Zero
data class ZeroTrustGatewayPolicyArgs(val accountId: Output<String>? = null, val action: Output<String>? = null, val description: Output<String>? = null, val devicePosture: Output<String>? = null, val enabled: Output<Boolean>? = null, val expiration: Output<ZeroTrustGatewayPolicyExpirationArgs>? = null, val filters: Output<List<String>>? = null, val identity: Output<String>? = null, val name: Output<String>? = null, val precedence: Output<Int>? = null, val ruleSettings: Output<ZeroTrustGatewayPolicyRuleSettingsArgs>? = null, val schedule: Output<ZeroTrustGatewayPolicyScheduleArgs>? = null, val traffic: Output<String>? = null) : ConvertibleToJava<ZeroTrustGatewayPolicyArgs>
Example Usage
resources:
exampleZeroTrustGatewayPolicy:
type: cloudflare:ZeroTrustGatewayPolicy
name: example_zero_trust_gateway_policy
properties:
accountId: 699d98642c564d2e855e9661899b7252
action: on
name: block bad websites
description: Block bad websites based on their host name.
devicePosture: any(device_posture.checks.passed[*] in {"1308749e-fcfb-4ebc-b051-fe022b632644"})
enabled: true
expiration:
expires_at: 2014-01-01T05:20:20Z
duration: 10
expired: false
filters:
- http
identity: any(identity.groups.name[*] in {"finance"})
precedence: 0
ruleSettings:
add_headers:
foo: string
allow_child_bypass: false
audit_ssh:
commandLogging: false
biso_admin_controls:
copy: enabled
dcp: false
dd: false
dk: false
download: enabled
dp: false
du: false
keyboard: enabled
paste: enabled
printing: enabled
upload: enabled
version: v1
block_page_enabled: true
block_reason: This website is a security risk
bypass_parent_rule: false
check_session:
duration: 300s
enforce: true
dns_resolvers:
ipv4:
- ip: 2.2.2.2
port: 5053
routeThroughPrivateNetwork: true
vnetId: f174e90a-fafe-4643-bbbc-4a0ed4fc8415
ipv6:
- ip: '2001:DB8::'
port: 5053
routeThroughPrivateNetwork: true
vnetId: f174e90a-fafe-4643-bbbc-4a0ed4fc8415
egress:
ipv4: 192.0.2.2
ipv4Fallback: 192.0.2.3
ipv6: 2001:DB8::/64
ignore_cname_category_matches: true
insecure_disable_dnssec_validation: false
ip_categories: true
ip_indicator_feeds: true
l4override:
ip: 1.1.1.1
port: 0
notification_settings:
enabled: true
msg: msg
supportUrl: support_url
override_host: example.com
override_ips:
- 1.1.1.1
- 2.2.2.2
payload_log:
enabled: true
quarantine:
fileTypes:
- exe
resolve_dns_internally:
fallback: none
viewId: view_id
resolve_dns_through_cloudflare: true
untrusted_cert:
action: pass_through
schedule:
fri: 08:00-12:30,13:30-17:00
mon: 08:00-12:30,13:30-17:00
sat: 08:00-12:30,13:30-17:00
sun: 08:00-12:30,13:30-17:00
thu: 08:00-12:30,13:30-17:00
time_zone: America/New York
tue: 08:00-12:30,13:30-17:00
wed: 08:00-12:30,13:30-17:00
traffic: http.request.uri matches ".*a/partial/uri.*" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10Content copied to clipboard
Import
$ pulumi import cloudflare:index/zeroTrustGatewayPolicy:ZeroTrustGatewayPolicy example '<account_id>/<rule_id>'Content copied to clipboard
Constructors
Link copied to clipboard
constructor(accountId: Output<String>? = null, action: Output<String>? = null, description: Output<String>? = null, devicePosture: Output<String>? = null, enabled: Output<Boolean>? = null, expiration: Output<ZeroTrustGatewayPolicyExpirationArgs>? = null, filters: Output<List<String>>? = null, identity: Output<String>? = null, name: Output<String>? = null, precedence: Output<Int>? = null, ruleSettings: Output<ZeroTrustGatewayPolicyRuleSettingsArgs>? = null, schedule: Output<ZeroTrustGatewayPolicyScheduleArgs>? = null, traffic: Output<String>? = null)
Properties
Link copied to clipboard
The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine".
Link copied to clipboard
The description of the rule.
Link copied to clipboard
The wirefilter expression used for device posture check matching.
Link copied to clipboard
The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
Link copied to clipboard
Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
Link copied to clipboard
Additional settings that modify the rule's action.
Link copied to clipboard
The schedule for activating DNS policies. This does not apply to HTTP or network policies.