Cloudflare v5.33.1, Jun 26 24

Cloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi

cloudflare.AccessPolicy

Explore with Pulumi AI

Cloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi

It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument. If ‘application_id’ is omitted, the policy created can be reused by multiple access applications. Any cloudflare.AccessApplication resource can reference reusable policies through its policies argument. To destroy a reusable policy and remove it from all applications’ policies lists on the same apply, preemptively set the lifecycle option create_before_destroy to true on the ‘cloudflare_access_policy’ resource.

Create AccessPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);

@overload
def AccessPolicy(resource_name: str,
                 args: AccessPolicyArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def AccessPolicy(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 decision: Optional[str] = None,
                 name: Optional[str] = None,
                 includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
                 approval_required: Optional[bool] = None,
                 account_id: Optional[str] = None,
                 excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
                 approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
                 isolation_required: Optional[bool] = None,
                 application_id: Optional[str] = None,
                 precedence: Optional[int] = None,
                 purpose_justification_prompt: Optional[str] = None,
                 purpose_justification_required: Optional[bool] = None,
                 requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
                 session_duration: Optional[str] = None,
                 zone_id: Optional[str] = None)

func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)

public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)

public AccessPolicy(String name, AccessPolicyArgs args)
public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)

type: cloudflare:AccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AccessPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AccessPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AccessPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccessPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AccessPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var accessPolicyResource = new Cloudflare.AccessPolicy("accessPolicyResource", new()
{
    Decision = "string",
    Name = "string",
    Includes = new[]
    {
        new Cloudflare.Inputs.AccessPolicyIncludeArgs
        {
            AnyValidServiceToken = false,
            AuthContexts = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeAuthContextArgs
                {
                    AcId = "string",
                    Id = "string",
                    IdentityProviderId = "string",
                },
            },
            AuthMethod = "string",
            Azures = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeAzureArgs
                {
                    IdentityProviderId = "string",
                    Ids = new[]
                    {
                        "string",
                    },
                },
            },
            Certificate = false,
            CommonName = "string",
            CommonNames = new[]
            {
                "string",
            },
            DevicePostures = new[]
            {
                "string",
            },
            EmailDomains = new[]
            {
                "string",
            },
            EmailLists = new[]
            {
                "string",
            },
            Emails = new[]
            {
                "string",
            },
            Everyone = false,
            ExternalEvaluation = new Cloudflare.Inputs.AccessPolicyIncludeExternalEvaluationArgs
            {
                EvaluateUrl = "string",
                KeysUrl = "string",
            },
            Geos = new[]
            {
                "string",
            },
            Githubs = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeGithubArgs
                {
                    IdentityProviderId = "string",
                    Name = "string",
                    Teams = new[]
                    {
                        "string",
                    },
                },
            },
            Groups = new[]
            {
                "string",
            },
            Gsuites = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeGsuiteArgs
                {
                    Emails = new[]
                    {
                        "string",
                    },
                    IdentityProviderId = "string",
                },
            },
            IpLists = new[]
            {
                "string",
            },
            Ips = new[]
            {
                "string",
            },
            LoginMethods = new[]
            {
                "string",
            },
            Oktas = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeOktaArgs
                {
                    IdentityProviderId = "string",
                    Names = new[]
                    {
                        "string",
                    },
                },
            },
            Samls = new[]
            {
                new Cloudflare.Inputs.AccessPolicyIncludeSamlArgs
                {
                    AttributeName = "string",
                    AttributeValue = "string",
                    IdentityProviderId = "string",
                },
            },
            ServiceTokens = new[]
            {
                "string",
            },
        },
    },
    ApprovalRequired = false,
    AccountId = "string",
    Excludes = new[]
    {
        new Cloudflare.Inputs.AccessPolicyExcludeArgs
        {
            AnyValidServiceToken = false,
            AuthContexts = new[]
            {
                new Cloudflare.Inputs.AccessPolicyExcludeAuthContextArgs
                {
                    AcId = "string",
                    Id = "string",
                    IdentityProviderId = "string",
                },
            },
            AuthMethod = "string",
            Azures = new[]
            {
                new Cloudflare.Inputs.AccessPolicyExcludeAzureArgs
                {
                    IdentityProviderId = "string",
                    Ids = new[]
                    {
                        "string",
                    },
                },
            },
            Certificate = false,
            CommonName = "string",
            CommonNames = new[]
            {
                "string",
            },
            DevicePostures = new[]
            {
                "string",
            },
            EmailDomains = new[]
            {
                "string",
            },
            EmailLists = new[]
            {
                "string",
            },
            Emails = new[]
            {
                "string",
            },
            Everyone = false,
            ExternalEvaluation = new Cloudflare.Inputs.AccessPolicyExcludeExternalEvaluationArgs
            {
                EvaluateUrl = "string",
                KeysUrl = "string",
            },
            Geos = new[]
            {
                "string",
            },
            Githubs = new[]
            {
                new Cloudflare.Inputs.AccessPolicyExcludeGithubArgs
                {
                    IdentityProviderId = "string",
                    Name = "string",
                    Teams = new[]
                    {
                        "string",
                    },
                },
            },
            Groups = new[]
            {
                "string",
            },
            Gsuites = new[]
            {
                new Cloudflare.Inputs.AccessPolicyExcludeGsuiteArgs
                {
                    Emails = new[]
                    {
                        "string",
                    },
                    IdentityProviderId = "string",
                },
            },
            IpLists = new[]
            {
                "string",
            },
            Ips = new[]
            {
                "string",
            },
            LoginMethods = new[]
            {
                "string",
            },
            Oktas = new[]
            {
                new Cloudflare.Inputs.AccessPolicyExcludeOktaArgs
                {
                    IdentityProviderId = "string",
                    Names = new[]
                    {
                        "string",
                    },
                },
            },
            Samls = new[]
            {
                new Cloudflare.Inputs.AccessPolicyExcludeSamlArgs
                {
                    AttributeName = "string",
                    AttributeValue = "string",
                    IdentityProviderId = "string",
                },
            },
            ServiceTokens = new[]
            {
                "string",
            },
        },
    },
    ApprovalGroups = new[]
    {
        new Cloudflare.Inputs.AccessPolicyApprovalGroupArgs
        {
            ApprovalsNeeded = 0,
            EmailAddresses = new[]
            {
                "string",
            },
            EmailListUuid = "string",
        },
    },
    IsolationRequired = false,
    PurposeJustificationPrompt = "string",
    PurposeJustificationRequired = false,
    Requires = new[]
    {
        new Cloudflare.Inputs.AccessPolicyRequireArgs
        {
            AnyValidServiceToken = false,
            AuthContexts = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireAuthContextArgs
                {
                    AcId = "string",
                    Id = "string",
                    IdentityProviderId = "string",
                },
            },
            AuthMethod = "string",
            Azures = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireAzureArgs
                {
                    IdentityProviderId = "string",
                    Ids = new[]
                    {
                        "string",
                    },
                },
            },
            Certificate = false,
            CommonName = "string",
            CommonNames = new[]
            {
                "string",
            },
            DevicePostures = new[]
            {
                "string",
            },
            EmailDomains = new[]
            {
                "string",
            },
            EmailLists = new[]
            {
                "string",
            },
            Emails = new[]
            {
                "string",
            },
            Everyone = false,
            ExternalEvaluation = new Cloudflare.Inputs.AccessPolicyRequireExternalEvaluationArgs
            {
                EvaluateUrl = "string",
                KeysUrl = "string",
            },
            Geos = new[]
            {
                "string",
            },
            Githubs = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireGithubArgs
                {
                    IdentityProviderId = "string",
                    Name = "string",
                    Teams = new[]
                    {
                        "string",
                    },
                },
            },
            Groups = new[]
            {
                "string",
            },
            Gsuites = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireGsuiteArgs
                {
                    Emails = new[]
                    {
                        "string",
                    },
                    IdentityProviderId = "string",
                },
            },
            IpLists = new[]
            {
                "string",
            },
            Ips = new[]
            {
                "string",
            },
            LoginMethods = new[]
            {
                "string",
            },
            Oktas = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireOktaArgs
                {
                    IdentityProviderId = "string",
                    Names = new[]
                    {
                        "string",
                    },
                },
            },
            Samls = new[]
            {
                new Cloudflare.Inputs.AccessPolicyRequireSamlArgs
                {
                    AttributeName = "string",
                    AttributeValue = "string",
                    IdentityProviderId = "string",
                },
            },
            ServiceTokens = new[]
            {
                "string",
            },
        },
    },
    SessionDuration = "string",
    ZoneId = "string",
});

