pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/AccessApplication

AccessApplication

class AccessApplication : KotlinCustomResource

Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

It's required that an account_id or zone_id is provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use the zone_id argument.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessApplication;
import com.pulumi.cloudflare.AccessApplicationArgs;
import com.pulumi.cloudflare.inputs.AccessApplicationCorsHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var stagingApp = new AccessApplication("stagingApp", AccessApplicationArgs.builder()
            .corsHeaders(AccessApplicationCorsHeaderArgs.builder()
                .allowCredentials(true)
                .allowedMethods(
                    "GET",
                    "POST",
                    "OPTIONS")
                .allowedOrigins("https://example.com")
                .maxAge(10)
                .build())
            .domain("staging.example.com")
            .name("staging application")
            .sessionDuration("24h")
            .type("self_hosted")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .build());
    }
}
Content copied to clipboard

Import

$ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
Content copied to clipboard

Properties

Link copied to clipboard
val accountId: Output<String>

The account identifier to target for the resource. Conflicts with zone_id.

Link copied to clipboard
val allowedIdps: Output<List<String>>?

The identity providers selected for the application.

Link copied to clipboard
val appLauncherVisible: Output<Boolean>?

Option to show/hide applications in App Launcher. Defaults to true.

Link copied to clipboard
val aud: Output<String>

Application Audience (AUD) Tag of the application.

Link copied to clipboard
val autoRedirectToIdentity: Output<Boolean>?

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

Link copied to clipboard
val corsHeaders: Output<List<AccessApplicationCorsHeader>>?

CORS configuration for the Access Application. See below for reference structure.

Link copied to clipboard
val customDenyMessage: Output<String>?

Option that returns a custom error message when a user is denied access to the application.

Link copied to clipboard
val customDenyUrl: Output<String>?

Option that redirects to a custom URL when a user is denied access to the application.

Link copied to clipboard
val domain: Output<String>

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

Link copied to clipboard
val enableBindingCookie: Output<Boolean>?

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

Link copied to clipboard
val httpOnlyCookieAttribute: Output<Boolean>?

Option to add the HttpOnly cookie flag to access tokens.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val logoUrl: Output<String>?

Image URL for the logo shown in the app launcher dashboard.

Link copied to clipboard
val name: Output<String>

Friendly name of the Access Application.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val saasApp: Output<AccessApplicationSaasApp>?

SaaS configuration for the Access Application.

Link copied to clipboard
val sameSiteCookieAttribute: Output<String>?

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

Link copied to clipboard
val serviceAuth401Redirect: Output<Boolean>?

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

Link copied to clipboard
val sessionDuration: Output<String>?

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

Link copied to clipboard
val skipInterstitial: Output<Boolean>?

Option to skip the authorization interstitial when using the CLI. Defaults to false.

Link copied to clipboard
val type: Output<String>?

The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp. Defaults to self_hosted.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val zoneId: Output<String>

The zone identifier to target for the resource. Conflicts with account_id.