Access
data class AccessPolicyArgs(val accountId: Output<String>? = null, val applicationId: Output<String>? = null, val approvalGroups: Output<List<AccessPolicyApprovalGroupArgs>>? = null, val approvalRequired: Output<Boolean>? = null, val decision: Output<String>? = null, val excludes: Output<List<AccessPolicyExcludeArgs>>? = null, val includes: Output<List<AccessPolicyIncludeArgs>>? = null, val name: Output<String>? = null, val precedence: Output<Int>? = null, val purposeJustificationPrompt: Output<String>? = null, val purposeJustificationRequired: Output<Boolean>? = null, val requires: Output<List<AccessPolicyRequireArgs>>? = null, val zoneId: Output<String>? = null) : ConvertibleToJava<AccessPolicyArgs>
Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.
It's required that an
account_idorzone_idis provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use thezone_idargument.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessPolicy;
import com.pulumi.cloudflare.AccessPolicyArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyIncludeArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyRequireArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testPolicyAccessPolicy = new AccessPolicy("testPolicyAccessPolicy", AccessPolicyArgs.builder()
.applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("staging policy")
.precedence("1")
.decision("allow")
.includes(AccessPolicyIncludeArgs.builder()
.emails("test@example.com")
.build())
.requires(AccessPolicyRequireArgs.builder()
.emails("test@example.com")
.build())
.build());
var testPolicyIndex_accessPolicyAccessPolicy = new AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", AccessPolicyArgs.builder()
.applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("staging policy")
.precedence("1")
.decision("allow")
.includes(AccessPolicyIncludeArgs.builder()
.emails("test@example.com")
.build())
.requires(AccessPolicyRequireArgs.builder()
.ips(var_.office_ip())
.build())
.build());
}
}Content copied to clipboard
Import
Account level import.
$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>Content copied to clipboard
Zone level import.
$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example zone/<zone_id>/<application_id>/<policy_id>Content copied to clipboard
Constructors
Link copied to clipboard
fun AccessPolicyArgs(accountId: Output<String>? = null, applicationId: Output<String>? = null, approvalGroups: Output<List<AccessPolicyApprovalGroupArgs>>? = null, approvalRequired: Output<Boolean>? = null, decision: Output<String>? = null, excludes: Output<List<AccessPolicyExcludeArgs>>? = null, includes: Output<List<AccessPolicyIncludeArgs>>? = null, name: Output<String>? = null, precedence: Output<Int>? = null, purposeJustificationPrompt: Output<String>? = null, purposeJustificationRequired: Output<Boolean>? = null, requires: Output<List<AccessPolicyRequireArgs>>? = null, zoneId: Output<String>? = null)