example, err := cloudflare.NewAccessPolicy(ctx, "accessPolicyResource", &cloudflare.AccessPolicyArgs{
	Decision: pulumi.String("string"),
	Name:     pulumi.String("string"),
	Includes: cloudflare.AccessPolicyIncludeArray{
		&cloudflare.AccessPolicyIncludeArgs{
			AnyValidServiceToken: pulumi.Bool(false),
			AuthContexts: cloudflare.AccessPolicyIncludeAuthContextArray{
				&cloudflare.AccessPolicyIncludeAuthContextArgs{
					AcId:               pulumi.String("string"),
					Id:                 pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			AuthMethod: pulumi.String("string"),
			Azures: cloudflare.AccessPolicyIncludeAzureArray{
				&cloudflare.AccessPolicyIncludeAzureArgs{
					IdentityProviderId: pulumi.String("string"),
					Ids: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Certificate: pulumi.Bool(false),
			CommonName:  pulumi.String("string"),
			CommonNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			DevicePostures: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailDomains: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Emails: pulumi.StringArray{
				pulumi.String("string"),
			},
			Everyone: pulumi.Bool(false),
			ExternalEvaluation: &cloudflare.AccessPolicyIncludeExternalEvaluationArgs{
				EvaluateUrl: pulumi.String("string"),
				KeysUrl:     pulumi.String("string"),
			},
			Geos: pulumi.StringArray{
				pulumi.String("string"),
			},
			Githubs: cloudflare.AccessPolicyIncludeGithubArray{
				&cloudflare.AccessPolicyIncludeGithubArgs{
					IdentityProviderId: pulumi.String("string"),
					Name:               pulumi.String("string"),
					Teams: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Groups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Gsuites: cloudflare.AccessPolicyIncludeGsuiteArray{
				&cloudflare.AccessPolicyIncludeGsuiteArgs{
					Emails: pulumi.StringArray{
						pulumi.String("string"),
					},
					IdentityProviderId: pulumi.String("string"),
				},
			},
			IpLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Ips: pulumi.StringArray{
				pulumi.String("string"),
			},
			LoginMethods: pulumi.StringArray{
				pulumi.String("string"),
			},
			Oktas: cloudflare.AccessPolicyIncludeOktaArray{
				&cloudflare.AccessPolicyIncludeOktaArgs{
					IdentityProviderId: pulumi.String("string"),
					Names: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Samls: cloudflare.AccessPolicyIncludeSamlArray{
				&cloudflare.AccessPolicyIncludeSamlArgs{
					AttributeName:      pulumi.String("string"),
					AttributeValue:     pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			ServiceTokens: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	ApprovalRequired: pulumi.Bool(false),
	AccountId:        pulumi.String("string"),
	Excludes: cloudflare.AccessPolicyExcludeArray{
		&cloudflare.AccessPolicyExcludeArgs{
			AnyValidServiceToken: pulumi.Bool(false),
			AuthContexts: cloudflare.AccessPolicyExcludeAuthContextArray{
				&cloudflare.AccessPolicyExcludeAuthContextArgs{
					AcId:               pulumi.String("string"),
					Id:                 pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			AuthMethod: pulumi.String("string"),
			Azures: cloudflare.AccessPolicyExcludeAzureArray{
				&cloudflare.AccessPolicyExcludeAzureArgs{
					IdentityProviderId: pulumi.String("string"),
					Ids: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Certificate: pulumi.Bool(false),
			CommonName:  pulumi.String("string"),
			CommonNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			DevicePostures: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailDomains: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Emails: pulumi.StringArray{
				pulumi.String("string"),
			},
			Everyone: pulumi.Bool(false),
			ExternalEvaluation: &cloudflare.AccessPolicyExcludeExternalEvaluationArgs{
				EvaluateUrl: pulumi.String("string"),
				KeysUrl:     pulumi.String("string"),
			},
			Geos: pulumi.StringArray{
				pulumi.String("string"),
			},
			Githubs: cloudflare.AccessPolicyExcludeGithubArray{
				&cloudflare.AccessPolicyExcludeGithubArgs{
					IdentityProviderId: pulumi.String("string"),
					Name:               pulumi.String("string"),
					Teams: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Groups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Gsuites: cloudflare.AccessPolicyExcludeGsuiteArray{
				&cloudflare.AccessPolicyExcludeGsuiteArgs{
					Emails: pulumi.StringArray{
						pulumi.String("string"),
					},
					IdentityProviderId: pulumi.String("string"),
				},
			},
			IpLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Ips: pulumi.StringArray{
				pulumi.String("string"),
			},
			LoginMethods: pulumi.StringArray{
				pulumi.String("string"),
			},
			Oktas: cloudflare.AccessPolicyExcludeOktaArray{
				&cloudflare.AccessPolicyExcludeOktaArgs{
					IdentityProviderId: pulumi.String("string"),
					Names: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Samls: cloudflare.AccessPolicyExcludeSamlArray{
				&cloudflare.AccessPolicyExcludeSamlArgs{
					AttributeName:      pulumi.String("string"),
					AttributeValue:     pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			ServiceTokens: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	ApprovalGroups: cloudflare.AccessPolicyApprovalGroupArray{
		&cloudflare.AccessPolicyApprovalGroupArgs{
			ApprovalsNeeded: pulumi.Int(0),
			EmailAddresses: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailListUuid: pulumi.String("string"),
		},
	},
	IsolationRequired:            pulumi.Bool(false),
	PurposeJustificationPrompt:   pulumi.String("string"),
	PurposeJustificationRequired: pulumi.Bool(false),
	Requires: cloudflare.AccessPolicyRequireArray{
		&cloudflare.AccessPolicyRequireArgs{
			AnyValidServiceToken: pulumi.Bool(false),
			AuthContexts: cloudflare.AccessPolicyRequireAuthContextArray{
				&cloudflare.AccessPolicyRequireAuthContextArgs{
					AcId:               pulumi.String("string"),
					Id:                 pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			AuthMethod: pulumi.String("string"),
			Azures: cloudflare.AccessPolicyRequireAzureArray{
				&cloudflare.AccessPolicyRequireAzureArgs{
					IdentityProviderId: pulumi.String("string"),
					Ids: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Certificate: pulumi.Bool(false),
			CommonName:  pulumi.String("string"),
			CommonNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			DevicePostures: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailDomains: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Emails: pulumi.StringArray{
				pulumi.String("string"),
			},
			Everyone: pulumi.Bool(false),
			ExternalEvaluation: &cloudflare.AccessPolicyRequireExternalEvaluationArgs{
				EvaluateUrl: pulumi.String("string"),
				KeysUrl:     pulumi.String("string"),
			},
			Geos: pulumi.StringArray{
				pulumi.String("string"),
			},
			Githubs: cloudflare.AccessPolicyRequireGithubArray{
				&cloudflare.AccessPolicyRequireGithubArgs{
					IdentityProviderId: pulumi.String("string"),
					Name:               pulumi.String("string"),
					Teams: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Groups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Gsuites: cloudflare.AccessPolicyRequireGsuiteArray{
				&cloudflare.AccessPolicyRequireGsuiteArgs{
					Emails: pulumi.StringArray{
						pulumi.String("string"),
					},
					IdentityProviderId: pulumi.String("string"),
				},
			},
			IpLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Ips: pulumi.StringArray{
				pulumi.String("string"),
			},
			LoginMethods: pulumi.StringArray{
				pulumi.String("string"),
			},
			Oktas: cloudflare.AccessPolicyRequireOktaArray{
				&cloudflare.AccessPolicyRequireOktaArgs{
					IdentityProviderId: pulumi.String("string"),
					Names: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Samls: cloudflare.AccessPolicyRequireSamlArray{
				&cloudflare.AccessPolicyRequireSamlArgs{
					AttributeName:      pulumi.String("string"),
					AttributeValue:     pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			ServiceTokens: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	SessionDuration: pulumi.String("string"),
	ZoneId:          pulumi.String("string"),
})

