero
Trust Access Policy Include Gsuite> - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists List<String> - The ID of a previously created IP list.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - The ID of a configured identity provider.
- oktas
List<Zero
Trust Access Policy Include Okta> - Matches an Okta group. Requires an Okta identity provider.
- samls
List<Zero
Trust Access Policy Include Saml> - Matches a SAML group. Requires a SAML identity provider.
- service
Tokens List<String> - The ID of an Access service token.
- any
Valid booleanService Token - Matches any valid Access service token.
- auth
Contexts ZeroTrust Access Policy Include Auth Context[] - auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
Zero
Trust Access Policy Include Azure[] - Matches an Azure group. Requires an Azure identity provider.
- certificate boolean
- Matches any valid client certificate.
- common
Name string - Matches a valid client certificate common name.
- common
Names string[] - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures string[] - The ID of a device posture integration.
- email
Domains string[] - The email domain to match.
- email
Lists string[] - The ID of a previously created email list.
- emails string[]
- The email of the user.
- everyone boolean
- Matches everyone.
- external
Evaluations ZeroTrust Access Policy Include External Evaluation[] - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos string[]
- Matches a specific country.
- githubs
Zero
Trust Access Policy Include Github[] - Matches a Github organization. Requires a Github identity provider.
- groups string[]
- The ID of a previously created Access group.
- gsuites
Zero
Trust Access Policy Include Gsuite[] - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists string[] - The ID of a previously created IP list.
- ips string[]
- An IPv4 or IPv6 CIDR block.
- login
Methods string[] - The ID of a configured identity provider.
- oktas
Zero
Trust Access Policy Include Okta[] - Matches an Okta group. Requires an Okta identity provider.
- samls
Zero
Trust Access Policy Include Saml[] - Matches a SAML group. Requires a SAML identity provider.
- service
Tokens string[] - The ID of an Access service token.
- any_
valid_ boolservice_ token - Matches any valid Access service token.
- auth_
contexts Sequence[ZeroTrust Access Policy Include Auth Context] - auth_
method str - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
Sequence[Zero
Trust Access Policy Include Azure] - Matches an Azure group. Requires an Azure identity provider.
- certificate bool
- Matches any valid client certificate.
- common_
name str - Matches a valid client certificate common name.
- common_
names Sequence[str] - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device_
postures Sequence[str] - The ID of a device posture integration.
- email_
domains Sequence[str] - The email domain to match.
- email_
lists Sequence[str] - The ID of a previously created email list.
- emails Sequence[str]
- The email of the user.
- everyone bool
- Matches everyone.
- external_
evaluations Sequence[ZeroTrust Access Policy Include External Evaluation] - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos Sequence[str]
- Matches a specific country.
- githubs
Sequence[Zero
Trust Access Policy Include Github] - Matches a Github organization. Requires a Github identity provider.
- groups Sequence[str]
- The ID of a previously created Access group.
- gsuites
Sequence[Zero
Trust Access Policy Include Gsuite] - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip_
lists Sequence[str] - The ID of a previously created IP list.
- ips Sequence[str]
- An IPv4 or IPv6 CIDR block.
- login_
methods Sequence[str] - The ID of a configured identity provider.
- oktas
Sequence[Zero
Trust Access Policy Include Okta] - Matches an Okta group. Requires an Okta identity provider.
- samls
Sequence[Zero
Trust Access Policy Include Saml] - Matches a SAML group. Requires a SAML identity provider.
- service_
tokens Sequence[str] - The ID of an Access service token.
- any
Valid BooleanService Token - Matches any valid Access service token.
- auth
Contexts List<Property Map> - auth
Method String - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures List<Property Map>
- Matches an Azure group. Requires an Azure identity provider.
- certificate Boolean
- Matches any valid client certificate.
- common
Name String - Matches a valid client certificate common name.
- common
Names List<String> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures List<String> - The ID of a device posture integration.
- email
Domains List<String> - The email domain to match.
- email
Lists List<String> - The ID of a previously created email list.
- emails List<String>
- The email of the user.
- everyone Boolean
- Matches everyone.
- external
Evaluations List<Property Map> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos List<String>
- Matches a specific country.
- githubs List<Property Map>
- Matches a Github organization. Requires a Github identity provider.
- groups List<String>
- The ID of a previously created Access group.
- gsuites List<Property Map>
- Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists List<String> - The ID of a previously created IP list.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - The ID of a configured identity provider.
- oktas List<Property Map>
- Matches an Okta group. Requires an Okta identity provider.
- samls List<Property Map>
- Matches a SAML group. Requires a SAML identity provider.
- service
Tokens List<String> - The ID of an Access service token.
ZeroTrustAccessPolicyIncludeAuthContext, ZeroTrustAccessPolicyIncludeAuthContextArgs
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure identity provider.
