pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/AccessPolicy

AccessPolicy

class AccessPolicy : KotlinCustomResource

Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

It's required that an account_id or zone_id is provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use the zone_id argument.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessPolicy;
import com.pulumi.cloudflare.AccessPolicyArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyIncludeArgs;
import com.pulumi.cloudflare.inputs.AccessPolicyRequireArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var testPolicyAccessPolicy = new AccessPolicy("testPolicyAccessPolicy", AccessPolicyArgs.builder()
            .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .name("staging policy")
            .precedence("1")
            .decision("allow")
            .includes(AccessPolicyIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .requires(AccessPolicyRequireArgs.builder()
                .emails("test@example.com")
                .build())
            .build());
        var testPolicyIndex_accessPolicyAccessPolicy = new AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", AccessPolicyArgs.builder()
            .applicationId("cb029e245cfdd66dc8d2e570d5dd3322")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .name("staging policy")
            .precedence("1")
            .decision("allow")
            .includes(AccessPolicyIncludeArgs.builder()
                .emails("test@example.com")
                .build())
            .requires(AccessPolicyRequireArgs.builder()
                .ips(var_.office_ip())
                .build())
            .build());
    }
}

Import

Account level import.

$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>

Zone level import.

$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example zone/<zone_id>/<application_id>/<policy_id>

Properties

accountId

val accountId: Output<String>

The account identifier to target for the resource. Conflicts with zone_id.

applicationId

val applicationId: Output<String>

The ID of the application the policy is associated with.

approvalGroups

val approvalGroups: Output<List<AccessPolicyApprovalGroup>>?

approvalRequired

val approvalRequired: Output<Boolean>?

decision

val decision: Output<String>

Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.

excludes

val excludes: Output<List<AccessPolicyExclude>>?

A series of access conditions, see Access Groups.

val id: Output<String>

includes

val includes: Output<List<AccessPolicyInclude>>

A series of access conditions, see Access Groups.

isolationRequired

val isolationRequired: Output<Boolean>?

Require this application to be served in an isolated browser for users matching this policy.

name

val name: Output<String>

Friendly name of the Access Policy.

precedence

val precedence: Output<Int>

The unique precedence for policies on a single application.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

purposeJustificationPrompt

val purposeJustificationPrompt: Output<String>?

The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.

purposeJustificationRequired

val purposeJustificationRequired: Output<Boolean>?

Whether to prompt the user for a justification for accessing the resource.

requires

val requires: Output<List<AccessPolicyRequire>>?

A series of access conditions, see Access Groups.

sessionDuration

val sessionDuration: Output<String>?

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

urn

val urn: Output<String>

zoneId

val zoneId: Output<String>

The zone identifier to target for the resource. Conflicts with account_id.