var accessPolicyResource = new AccessPolicy("accessPolicyResource", AccessPolicyArgs.builder()
    .decision("string")
    .name("string")
    .includes(AccessPolicyIncludeArgs.builder()
        .anyValidServiceToken(false)
        .authContexts(AccessPolicyIncludeAuthContextArgs.builder()
            .acId("string")
            .id("string")
            .identityProviderId("string")
            .build())
        .authMethod("string")
        .azures(AccessPolicyIncludeAzureArgs.builder()
            .identityProviderId("string")
            .ids("string")
            .build())
        .certificate(false)
        .commonName("string")
        .commonNames("string")
        .devicePostures("string")
        .emailDomains("string")
        .emailLists("string")
        .emails("string")
        .everyone(false)
        .externalEvaluation(AccessPolicyIncludeExternalEvaluationArgs.builder()
            .evaluateUrl("string")
            .keysUrl("string")
            .build())
        .geos("string")
        .githubs(AccessPolicyIncludeGithubArgs.builder()
            .identityProviderId("string")
            .name("string")
            .teams("string")
            .build())
        .groups("string")
        .gsuites(AccessPolicyIncludeGsuiteArgs.builder()
            .emails("string")
            .identityProviderId("string")
            .build())
        .ipLists("string")
        .ips("string")
        .loginMethods("string")
        .oktas(AccessPolicyIncludeOktaArgs.builder()
            .identityProviderId("string")
            .names("string")
            .build())
        .samls(AccessPolicyIncludeSamlArgs.builder()
            .attributeName("string")
            .attributeValue("string")
            .identityProviderId("string")
            .build())
        .serviceTokens("string")
        .build())
    .approvalRequired(false)
    .accountId("string")
    .excludes(AccessPolicyExcludeArgs.builder()
        .anyValidServiceToken(false)
        .authContexts(AccessPolicyExcludeAuthContextArgs.builder()
            .acId("string")
            .id("string")
            .identityProviderId("string")
            .build())
        .authMethod("string")
        .azures(AccessPolicyExcludeAzureArgs.builder()
            .identityProviderId("string")
            .ids("string")
            .build())
        .certificate(false)
        .commonName("string")
        .commonNames("string")
        .devicePostures("string")
        .emailDomains("string")
        .emailLists("string")
        .emails("string")
        .everyone(false)
        .externalEvaluation(AccessPolicyExcludeExternalEvaluationArgs.builder()
            .evaluateUrl("string")
            .keysUrl("string")
            .build())
        .geos("string")
        .githubs(AccessPolicyExcludeGithubArgs.builder()
            .identityProviderId("string")
            .name("string")
            .teams("string")
            .build())
        .groups("string")
        .gsuites(AccessPolicyExcludeGsuiteArgs.builder()
            .emails("string")
            .identityProviderId("string")
            .build())
        .ipLists("string")
        .ips("string")
        .loginMethods("string")
        .oktas(AccessPolicyExcludeOktaArgs.builder()
            .identityProviderId("string")
            .names("string")
            .build())
        .samls(AccessPolicyExcludeSamlArgs.builder()
            .attributeName("string")
            .attributeValue("string")
            .identityProviderId("string")
            .build())
        .serviceTokens("string")
        .build())
    .approvalGroups(AccessPolicyApprovalGroupArgs.builder()
        .approvalsNeeded(0)
        .emailAddresses("string")
        .emailListUuid("string")
        .build())
    .isolationRequired(false)
    .purposeJustificationPrompt("string")
    .purposeJustificationRequired(false)
    .requires(AccessPolicyRequireArgs.builder()
        .anyValidServiceToken(false)
        .authContexts(AccessPolicyRequireAuthContextArgs.builder()
            .acId("string")
            .id("string")
            .identityProviderId("string")
            .build())
        .authMethod("string")
        .azures(AccessPolicyRequireAzureArgs.builder()
            .identityProviderId("string")
            .ids("string")
            .build())
        .certificate(false)
        .commonName("string")
        .commonNames("string")
        .devicePostures("string")
        .emailDomains("string")
        .emailLists("string")
        .emails("string")
        .everyone(false)
        .externalEvaluation(AccessPolicyRequireExternalEvaluationArgs.builder()
            .evaluateUrl("string")
            .keysUrl("string")
            .build())
        .geos("string")
        .githubs(AccessPolicyRequireGithubArgs.builder()
            .identityProviderId("string")
            .name("string")
            .teams("string")
            .build())
        .groups("string")
        .gsuites(AccessPolicyRequireGsuiteArgs.builder()
            .emails("string")
            .identityProviderId("string")
            .build())
        .ipLists("string")
        .ips("string")
        .loginMethods("string")
        .oktas(AccessPolicyRequireOktaArgs.builder()
            .identityProviderId("string")
            .names("string")
            .build())
        .samls(AccessPolicyRequireSamlArgs.builder()
            .attributeName("string")
            .attributeValue("string")
            .identityProviderId("string")
            .build())
        .serviceTokens("string")
        .build())
    .sessionDuration("string")
    .zoneId("string")
    .build());