- ac
Id string - The ACID of the Authentication Context.
- id string
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure identity provider.
- ac_
id str - The ACID of the Authentication Context.
- id str
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure identity provider.
ZeroTrustAccessPolicyIncludeAzure, ZeroTrustAccessPolicyIncludeAzureArgs
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ids List<string>
- The ID of the Azure group or user.
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ids []string
- The ID of the Azure group or user.
- identity
Provider StringId - The ID of the Azure identity provider.
- ids List<String>
- The ID of the Azure group or user.
- identity
Provider stringId - The ID of the Azure identity provider.
- ids string[]
- The ID of the Azure group or user.
- identity_
provider_ strid - The ID of the Azure identity provider.
- ids Sequence[str]
- The ID of the Azure group or user.
- identity
Provider StringId - The ID of the Azure identity provider.
- ids List<String>
- The ID of the Azure group or user.
ZeroTrustAccessPolicyIncludeExternalEvaluation, ZeroTrustAccessPolicyIncludeExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessPolicyIncludeGithub, ZeroTrustAccessPolicyIncludeGithubArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Teams List<string>
- The teams that should be matched.
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Teams []string
- The teams that should be matched.
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- teams List<String>
- The teams that should be matched.
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- teams string[]
- The teams that should be matched.
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- teams Sequence[str]
- The teams that should be matched.
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- teams List<String>
- The teams that should be matched.
ZeroTrustAccessPolicyIncludeGsuite, ZeroTrustAccessPolicyIncludeGsuiteArgs
- Emails List<string>
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Emails []string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- emails List<String>
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- emails string[]
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- emails Sequence[str]
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- emails List<String>
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessPolicyIncludeOkta, ZeroTrustAccessPolicyIncludeOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Names List<string>
- The name of the Okta Group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Names []string
- The name of the Okta Group.
- identity
Provider StringId - The ID of your Okta identity provider.
- names List<String>
- The name of the Okta Group.
- identity
Provider stringId - The ID of your Okta identity provider.
- names string[]
- The name of the Okta Group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- names Sequence[str]
- The name of the Okta Group.
- identity
Provider StringId - The ID of your Okta identity provider.
- names List<String>
- The name of the Okta Group.
ZeroTrustAccessPolicyIncludeSaml, ZeroTrustAccessPolicyIncludeSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessPolicyRequire, ZeroTrustAccessPolicyRequireArgs
- Any
Valid boolService Token - Matches any valid Access service token.
- Auth
Contexts List<ZeroTrust Access Policy Require Auth Context> - Auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- Azures
List<Zero
Trust Access Policy Require Azure> - Matches an Azure group. Requires an Azure identity provider.
- Certificate bool
- Matches any valid client certificate.
- Common
Name string - Matches a valid client certificate common name.
- Common
Names List<string> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- Device
Postures List<string> - The ID of a device posture integration.
- Email
Domains List<string> - The email domain to match.
- Email
Lists List<string> - The ID of a previously created email list.
- Emails List<string>
- The email of the user.
- Everyone bool
- Matches everyone.
- External
Evaluations List<ZeroTrust Access Policy Require External Evaluation> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- Geos List<string>
- Matches a specific country.
- Githubs
List<Zero
Trust Access Policy Require Github> - Matches a Github organization. Requires a Github identity provider.
- Groups List<string>
- The ID of a previously created Access group.
- Gsuites
List<Zero
Trust Access Policy Require Gsuite> - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- Ip
Lists List<string> - The ID of a previously created IP list.
- Ips List<string>
- An IPv4 or IPv6 CIDR block.
- Login
Methods List<string> - The ID of a configured identity provider.
- Oktas
List<Zero
Trust Access Policy Require Okta> - Matches an Okta group. Requires an Okta identity provider.
- Samls
List<Zero
Trust Access Policy Require Saml> - Matches a SAML group. Requires a SAML identity provider.
- Service
Tokens List<string> - The ID of an Access service token.
- Any
Valid boolService Token - Matches any valid Access service token.
- Auth
Contexts []ZeroTrust Access Policy Require Auth Context - Auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- Azures
[]Zero
Trust Access Policy Require Azure - Matches an Azure group. Requires an Azure identity provider.
- Certificate bool
- Matches any valid client certificate.
- Common
Name string - Matches a valid client certificate common name.
- Common
Names []string - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- Device
Postures []string - The ID of a device posture integration.
- Email
Domains []string - The email domain to match.
- Email
Lists []string - The ID of a previously created email list.
- Emails []string
- The email of the user.
- Everyone bool
- Matches everyone.
- External
Evaluations []ZeroTrust Access Policy Require External Evaluation - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- Geos []string
- Matches a specific country.
- Githubs
[]Zero
Trust Access Policy Require Github - Matches a Github organization. Requires a Github identity provider.
