Zero
Cloudflare Access can replace traditional SSH key models with short-lived certificates issued to your users based on the token generated by their Access login.
It's required that an
account_idorzone_idis provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use thezone_idargument.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
// account level
const example = new cloudflare.ZeroTrustAccessShortLivedCertificate("example", {
accountId: "f037e56e89293a057740de681ac9abbe",
applicationId: "6cd6cea3-3ef2-4542-9aea-85a0bbcd5414",
});
// zone level
const anotherExample = new cloudflare.ZeroTrustAccessShortLivedCertificate("another_example", {
zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
applicationId: "fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2",
});Content copied to clipboard
import pulumi
import pulumi_cloudflare as cloudflare
# account level
example = cloudflare.ZeroTrustAccessShortLivedCertificate("example",
account_id="f037e56e89293a057740de681ac9abbe",
application_id="6cd6cea3-3ef2-4542-9aea-85a0bbcd5414")
# zone level
another_example = cloudflare.ZeroTrustAccessShortLivedCertificate("another_example",
zone_id="0da42c8d2132a9ddaf714f9e7c920711",
application_id="fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
// account level
var example = new Cloudflare.ZeroTrustAccessShortLivedCertificate("example", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
ApplicationId = "6cd6cea3-3ef2-4542-9aea-85a0bbcd5414",
});
// zone level
var anotherExample = new Cloudflare.ZeroTrustAccessShortLivedCertificate("another_example", new()
{
ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
ApplicationId = "fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// account level
_, err := cloudflare.NewZeroTrustAccessShortLivedCertificate(ctx, "example", &cloudflare.ZeroTrustAccessShortLivedCertificateArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
ApplicationId: pulumi.String("6cd6cea3-3ef2-4542-9aea-85a0bbcd5414"),
})
if err != nil {
return err
}
// zone level
_, err = cloudflare.NewZeroTrustAccessShortLivedCertificate(ctx, "another_example", &cloudflare.ZeroTrustAccessShortLivedCertificateArgs{
ZoneId: pulumi.String("0da42c8d2132a9ddaf714f9e7c920711"),
ApplicationId: pulumi.String("fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustAccessShortLivedCertificate;
import com.pulumi.cloudflare.ZeroTrustAccessShortLivedCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// account level
var example = new ZeroTrustAccessShortLivedCertificate("example", ZeroTrustAccessShortLivedCertificateArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.applicationId("6cd6cea3-3ef2-4542-9aea-85a0bbcd5414")
.build());
// zone level
var anotherExample = new ZeroTrustAccessShortLivedCertificate("anotherExample", ZeroTrustAccessShortLivedCertificateArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.applicationId("fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2")
.build());
}
}Content copied to clipboard
resources:
# account level
example:
type: cloudflare:ZeroTrustAccessShortLivedCertificate
properties:
accountId: f037e56e89293a057740de681ac9abbe
applicationId: 6cd6cea3-3ef2-4542-9aea-85a0bbcd5414
# zone level
anotherExample:
type: cloudflare:ZeroTrustAccessShortLivedCertificate
name: another_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
applicationId: fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2Content copied to clipboard
Import
Account level CA certificate import.
$ pulumi import cloudflare:index/zeroTrustAccessShortLivedCertificate:ZeroTrustAccessShortLivedCertificate example account/<account_id>/<application_id>Content copied to clipboard
Zone level CA certificate import.
$ pulumi import cloudflare:index/zeroTrustAccessShortLivedCertificate:ZeroTrustAccessShortLivedCertificate example account/<zone_id>/<application_id>Content copied to clipboard