access_policy_resource = cloudflare.AccessPolicy("accessPolicyResource",
    decision="string",
    name="string",
    includes=[cloudflare.AccessPolicyIncludeArgs(
        any_valid_service_token=False,
        auth_contexts=[cloudflare.AccessPolicyIncludeAuthContextArgs(
            ac_id="string",
            id="string",
            identity_provider_id="string",
        )],
        auth_method="string",
        azures=[cloudflare.AccessPolicyIncludeAzureArgs(
            identity_provider_id="string",
            ids=["string"],
        )],
        certificate=False,
        common_name="string",
        common_names=["string"],
        device_postures=["string"],
        email_domains=["string"],
        email_lists=["string"],
        emails=["string"],
        everyone=False,
        external_evaluation=cloudflare.AccessPolicyIncludeExternalEvaluationArgs(
            evaluate_url="string",
            keys_url="string",
        ),
        geos=["string"],
        githubs=[cloudflare.AccessPolicyIncludeGithubArgs(
            identity_provider_id="string",
            name="string",
            teams=["string"],
        )],
        groups=["string"],
        gsuites=[cloudflare.AccessPolicyIncludeGsuiteArgs(
            emails=["string"],
            identity_provider_id="string",
        )],
        ip_lists=["string"],
        ips=["string"],
        login_methods=["string"],
        oktas=[cloudflare.AccessPolicyIncludeOktaArgs(
            identity_provider_id="string",
            names=["string"],
        )],
        samls=[cloudflare.AccessPolicyIncludeSamlArgs(
            attribute_name="string",
            attribute_value="string",
            identity_provider_id="string",
        )],
        service_tokens=["string"],
    )],
    approval_required=False,
    account_id="string",
    excludes=[cloudflare.AccessPolicyExcludeArgs(
        any_valid_service_token=False,
        auth_contexts=[cloudflare.AccessPolicyExcludeAuthContextArgs(
            ac_id="string",
            id="string",
            identity_provider_id="string",
        )],
        auth_method="string",
        azures=[cloudflare.AccessPolicyExcludeAzureArgs(
            identity_provider_id="string",
            ids=["string"],
        )],
        certificate=False,
        common_name="string",
        common_names=["string"],
        device_postures=["string"],
        email_domains=["string"],
        email_lists=["string"],
        emails=["string"],
        everyone=False,
        external_evaluation=cloudflare.AccessPolicyExcludeExternalEvaluationArgs(
            evaluate_url="string",
            keys_url="string",
        ),
        geos=["string"],
        githubs=[cloudflare.AccessPolicyExcludeGithubArgs(
            identity_provider_id="string",
            name="string",
            teams=["string"],
        )],
        groups=["string"],
        gsuites=[cloudflare.AccessPolicyExcludeGsuiteArgs(
            emails=["string"],
            identity_provider_id="string",
        )],
        ip_lists=["string"],
        ips=["string"],
        login_methods=["string"],
        oktas=[cloudflare.AccessPolicyExcludeOktaArgs(
            identity_provider_id="string",
            names=["string"],
        )],
        samls=[cloudflare.AccessPolicyExcludeSamlArgs(
            attribute_name="string",
            attribute_value="string",
            identity_provider_id="string",
        )],
        service_tokens=["string"],
    )],
    approval_groups=[cloudflare.AccessPolicyApprovalGroupArgs(
        approvals_needed=0,
        email_addresses=["string"],
        email_list_uuid="string",
    )],
    isolation_required=False,
    purpose_justification_prompt="string",
    purpose_justification_required=False,
    requires=[cloudflare.AccessPolicyRequireArgs(
        any_valid_service_token=False,
        auth_contexts=[cloudflare.AccessPolicyRequireAuthContextArgs(
            ac_id="string",
            id="string",
            identity_provider_id="string",
        )],
        auth_method="string",
        azures=[cloudflare.AccessPolicyRequireAzureArgs(
            identity_provider_id="string",
            ids=["string"],
        )],
        certificate=False,
        common_name="string",
        common_names=["string"],
        device_postures=["string"],
        email_domains=["string"],
        email_lists=["string"],
        emails=["string"],
        everyone=False,
        external_evaluation=cloudflare.AccessPolicyRequireExternalEvaluationArgs(
            evaluate_url="string",
            keys_url="string",
        ),
        geos=["string"],
        githubs=[cloudflare.AccessPolicyRequireGithubArgs(
            identity_provider_id="string",
            name="string",
            teams=["string"],
        )],
        groups=["string"],
        gsuites=[cloudflare.AccessPolicyRequireGsuiteArgs(
            emails=["string"],
            identity_provider_id="string",
        )],
        ip_lists=["string"],
        ips=["string"],
        login_methods=["string"],
        oktas=[cloudflare.AccessPolicyRequireOktaArgs(
            identity_provider_id="string",
            names=["string"],
        )],
        samls=[cloudflare.AccessPolicyRequireSamlArgs(
            attribute_name="string",
            attribute_value="string",
            identity_provider_id="string",
        )],
        service_tokens=["string"],
    )],
    session_duration="string",
    zone_id="string")

const accessPolicyResource = new cloudflare.AccessPolicy("accessPolicyResource", {
    decision: "string",
    name: "string",
    includes: [{
        anyValidServiceToken: false,
        authContexts: [{
            acId: "string",
            id: "string",
            identityProviderId: "string",
        }],
        authMethod: "string",
        azures: [{
            identityProviderId: "string",
            ids: ["string"],
        }],
        certificate: false,
        commonName: "string",
        commonNames: ["string"],
        devicePostures: ["string"],
        emailDomains: ["string"],
        emailLists: ["string"],
        emails: ["string"],
        everyone: false,
        externalEvaluation: {
            evaluateUrl: "string",
            keysUrl: "string",
        },
        geos: ["string"],
        githubs: [{
            identityProviderId: "string",
            name: "string",
            teams: ["string"],
        }],
        groups: ["string"],
        gsuites: [{
            emails: ["string"],
            identityProviderId: "string",
        }],
        ipLists: ["string"],
        ips: ["string"],
        loginMethods: ["string"],
        oktas: [{
            identityProviderId: "string",
            names: ["string"],
        }],
        samls: [{
            attributeName: "string",
            attributeValue: "string",
            identityProviderId: "string",
        }],
        serviceTokens: ["string"],
    }],
    approvalRequired: false,
    accountId: "string",
    excludes: [{
        anyValidServiceToken: false,
        authContexts: [{
            acId: "string",
            id: "string",
            identityProviderId: "string",
        }],
        authMethod: "string",
        azures: [{
            identityProviderId: "string",
            ids: ["string"],
        }],
        certificate: false,
        commonName: "string",
        commonNames: ["string"],
        devicePostures: ["string"],
        emailDomains: ["string"],
        emailLists: ["string"],
        emails: ["string"],
        everyone: false,
        externalEvaluation: {
            evaluateUrl: "string",
            keysUrl: "string",
        },
        geos: ["string"],
        githubs: [{
            identityProviderId: "string",
            name: "string",
            teams: ["string"],
        }],
        groups: ["string"],
        gsuites: [{
            emails: ["string"],
            identityProviderId: "string",
        }],
        ipLists: ["string"],
        ips: ["string"],
        loginMethods: ["string"],
        oktas: [{
            identityProviderId: "string",
            names: ["string"],
        }],
        samls: [{
            attributeName: "string",
            attributeValue: "string",
            identityProviderId: "string",
        }],
        serviceTokens: ["string"],
    }],
    approvalGroups: [{
        approvalsNeeded: 0,
        emailAddresses: ["string"],
        emailListUuid: "string",
    }],
    isolationRequired: false,
    purposeJustificationPrompt: "string",
    purposeJustificationRequired: false,
    requires: [{
        anyValidServiceToken: false,
        authContexts: [{
            acId: "string",
            id: "string",
            identityProviderId: "string",
        }],
        authMethod: "string",
        azures: [{
            identityProviderId: "string",
            ids: ["string"],
        }],
        certificate: false,
        commonName: "string",
        commonNames: ["string"],
        devicePostures: ["string"],
        emailDomains: ["string"],
        emailLists: ["string"],
        emails: ["string"],
        everyone: false,
        externalEvaluation: {
            evaluateUrl: "string",
            keysUrl: "string",
        },
        geos: ["string"],
        githubs: [{
            identityProviderId: "string",
            name: "string",
            teams: ["string"],
        }],
        groups: ["string"],
        gsuites: [{
            emails: ["string"],
            identityProviderId: "string",
        }],
        ipLists: ["string"],
        ips: ["string"],
        loginMethods: ["string"],
        oktas: [{
            identityProviderId: "string",
            names: ["string"],
        }],
        samls: [{
            attributeName: "string",
            attributeValue: "string",
            identityProviderId: "string",
        }],
        serviceTokens: ["string"],
    }],
    sessionDuration: "string",
    zoneId: "string",
});