- Groups []string
- The ID of a previously created Access group.
- Gsuites
[]Zero
Trust Access Policy Require Gsuite - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- Ip
Lists []string - The ID of a previously created IP list.
- Ips []string
- An IPv4 or IPv6 CIDR block.
- Login
Methods []string - The ID of a configured identity provider.
- Oktas
[]Zero
Trust Access Policy Require Okta - Matches an Okta group. Requires an Okta identity provider.
- Samls
[]Zero
Trust Access Policy Require Saml - Matches a SAML group. Requires a SAML identity provider.
- Service
Tokens []string - The ID of an Access service token.
- any
Valid BooleanService Token - Matches any valid Access service token.
- auth
Contexts List<ZeroTrust Access Policy Require Auth Context> - auth
Method String - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
List<Zero
Trust Access Policy Require Azure> - Matches an Azure group. Requires an Azure identity provider.
- certificate Boolean
- Matches any valid client certificate.
- common
Name String - Matches a valid client certificate common name.
- common
Names List<String> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures List<String> - The ID of a device posture integration.
- email
Domains List<String> - The email domain to match.
- email
Lists List<String> - The ID of a previously created email list.
- emails List<String>
- The email of the user.
- everyone Boolean
- Matches everyone.
- external
Evaluations List<ZeroTrust Access Policy Require External Evaluation> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos List<String>
- Matches a specific country.
- githubs
List<Zero
Trust Access Policy Require Github> - Matches a Github organization. Requires a Github identity provider.
- groups List<String>
- The ID of a previously created Access group.
- gsuites
List<Zero
Trust Access Policy Require Gsuite> - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists List<String> - The ID of a previously created IP list.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - The ID of a configured identity provider.
- oktas
List<Zero
Trust Access Policy Require Okta> - Matches an Okta group. Requires an Okta identity provider.
- samls
List<Zero
Trust Access Policy Require Saml> - Matches a SAML group. Requires a SAML identity provider.
- service
Tokens List<String> - The ID of an Access service token.
- any
Valid booleanService Token - Matches any valid Access service token.
- auth
Contexts ZeroTrust Access Policy Require Auth Context[] - auth
Method string - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
Zero
Trust Access Policy Require Azure[] - Matches an Azure group. Requires an Azure identity provider.
- certificate boolean
- Matches any valid client certificate.
- common
Name string - Matches a valid client certificate common name.
- common
Names string[] - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures string[] - The ID of a device posture integration.
- email
Domains string[] - The email domain to match.
- email
Lists string[] - The ID of a previously created email list.
- emails string[]
- The email of the user.
- everyone boolean
- Matches everyone.
- external
Evaluations ZeroTrust Access Policy Require External Evaluation[] - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos string[]
- Matches a specific country.
- githubs
Zero
Trust Access Policy Require Github[] - Matches a Github organization. Requires a Github identity provider.
- groups string[]
- The ID of a previously created Access group.
- gsuites
Zero
Trust Access Policy Require Gsuite[] - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists string[] - The ID of a previously created IP list.
- ips string[]
- An IPv4 or IPv6 CIDR block.
- login
Methods string[] - The ID of a configured identity provider.
- oktas
Zero
Trust Access Policy Require Okta[] - Matches an Okta group. Requires an Okta identity provider.
- samls
Zero
Trust Access Policy Require Saml[] - Matches a SAML group. Requires a SAML identity provider.
- service
Tokens string[] - The ID of an Access service token.
- any_
valid_ boolservice_ token - Matches any valid Access service token.
- auth_
contexts Sequence[ZeroTrust Access Policy Require Auth Context] - auth_
method str - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures
Sequence[Zero
Trust Access Policy Require Azure] - Matches an Azure group. Requires an Azure identity provider.
- certificate bool
- Matches any valid client certificate.
- common_
name str - Matches a valid client certificate common name.
- common_
names Sequence[str] - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device_
postures Sequence[str] - The ID of a device posture integration.
- email_
domains Sequence[str] - The email domain to match.
- email_
lists Sequence[str] - The ID of a previously created email list.
- emails Sequence[str]
- The email of the user.
- everyone bool
- Matches everyone.
- external_
evaluations Sequence[ZeroTrust Access Policy Require External Evaluation] - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos Sequence[str]
- Matches a specific country.
- githubs
Sequence[Zero
Trust Access Policy Require Github] - Matches a Github organization. Requires a Github identity provider.
- groups Sequence[str]
- The ID of a previously created Access group.
- gsuites
Sequence[Zero
Trust Access Policy Require Gsuite] - Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip_
lists Sequence[str] - The ID of a previously created IP list.
- ips Sequence[str]
- An IPv4 or IPv6 CIDR block.
- login_
methods Sequence[str] - The ID of a configured identity provider.
