pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/AccessPolicy

AccessPolicy

class ~~AccessPolicy~~ : KotlinCustomResource

Deprecated

cloudflare.index/accesspolicy.AccessPolicy has been deprecated in favor of cloudflare.index/zerotrustaccesspolicy.ZeroTrustAccessPolicy

If 'application_id' is omitted, the policy created can be reused by multiple access applications. Any cloudflare.ZeroTrustAccessApplication resource can reference reusable policies through its policies argument. To destroy a reusable policy and remove it from all applications' policies lists on the same apply, preemptively set the lifecycle option create_before_destroy to true on the 'cloudflare_zero_trust_access_policy' resource.

Example Usage

resources:
  exampleZeroTrustAccessPolicy:
    type: cloudflare:ZeroTrustAccessPolicy
    name: example_zero_trust_access_policy
    properties:
      accountId: 023e105f4ecef8ad9ca31a8372d0c353
      decision: allow
      includes:
        - group:
            id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
      name: Allow devs
      approvalGroups:
        - approvals_needed: 1
          email_addresses:
            - test1@cloudflare.com
            - test2@cloudflare.com
          email_list_uuid: email_list_uuid
        - approvals_needed: 3
          email_addresses:
            - test@cloudflare.com
            - test2@cloudflare.com
          email_list_uuid: 597147a1-976b-4ef2-9af0-81d5d007fc34
      approvalRequired: true
      excludes:
        - group:
            id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
      isolationRequired: false
      purposeJustificationPrompt: Please enter a justification for entering this protected domain.
      purposeJustificationRequired: true
      requires:
        - group:
            id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
      sessionDuration: 24h

Import

$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example '<account_id>/<policy_id>'

Properties

accountId

val accountId: Output<String>

Identifier

appCount

val appCount: Output<Int>

Number of access applications currently using this policy.

approvalGroups

val approvalGroups: Output<List<AccessPolicyApprovalGroup>>

Administrators who can approve a temporary authentication request.

approvalRequired

val approvalRequired: Output<Boolean>

Requires the user to request access from an administrator at the start of each session.

createdAt

val createdAt: Output<String>

decision

val decision: Output<String>

The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".

excludes

val excludes: Output<List<AccessPolicyExclude>>

Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.

val id: Output<String>

includes

val includes: Output<List<AccessPolicyInclude>>

Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.

isolationRequired

val isolationRequired: Output<Boolean>

Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.

name

val name: Output<String>

The name of the Access policy.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

purposeJustificationPrompt

val purposeJustificationPrompt: Output<String>?

A custom message that will appear on the purpose justification screen.

purposeJustificationRequired

val purposeJustificationRequired: Output<Boolean>

Require users to enter a justification when they log in to the application.

requires

val requires: Output<List<AccessPolicyRequire>>

Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.

reusable

val reusable: Output<Boolean>

sessionDuration

val sessionDuration: Output<String>

The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.

updatedAt

val updatedAt: Output<String>

urn

val urn: Output<String>