type: cloudflare:AccessPolicy
properties:
    accountId: string
    approvalGroups:
        - approvalsNeeded: 0
          emailAddresses:
            - string
          emailListUuid: string
    approvalRequired: false
    decision: string
    excludes:
        - anyValidServiceToken: false
          authContexts:
            - acId: string
              id: string
              identityProviderId: string
          authMethod: string
          azures:
            - identityProviderId: string
              ids:
                - string
          certificate: false
          commonName: string
          commonNames:
            - string
          devicePostures:
            - string
          emailDomains:
            - string
          emailLists:
            - string
          emails:
            - string
          everyone: false
          externalEvaluation:
            evaluateUrl: string
            keysUrl: string
          geos:
            - string
          githubs:
            - identityProviderId: string
              name: string
              teams:
                - string
          groups:
            - string
          gsuites:
            - emails:
                - string
              identityProviderId: string
          ipLists:
            - string
          ips:
            - string
          loginMethods:
            - string
          oktas:
            - identityProviderId: string
              names:
                - string
          samls:
            - attributeName: string
              attributeValue: string
              identityProviderId: string
          serviceTokens:
            - string
    includes:
        - anyValidServiceToken: false
          authContexts:
            - acId: string
              id: string
              identityProviderId: string
          authMethod: string
          azures:
            - identityProviderId: string
              ids:
                - string
          certificate: false
          commonName: string
          commonNames:
            - string
          devicePostures:
            - string
          emailDomains:
            - string
          emailLists:
            - string
          emails:
            - string
          everyone: false
          externalEvaluation:
            evaluateUrl: string
            keysUrl: string
          geos:
            - string
          githubs:
            - identityProviderId: string
              name: string
              teams:
                - string
          groups:
            - string
          gsuites:
            - emails:
                - string
              identityProviderId: string
          ipLists:
            - string
          ips:
            - string
          loginMethods:
            - string
          oktas:
            - identityProviderId: string
              names:
                - string
          samls:
            - attributeName: string
              attributeValue: string
              identityProviderId: string
          serviceTokens:
            - string
    isolationRequired: false
    name: string
    purposeJustificationPrompt: string
    purposeJustificationRequired: false
    requires:
        - anyValidServiceToken: false
          authContexts:
            - acId: string
              id: string
              identityProviderId: string
          authMethod: string
          azures:
            - identityProviderId: string
              ids:
                - string
          certificate: false
          commonName: string
          commonNames:
            - string
          devicePostures:
            - string
          emailDomains:
            - string
          emailLists:
            - string
          emails:
            - string
          everyone: false
          externalEvaluation:
            evaluateUrl: string
            keysUrl: string
          geos:
            - string
          githubs:
            - identityProviderId: string
              name: string
              teams:
                - string
          groups:
            - string
          gsuites:
            - emails:
                - string
              identityProviderId: string
          ipLists:
            - string
          ips:
            - string
          loginMethods:
            - string
          oktas:
            - identityProviderId: string
              names:
                - string
          samls:
            - attributeName: string
              attributeValue: string
              identityProviderId: string
          serviceTokens:
            - string
    sessionDuration: string
    zoneId: string

AccessPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessPolicy resource accepts the following input properties:

Decision string: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
Includes List<AccessPolicyInclude>: A series of access conditions, see Access Groups.
Name string: Friendly name of the Access Policy.
AccountId string: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
ApplicationId string: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
ApprovalGroups List<AccessPolicyApprovalGroup>
ApprovalRequired bool
Excludes List<AccessPolicyExclude>: A series of access conditions, see Access Groups.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy.
Precedence int: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
PurposeJustificationPrompt string: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
PurposeJustificationRequired bool: Whether to prompt the user for a justification for accessing the resource.
Requires List<AccessPolicyRequire>: A series of access conditions, see Access Groups.
SessionDuration string: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
ZoneId string: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

Decision string: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
Includes []AccessPolicyIncludeArgs: A series of access conditions, see Access Groups.
Name string: Friendly name of the Access Policy.
AccountId string: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
ApplicationId string: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
ApprovalGroups []AccessPolicyApprovalGroupArgs
ApprovalRequired bool
Excludes []AccessPolicyExcludeArgs: A series of access conditions, see Access Groups.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy.
Precedence int: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
PurposeJustificationPrompt string: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
PurposeJustificationRequired bool: Whether to prompt the user for a justification for accessing the resource.
Requires []AccessPolicyRequireArgs: A series of access conditions, see Access Groups.
SessionDuration string: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
ZoneId string: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

decision String: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
includes List<AccessPolicyInclude>: A series of access conditions, see Access Groups.
name String: Friendly name of the Access Policy.
accountId String: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
applicationId String: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approvalGroups List<AccessPolicyApprovalGroup>
approvalRequired Boolean
excludes List<AccessPolicyExclude>: A series of access conditions, see Access Groups.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy.
precedence Integer: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purposeJustificationPrompt String: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purposeJustificationRequired Boolean: Whether to prompt the user for a justification for accessing the resource.
requires List<AccessPolicyRequire>: A series of access conditions, see Access Groups.
sessionDuration String: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zoneId String: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

decision string: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
includes AccessPolicyInclude[]: A series of access conditions, see Access Groups.
name string: Friendly name of the Access Policy.
accountId string: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
applicationId string: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approvalGroups AccessPolicyApprovalGroup[]
approvalRequired boolean
excludes AccessPolicyExclude[]: A series of access conditions, see Access Groups.
isolationRequired boolean: Require this application to be served in an isolated browser for users matching this policy.
precedence number: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purposeJustificationPrompt string: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purposeJustificationRequired boolean: Whether to prompt the user for a justification for accessing the resource.
requires AccessPolicyRequire[]: A series of access conditions, see Access Groups.
sessionDuration string: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zoneId string: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

decision str: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
includes Sequence[AccessPolicyIncludeArgs]: A series of access conditions, see Access Groups.
name str: Friendly name of the Access Policy.
account_id str: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
application_id str: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approval_groups Sequence[AccessPolicyApprovalGroupArgs]
approval_required bool
excludes Sequence[AccessPolicyExcludeArgs]: A series of access conditions, see Access Groups.
isolation_required bool: Require this application to be served in an isolated browser for users matching this policy.
precedence int: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purpose_justification_prompt str: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purpose_justification_required bool: Whether to prompt the user for a justification for accessing the resource.
requires Sequence[AccessPolicyRequireArgs]: A series of access conditions, see Access Groups.
session_duration str: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zone_id str: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

decision String: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
includes List<Property Map>: A series of access conditions, see Access Groups.
name String: Friendly name of the Access Policy.
accountId String: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
applicationId String: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approvalGroups List<Property Map>
approvalRequired Boolean
excludes List<Property Map>: A series of access conditions, see Access Groups.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy.
precedence Number: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purposeJustificationPrompt String: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purposeJustificationRequired Boolean: Whether to prompt the user for a justification for accessing the resource.
requires List<Property Map>: A series of access conditions, see Access Groups.
sessionDuration String: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zoneId String: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing AccessPolicy Resource

Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        application_id: Optional[str] = None,
        approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
        approval_required: Optional[bool] = None,
        decision: Optional[str] = None,
        excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
        includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
        isolation_required: Optional[bool] = None,
        name: Optional[str] = None,
        precedence: Optional[int] = None,
        purpose_justification_prompt: Optional[str] = None,
        purpose_justification_required: Optional[bool] = None,
        requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
        session_duration: Optional[str] = None,
        zone_id: Optional[str] = None) -> AccessPolicy

func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)

public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)

public static AccessPolicy get(String name, Output<String> id, AccessPolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
ApplicationId string: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
ApprovalGroups List<AccessPolicyApprovalGroup>
ApprovalRequired bool
Decision string: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
Excludes List<AccessPolicyExclude>: A series of access conditions, see Access Groups.
Includes List<AccessPolicyInclude>: A series of access conditions, see Access Groups.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy.
Name string: Friendly name of the Access Policy.
Precedence int: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
PurposeJustificationPrompt string: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
PurposeJustificationRequired bool: Whether to prompt the user for a justification for accessing the resource.
Requires List<AccessPolicyRequire>: A series of access conditions, see Access Groups.
SessionDuration string: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
ZoneId string: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

AccountId string: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
ApplicationId string: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
ApprovalGroups []AccessPolicyApprovalGroupArgs
ApprovalRequired bool
Decision string: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
Excludes []AccessPolicyExcludeArgs: A series of access conditions, see Access Groups.
Includes []AccessPolicyIncludeArgs: A series of access conditions, see Access Groups.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy.
Name string: Friendly name of the Access Policy.
Precedence int: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
PurposeJustificationPrompt string: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
PurposeJustificationRequired bool: Whether to prompt the user for a justification for accessing the resource.
Requires []AccessPolicyRequireArgs: A series of access conditions, see Access Groups.
SessionDuration string: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
ZoneId string: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

accountId String: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
applicationId String: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approvalGroups List<AccessPolicyApprovalGroup>
approvalRequired Boolean
decision String: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
excludes List<AccessPolicyExclude>: A series of access conditions, see Access Groups.
includes List<AccessPolicyInclude>: A series of access conditions, see Access Groups.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy.
name String: Friendly name of the Access Policy.
precedence Integer: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purposeJustificationPrompt String: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purposeJustificationRequired Boolean: Whether to prompt the user for a justification for accessing the resource.
requires List<AccessPolicyRequire>: A series of access conditions, see Access Groups.
sessionDuration String: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zoneId String: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

accountId string: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
applicationId string: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approvalGroups AccessPolicyApprovalGroup[]
approvalRequired boolean
decision string: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
excludes AccessPolicyExclude[]: A series of access conditions, see Access Groups.
includes AccessPolicyInclude[]: A series of access conditions, see Access Groups.
isolationRequired boolean: Require this application to be served in an isolated browser for users matching this policy.
name string: Friendly name of the Access Policy.
precedence number: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purposeJustificationPrompt string: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purposeJustificationRequired boolean: Whether to prompt the user for a justification for accessing the resource.
requires AccessPolicyRequire[]: A series of access conditions, see Access Groups.
sessionDuration string: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zoneId string: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

account_id str: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
application_id str: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approval_groups Sequence[AccessPolicyApprovalGroupArgs]
approval_required bool
decision str: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
excludes Sequence[AccessPolicyExcludeArgs]: A series of access conditions, see Access Groups.
includes Sequence[AccessPolicyIncludeArgs]: A series of access conditions, see Access Groups.
isolation_required bool: Require this application to be served in an isolated browser for users matching this policy.
name str: Friendly name of the Access Policy.
precedence int: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purpose_justification_prompt str: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purpose_justification_required bool: Whether to prompt the user for a justification for accessing the resource.
requires Sequence[AccessPolicyRequireArgs]: A series of access conditions, see Access Groups.
session_duration str: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zone_id str: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

accountId String: The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
applicationId String: The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.
Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.
approvalGroups List<Property Map>
approvalRequired Boolean
decision String: Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
excludes List<Property Map>: A series of access conditions, see Access Groups.
includes List<Property Map>: A series of access conditions, see Access Groups.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy.
name String: Friendly name of the Access Policy.
precedence Number: The unique precedence for policies on a single application. Required when using application_id.
Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.
purposeJustificationPrompt String: The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
purposeJustificationRequired Boolean: Whether to prompt the user for a justification for accessing the resource.
requires List<Property Map>: A series of access conditions, see Access Groups.
sessionDuration String: How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
zoneId String: The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

Supporting Types

AccessPolicyApprovalGroup, AccessPolicyApprovalGroupArgs

ApprovalsNeeded int: Number of approvals needed.
EmailAddresses List<string>: List of emails to request approval from.
EmailListUuid string

ApprovalsNeeded int: Number of approvals needed.
EmailAddresses []string: List of emails to request approval from.
EmailListUuid string

approvalsNeeded Integer: Number of approvals needed.
emailAddresses List<String>: List of emails to request approval from.
emailListUuid String

approvalsNeeded number: Number of approvals needed.
emailAddresses string[]: List of emails to request approval from.
emailListUuid string

approvals_needed int: Number of approvals needed.
email_addresses Sequence[str]: List of emails to request approval from.
email_list_uuid str

approvalsNeeded Number: Number of approvals needed.
emailAddresses List<String>: List of emails to request approval from.
emailListUuid String

AccessPolicyExclude, AccessPolicyExcludeArgs

AnyValidServiceToken bool
AuthContexts List<AccessPolicyExcludeAuthContext>
AuthMethod string
Azures List<AccessPolicyExcludeAzure>
Certificate bool
CommonName string
CommonNames List<string>: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures List<string>
EmailDomains List<string>
EmailLists List<string>
Emails List<string>
Everyone bool
ExternalEvaluation AccessPolicyExcludeExternalEvaluation
Geos List<string>
Githubs List<AccessPolicyExcludeGithub>
Groups List<string>
Gsuites List<AccessPolicyExcludeGsuite>
IpLists List<string>: The ID of an existing IP list to reference.
Ips List<string>: An IPv4 or IPv6 CIDR block.
LoginMethods List<string>
Oktas List<AccessPolicyExcludeOkta>
Samls List<AccessPolicyExcludeSaml>
ServiceTokens List<string>