- oktas
Sequence[Zero
Trust Access Policy Require Okta] - Matches an Okta group. Requires an Okta identity provider.
- samls
Sequence[Zero
Trust Access Policy Require Saml] - Matches a SAML group. Requires a SAML identity provider.
- service_
tokens Sequence[str] - The ID of an Access service token.
- any
Valid BooleanService Token - Matches any valid Access service token.
- auth
Contexts List<Property Map> - auth
Method String - The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
- azures List<Property Map>
- Matches an Azure group. Requires an Azure identity provider.
- certificate Boolean
- Matches any valid client certificate.
- common
Name String - Matches a valid client certificate common name.
- common
Names List<String> - Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
- device
Postures List<String> - The ID of a device posture integration.
- email
Domains List<String> - The email domain to match.
- email
Lists List<String> - The ID of a previously created email list.
- emails List<String>
- The email of the user.
- everyone Boolean
- Matches everyone.
- external
Evaluations List<Property Map> - Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
- geos List<String>
- Matches a specific country.
- githubs List<Property Map>
- Matches a Github organization. Requires a Github identity provider.
- groups List<String>
- The ID of a previously created Access group.
- gsuites List<Property Map>
- Matches a group in Google Workspace. Requires a Google Workspace identity provider.
- ip
Lists List<String> - The ID of a previously created IP list.
- ips List<String>
- An IPv4 or IPv6 CIDR block.
- login
Methods List<String> - The ID of a configured identity provider.
- oktas List<Property Map>
- Matches an Okta group. Requires an Okta identity provider.
- samls List<Property Map>
- Matches a SAML group. Requires a SAML identity provider.
- service
Tokens List<String> - The ID of an Access service token.
ZeroTrustAccessPolicyRequireAuthContext, ZeroTrustAccessPolicyRequireAuthContextArgs
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ac
Id string - The ACID of the Authentication Context.
- Id string
- The ID of the Authentication Context.
- Identity
Provider stringId - The ID of the Azure identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure identity provider.
- ac
Id string - The ACID of the Authentication Context.
- id string
- The ID of the Authentication Context.
- identity
Provider stringId - The ID of the Azure identity provider.
- ac_
id str - The ACID of the Authentication Context.
- id str
- The ID of the Authentication Context.
- identity_
provider_ strid - The ID of the Azure identity provider.
- ac
Id String - The ACID of the Authentication Context.
- id String
- The ID of the Authentication Context.
- identity
Provider StringId - The ID of the Azure identity provider.
ZeroTrustAccessPolicyRequireAzure, ZeroTrustAccessPolicyRequireAzureArgs
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ids List<string>
- The ID of the Azure group or user.
- Identity
Provider stringId - The ID of the Azure identity provider.
- Ids []string
- The ID of the Azure group or user.
- identity
Provider StringId - The ID of the Azure identity provider.
- ids List<String>
- The ID of the Azure group or user.
- identity
Provider stringId - The ID of the Azure identity provider.
- ids string[]
- The ID of the Azure group or user.
- identity_
provider_ strid - The ID of the Azure identity provider.
- ids Sequence[str]
- The ID of the Azure group or user.
- identity
Provider StringId - The ID of the Azure identity provider.
- ids List<String>
- The ID of the Azure group or user.
ZeroTrustAccessPolicyRequireExternalEvaluation, ZeroTrustAccessPolicyRequireExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessPolicyRequireGithub, ZeroTrustAccessPolicyRequireGithubArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Teams List<string>
- The teams that should be matched.
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Teams []string
- The teams that should be matched.
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- teams List<String>
- The teams that should be matched.
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- teams string[]
- The teams that should be matched.
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- teams Sequence[str]
- The teams that should be matched.
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- teams List<String>
- The teams that should be matched.
ZeroTrustAccessPolicyRequireGsuite, ZeroTrustAccessPolicyRequireGsuiteArgs
- Emails List<string>
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Emails []string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- emails List<String>
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- emails string[]
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- emails Sequence[str]
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- emails List<String>
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessPolicyRequireOkta, ZeroTrustAccessPolicyRequireOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Names List<string>
- The name of the Okta Group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Names []string
- The name of the Okta Group.
- identity
Provider StringId - The ID of your Okta identity provider.
- names List<String>
- The name of the Okta Group.
- identity
Provider stringId - The ID of your Okta identity provider.
- names string[]
- The name of the Okta Group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- names Sequence[str]
- The name of the Okta Group.
- identity
Provider StringId - The ID of your Okta identity provider.
- names List<String>
- The name of the Okta Group.
ZeroTrustAccessPolicyRequireSaml, ZeroTrustAccessPolicyRequireSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
Import
$ pulumi import cloudflare:index/zeroTrustAccessPolicy:ZeroTrustAccessPolicy example account/<account_id>/<application_id>/<policy_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflare
Terraform Provider.