pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/AccessPolicyArgs

AccessPolicyArgs

data class AccessPolicyArgs(val accountId: Output<String>? = null, val applicationId: Output<String>? = null, val approvalGroups: Output<List<AccessPolicyApprovalGroupArgs>>? = null, val approvalRequired: Output<Boolean>? = null, val decision: Output<String>? = null, val excludes: Output<List<AccessPolicyExcludeArgs>>? = null, val includes: Output<List<AccessPolicyIncludeArgs>>? = null, val name: Output<String>? = null, val precedence: Output<Int>? = null, val purposeJustificationPrompt: Output<String>? = null, val purposeJustificationRequired: Output<Boolean>? = null, val requires: Output<List<AccessPolicyRequireArgs>>? = null, val zoneId: Output<String>? = null) : ConvertibleToJava<AccessPolicyArgs>

Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

It's required that an account_id or zone_id is provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use the zone_id argument.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessPolicy;
import com.pulumi.cloudflare.AccessPolicyArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyIncludeArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyRequireArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var testPolicyAccessPolicy = new AccessPolicy("testPolicyAccessPolicy", AccessPolicyArgs.builder()
            .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .name("staging policy")
            .precedence("1")
            .decision("allow")
            .includes(AccessPolicyIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .requires(AccessPolicyRequireArgs.builder()
                .emails("test@example.com")
                .build())
            .build());
        var testPolicyIndex_accessPolicyAccessPolicy = new AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", AccessPolicyArgs.builder()
            .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .name("staging policy")
            .precedence("1")
            .decision("allow")
            .includes(AccessPolicyIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .requires(AccessPolicyRequireArgs.builder()
                .ips(var_.office_ip())
                .build())
            .build());
    }
}

Import

Account level import.

$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>

Zone level import.

$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example zone/<zone_id>/<application_id>/<policy_id>

Constructors

AccessPolicyArgs

constructor(accountId: Output<String>? = null, applicationId: Output<String>? = null, approvalGroups: Output<List<AccessPolicyApprovalGroupArgs>>? = null, approvalRequired: Output<Boolean>? = null, decision: Output<String>? = null, excludes: Output<List<AccessPolicyExcludeArgs>>? = null, includes: Output<List<AccessPolicyIncludeArgs>>? = null, name: Output<String>? = null, precedence: Output<Int>? = null, purposeJustificationPrompt: Output<String>? = null, purposeJustificationRequired: Output<Boolean>? = null, requires: Output<List<AccessPolicyRequireArgs>>? = null, zoneId: Output<String>? = null)