AnyValidServiceToken bool
AuthContexts []AccessPolicyExcludeAuthContext
AuthMethod string
Azures []AccessPolicyExcludeAzure
Certificate bool
CommonName string
CommonNames []string: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures []string
EmailDomains []string
EmailLists []string
Emails []string
Everyone bool
ExternalEvaluation AccessPolicyExcludeExternalEvaluation
Geos []string
Githubs []AccessPolicyExcludeGithub
Groups []string
Gsuites []AccessPolicyExcludeGsuite
IpLists []string: The ID of an existing IP list to reference.
Ips []string: An IPv4 or IPv6 CIDR block.
LoginMethods []string
Oktas []AccessPolicyExcludeOkta
Samls []AccessPolicyExcludeSaml
ServiceTokens []string

anyValidServiceToken Boolean
authContexts List<AccessPolicyExcludeAuthContext>
authMethod String
azures List<AccessPolicyExcludeAzure>
certificate Boolean
commonName String
commonNames List<String>: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
emailDomains List<String>
emailLists List<String>
emails List<String>
everyone Boolean
externalEvaluation AccessPolicyExcludeExternalEvaluation
geos List<String>
githubs List<AccessPolicyExcludeGithub>
groups List<String>
gsuites List<AccessPolicyExcludeGsuite>
ipLists List<String>: The ID of an existing IP list to reference.
ips List<String>: An IPv4 or IPv6 CIDR block.
loginMethods List<String>
oktas List<AccessPolicyExcludeOkta>
samls List<AccessPolicyExcludeSaml>
serviceTokens List<String>

anyValidServiceToken boolean
authContexts AccessPolicyExcludeAuthContext[]
authMethod string
azures AccessPolicyExcludeAzure[]
certificate boolean
commonName string
commonNames string[]: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures string[]
emailDomains string[]
emailLists string[]
emails string[]
everyone boolean
externalEvaluation AccessPolicyExcludeExternalEvaluation
geos string[]
githubs AccessPolicyExcludeGithub[]
groups string[]
gsuites AccessPolicyExcludeGsuite[]
ipLists string[]: The ID of an existing IP list to reference.
ips string[]: An IPv4 or IPv6 CIDR block.
loginMethods string[]
oktas AccessPolicyExcludeOkta[]
samls AccessPolicyExcludeSaml[]
serviceTokens string[]

any_valid_service_token bool
auth_contexts Sequence[AccessPolicyExcludeAuthContext]
auth_method str
azures Sequence[AccessPolicyExcludeAzure]
certificate bool
common_name str
common_names Sequence[str]: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
device_postures Sequence[str]
email_domains Sequence[str]
email_lists Sequence[str]
emails Sequence[str]
everyone bool
external_evaluation AccessPolicyExcludeExternalEvaluation
geos Sequence[str]
githubs Sequence[AccessPolicyExcludeGithub]
groups Sequence[str]
gsuites Sequence[AccessPolicyExcludeGsuite]
ip_lists Sequence[str]: The ID of an existing IP list to reference.
ips Sequence[str]: An IPv4 or IPv6 CIDR block.
login_methods Sequence[str]
oktas Sequence[AccessPolicyExcludeOkta]
samls Sequence[AccessPolicyExcludeSaml]
service_tokens Sequence[str]

anyValidServiceToken Boolean
authContexts List<Property Map>
authMethod String
azures List<Property Map>
certificate Boolean
commonName String
commonNames List<String>: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
emailDomains List<String>
emailLists List<String>
emails List<String>
everyone Boolean
externalEvaluation Property Map
geos List<String>
githubs List<Property Map>
groups List<String>
gsuites List<Property Map>
ipLists List<String>: The ID of an existing IP list to reference.
ips List<String>: An IPv4 or IPv6 CIDR block.
loginMethods List<String>
oktas List<Property Map>
samls List<Property Map>
serviceTokens List<String>

AccessPolicyExcludeAuthContext, AccessPolicyExcludeAuthContextArgs

AcId string: The ACID of the Authentication Context.
Id string: The ID of the Authentication Context.
IdentityProviderId string: The ID of the Azure Identity provider.

AcId string: The ACID of the Authentication Context.
Id string: The ID of the Authentication Context.
IdentityProviderId string: The ID of the Azure Identity provider.

acId String: The ACID of the Authentication Context.
id String: The ID of the Authentication Context.
identityProviderId String: The ID of the Azure Identity provider.

acId string: The ACID of the Authentication Context.
id string: The ID of the Authentication Context.
identityProviderId string: The ID of the Azure Identity provider.

ac_id str: The ACID of the Authentication Context.
id str: The ID of the Authentication Context.
identity_provider_id str: The ID of the Azure Identity provider.

acId String: The ACID of the Authentication Context.
id String: The ID of the Authentication Context.
identityProviderId String: The ID of the Azure Identity provider.

AccessPolicyExcludeAzure, AccessPolicyExcludeAzureArgs

IdentityProviderId string: The ID of the Azure Identity provider.
Ids List<string>: The ID of the Azure group or user.

IdentityProviderId string: The ID of the Azure Identity provider.
Ids []string: The ID of the Azure group or user.

identityProviderId String: The ID of the Azure Identity provider.
ids List<String>: The ID of the Azure group or user.

identityProviderId string: The ID of the Azure Identity provider.
ids string[]: The ID of the Azure group or user.

identity_provider_id str: The ID of the Azure Identity provider.
ids Sequence[str]: The ID of the Azure group or user.

identityProviderId String: The ID of the Azure Identity provider.
ids List<String>: The ID of the Azure group or user.

AccessPolicyExcludeExternalEvaluation, AccessPolicyExcludeExternalEvaluationArgs

EvaluateUrl string
KeysUrl string

EvaluateUrl string
KeysUrl string

evaluateUrl String
keysUrl String

evaluateUrl string
keysUrl string

evaluate_url str
keys_url str

evaluateUrl String
keysUrl String

AccessPolicyExcludeGithub, AccessPolicyExcludeGithubArgs

IdentityProviderId string
Name string
Teams List<string>

IdentityProviderId string
Name string
Teams []string

identityProviderId String
name String
teams List<String>

identityProviderId string
name string
teams string[]

identity_provider_id str
name str
teams Sequence[str]

identityProviderId String
name String
teams List<String>

anyValidServiceToken Boolean
authContexts List<Property Map>
authMethod String
azures List<Property Map>
certificate Boolean
commonName String
commonNames List<String>: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
emailDomains List<String>
emailLists List<String>
emails List<String>
everyone Boolean
externalEvaluation Property Map
geos List<String>
githubs List<Property Map>
groups List<String>
gsuites List<Property Map>
ipLists List<String>: The ID of an existing IP list to reference.
ips List<String>: An IPv4 or IPv6 CIDR block.
loginMethods List<String>
oktas List<Property Map>
samls List<Property Map>
serviceTokens List<String>

AccessPolicyIncludeAuthContext, AccessPolicyIncludeAuthContextArgs

AcId string: The ACID of the Authentication Context.
Id string: The ID of the Authentication Context.
IdentityProviderId string: The ID of the Azure Identity provider.

AcId string: The ACID of the Authentication Context.
Id string: The ID of the Authentication Context.
IdentityProviderId string: The ID of the Azure Identity provider.

acId String: The ACID of the Authentication Context.
id String: The ID of the Authentication Context.
identityProviderId String: The ID of the Azure Identity provider.

acId string: The ACID of the Authentication Context.
id string: The ID of the Authentication Context.
identityProviderId string: The ID of the Azure Identity provider.

ac_id str: The ACID of the Authentication Context.
id str: The ID of the Authentication Context.
identity_provider_id str: The ID of the Azure Identity provider.

acId String: The ACID of the Authentication Context.
id String: The ID of the Authentication Context.
identityProviderId String: The ID of the Azure Identity provider.

AccessPolicyIncludeAzure, AccessPolicyIncludeAzureArgs

IdentityProviderId string: The ID of the Azure Identity provider.
Ids List<string>: The ID of the Azure group or user.

