Access
data class AccessRuleArgs(val accountId: Output<String>? = null, val configuration: Output<AccessRuleConfigurationArgs>? = null, val mode: Output<String>? = null, val notes: Output<String>? = null, val zoneId: Output<String>? = null) : ConvertibleToJava<AccessRuleArgs>
Provides a Cloudflare IP Firewall Access Rule resource. Access control can be applied on basis of IP addresses, IP ranges, AS numbers or countries.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
// Challenge requests coming from known Tor exit nodes.
const torExitNodes = new cloudflare.AccessRule("tor_exit_nodes", {
zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
notes: "Requests coming from known Tor exit nodes",
mode: "challenge",
configuration: {
target: "country",
value: "T1",
},
});
// Allowlist requests coming from Antarctica, but only for single zone.
const antarctica = new cloudflare.AccessRule("antarctica", {
zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
notes: "Requests coming from Antarctica",
mode: "whitelist",
configuration: {
target: "country",
value: "AQ",
},
});
const config = new pulumi.Config();
const myOffice = config.getObject<Array<string>>("myOffice") || [
"192.0.2.0/24",
"198.51.100.0/24",
"2001:db8::/56",
];
const officeNetwork: cloudflare.AccessRule[] = [];
for (const range = {value: 0}; range.value < myOffice.length; range.value++) {
officeNetwork.push(new cloudflare.AccessRule(`office_network-${range.value}`, {
accountId: "f037e56e89293a057740de681ac9abbe",
notes: "Requests coming from office network",
mode: "whitelist",
configuration: {
target: "ip_range",
value: myOffice[range.value],
},
}));
}Content copied to clipboard
import pulumi
import pulumi_cloudflare as cloudflare
# Challenge requests coming from known Tor exit nodes.
tor_exit_nodes = cloudflare.AccessRule("tor_exit_nodes",
zone_id="0da42c8d2132a9ddaf714f9e7c920711",
notes="Requests coming from known Tor exit nodes",
mode="challenge",
configuration={
"target": "country",
"value": "T1",
})
# Allowlist requests coming from Antarctica, but only for single zone.
antarctica = cloudflare.AccessRule("antarctica",
zone_id="0da42c8d2132a9ddaf714f9e7c920711",
notes="Requests coming from Antarctica",
mode="whitelist",
configuration={
"target": "country",
"value": "AQ",
})
config = pulumi.Config()
my_office = config.get_object("myOffice")
if my_office is None:
my_office = [
"192.0.2.0/24",
"198.51.100.0/24",
"2001:db8::/56",
]
office_network = []
for range in [{"value": i} for i in range(0, len(my_office))]:
office_network.append(cloudflare.AccessRule(f"office_network-{range['value']}",
account_id="f037e56e89293a057740de681ac9abbe",
notes="Requests coming from office network",
mode="whitelist",
configuration={
"target": "ip_range",
"value": my_office[range["value"]],
}))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
// Challenge requests coming from known Tor exit nodes.
var torExitNodes = new Cloudflare.AccessRule("tor_exit_nodes", new()
{
ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
Notes = "Requests coming from known Tor exit nodes",
Mode = "challenge",
Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
{
Target = "country",
Value = "T1",
},
});
// Allowlist requests coming from Antarctica, but only for single zone.
var antarctica = new Cloudflare.AccessRule("antarctica", new()
{
ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
Notes = "Requests coming from Antarctica",
Mode = "whitelist",
Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
{
Target = "country",
Value = "AQ",
},
});
var config = new Config();
var myOffice = config.GetObject<string[]>("myOffice") ?? new[]
{
"192.0.2.0/24",
"198.51.100.0/24",
"2001:db8::/56",
};
var officeNetwork = new List<Cloudflare.AccessRule>();
for (var rangeIndex = 0; rangeIndex < myOffice.Length; rangeIndex++)
{
var range = new { Value = rangeIndex };
officeNetwork.Add(new Cloudflare.AccessRule($"office_network-{range.Value}", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Notes = "Requests coming from office network",
Mode = "whitelist",
Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
{
Target = "ip_range",
Value = myOffice[range.Value],
},
}));
}
});Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessRule;
import com.pulumi.cloudflare.AccessRuleArgs;
import com.pulumi.cloudflare.inputs.AccessRuleConfigurationArgs;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
// Challenge requests coming from known Tor exit nodes.
var torExitNodes = new AccessRule("torExitNodes", AccessRuleArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.notes("Requests coming from known Tor exit nodes")
.mode("challenge")
.configuration(AccessRuleConfigurationArgs.builder()
.target("country")
.value("T1")
.build())
.build());
// Allowlist requests coming from Antarctica, but only for single zone.
var antarctica = new AccessRule("antarctica", AccessRuleArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.notes("Requests coming from Antarctica")
.mode("whitelist")
.configuration(AccessRuleConfigurationArgs.builder()
.target("country")
.value("AQ")
.build())
.build());
final var myOffice = config.get("myOffice").orElse(
"192.0.2.0/24",
"198.51.100.0/24",
"2001:db8::/56");
for (var i = 0; i < myOffice.length(); i++) {
new AccessRule("officeNetwork-" + i, AccessRuleArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.notes("Requests coming from office network")
.mode("whitelist")
.configuration(AccessRuleConfigurationArgs.builder()
.target("ip_range")
.value(myOffice[range.value()])
.build())
.build());
}
}
}Content copied to clipboard
configuration:
# Allowlist office's network IP ranges on all account zones (or other lists of
# resources).
myOffice:
type: list(string)
default:
- 192.0.2.0/24
- 198.51.100.0/24
- 2001:db8::/56
resources:
# Challenge requests coming from known Tor exit nodes.
torExitNodes:
type: cloudflare:AccessRule
name: tor_exit_nodes
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
notes: Requests coming from known Tor exit nodes
mode: challenge
configuration:
target: country
value: T1
# Allowlist requests coming from Antarctica, but only for single zone.
antarctica:
type: cloudflare:AccessRule
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
notes: Requests coming from Antarctica
mode: whitelist
configuration:
target: country
value: AQ
officeNetwork:
type: cloudflare:AccessRule
name: office_network
properties:
accountId: f037e56e89293a057740de681ac9abbe
notes: Requests coming from office network
mode: whitelist
configuration:
target: ip_range
value:
fn::select:
- ${range.value}
- ${myOffice}
options: {}Content copied to clipboard
Import
User level access rule import.
$ pulumi import cloudflare:index/accessRule:AccessRule default user/<user_id>/<rule_id>Content copied to clipboard
Zone level access rule import.
$ pulumi import cloudflare:index/accessRule:AccessRule default zone/<zone_id>/<rule_id>Content copied to clipboard
Account level access rule import.
$ pulumi import cloudflare:index/accessRule:AccessRule default account/<account_id>/<rule_id>Content copied to clipboard
Constructors
Link copied to clipboard
constructor(accountId: Output<String>? = null, configuration: Output<AccessRuleConfigurationArgs>? = null, mode: Output<String>? = null, notes: Output<String>? = null, zoneId: Output<String>? = null)