IdentityProviderId string: The ID of the Azure Identity provider.
Ids []string: The ID of the Azure group or user.

identityProviderId String: The ID of the Azure Identity provider.
ids List<String>: The ID of the Azure group or user.

identityProviderId string: The ID of the Azure Identity provider.
ids string[]: The ID of the Azure group or user.

identity_provider_id str: The ID of the Azure Identity provider.
ids Sequence[str]: The ID of the Azure group or user.

identityProviderId String: The ID of the Azure Identity provider.
ids List<String>: The ID of the Azure group or user.

AccessPolicyIncludeExternalEvaluation, AccessPolicyIncludeExternalEvaluationArgs

EvaluateUrl string
KeysUrl string

EvaluateUrl string
KeysUrl string

evaluateUrl String
keysUrl String

evaluateUrl string
keysUrl string

evaluate_url str
keys_url str

evaluateUrl String
keysUrl String

AccessPolicyIncludeGithub, AccessPolicyIncludeGithubArgs

IdentityProviderId string
Name string
Teams List<string>

IdentityProviderId string
Name string
Teams []string

identityProviderId String
name String
teams List<String>

identityProviderId string
name string
teams string[]

identity_provider_id str
name str
teams Sequence[str]

identityProviderId String
name String
teams List<String>

AccessPolicyIncludeGsuite, AccessPolicyIncludeGsuiteArgs

Emails List<string>
IdentityProviderId string

Emails []string
IdentityProviderId string

emails List<String>
identityProviderId String

emails string[]
identityProviderId string

emails Sequence[str]
identity_provider_id str

emails List<String>
identityProviderId String

AccessPolicyIncludeOkta, AccessPolicyIncludeOktaArgs

IdentityProviderId string
Names List<string>

IdentityProviderId string
Names []string

identityProviderId String
names List<String>

identityProviderId string
names string[]

identity_provider_id str
names Sequence[str]

identityProviderId String
names List<String>

AccessPolicyIncludeSaml, AccessPolicyIncludeSamlArgs

AttributeName string
AttributeValue string
IdentityProviderId string

AttributeName string
AttributeValue string
IdentityProviderId string

attributeName String
attributeValue String
identityProviderId String

attributeName string
attributeValue string
identityProviderId string

attribute_name str
attribute_value str
identity_provider_id str

attributeName String
attributeValue String
identityProviderId String

AccessPolicyRequire, AccessPolicyRequireArgs

AnyValidServiceToken bool
AuthContexts List<AccessPolicyRequireAuthContext>
AuthMethod string
Azures List<AccessPolicyRequireAzure>
Certificate bool
CommonName string
CommonNames List<string>: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures List<string>
EmailDomains List<string>
EmailLists List<string>
Emails List<string>
Everyone bool
ExternalEvaluation AccessPolicyRequireExternalEvaluation
Geos List<string>
Githubs List<AccessPolicyRequireGithub>
Groups List<string>
Gsuites List<AccessPolicyRequireGsuite>
IpLists List<string>: The ID of an existing IP list to reference.
Ips List<string>: An IPv4 or IPv6 CIDR block.
LoginMethods List<string>
Oktas List<AccessPolicyRequireOkta>
Samls List<AccessPolicyRequireSaml>
ServiceTokens List<string>

AnyValidServiceToken bool
AuthContexts []AccessPolicyRequireAuthContext
AuthMethod string
Azures []AccessPolicyRequireAzure
Certificate bool
CommonName string
CommonNames []string: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures []string
EmailDomains []string
EmailLists []string
Emails []string
Everyone bool
ExternalEvaluation AccessPolicyRequireExternalEvaluation
Geos []string
Githubs []AccessPolicyRequireGithub
Groups []string
Gsuites []AccessPolicyRequireGsuite
IpLists []string: The ID of an existing IP list to reference.
Ips []string: An IPv4 or IPv6 CIDR block.
LoginMethods []string
Oktas []AccessPolicyRequireOkta
Samls []AccessPolicyRequireSaml
ServiceTokens []string

anyValidServiceToken Boolean
authContexts List<AccessPolicyRequireAuthContext>
authMethod String
azures List<AccessPolicyRequireAzure>
certificate Boolean
commonName String
commonNames List<String>: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
emailDomains List<String>
emailLists List<String>
emails List<String>
everyone Boolean
externalEvaluation AccessPolicyRequireExternalEvaluation
geos List<String>
githubs List<AccessPolicyRequireGithub>
groups List<String>
gsuites List<AccessPolicyRequireGsuite>
ipLists List<String>: The ID of an existing IP list to reference.
ips List<String>: An IPv4 or IPv6 CIDR block.
loginMethods List<String>
oktas List<AccessPolicyRequireOkta>
samls List<AccessPolicyRequireSaml>
serviceTokens List<String>

anyValidServiceToken boolean
authContexts AccessPolicyRequireAuthContext[]
authMethod string
azures AccessPolicyRequireAzure[]
certificate boolean
commonName string
commonNames string[]: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures string[]
emailDomains string[]
emailLists string[]
emails string[]
everyone boolean
externalEvaluation AccessPolicyRequireExternalEvaluation
geos string[]
githubs AccessPolicyRequireGithub[]
groups string[]
gsuites AccessPolicyRequireGsuite[]
ipLists string[]: The ID of an existing IP list to reference.
ips string[]: An IPv4 or IPv6 CIDR block.
loginMethods string[]
oktas AccessPolicyRequireOkta[]
samls AccessPolicyRequireSaml[]
serviceTokens string[]

any_valid_service_token bool
auth_contexts Sequence[AccessPolicyRequireAuthContext]
auth_method str
azures Sequence[AccessPolicyRequireAzure]
certificate bool
common_name str
common_names Sequence[str]: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
device_postures Sequence[str]
email_domains Sequence[str]
email_lists Sequence[str]
emails Sequence[str]
everyone bool
external_evaluation AccessPolicyRequireExternalEvaluation
geos Sequence[str]
githubs Sequence[AccessPolicyRequireGithub]
groups Sequence[str]
gsuites Sequence[AccessPolicyRequireGsuite]
ip_lists Sequence[str]: The ID of an existing IP list to reference.
ips Sequence[str]: An IPv4 or IPv6 CIDR block.
login_methods Sequence[str]
oktas Sequence[AccessPolicyRequireOkta]
samls Sequence[AccessPolicyRequireSaml]
service_tokens Sequence[str]

anyValidServiceToken Boolean
authContexts List<Property Map>
authMethod String
azures List<Property Map>
certificate Boolean
commonName String
commonNames List<String>: Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
emailDomains List<String>
emailLists List<String>
emails List<String>
everyone Boolean
externalEvaluation Property Map
geos List<String>
githubs List<Property Map>
groups List<String>
gsuites List<Property Map>
ipLists List<String>: The ID of an existing IP list to reference.
ips List<String>: An IPv4 or IPv6 CIDR block.
loginMethods List<String>
oktas List<Property Map>
samls List<Property Map>
serviceTokens List<String>

AccessPolicyRequireAuthContext, AccessPolicyRequireAuthContextArgs

AcId string: The ACID of the Authentication Context.
Id string: The ID of the Authentication Context.
IdentityProviderId string: The ID of the Azure Identity provider.

AcId string: The ACID of the Authentication Context.
Id string: The ID of the Authentication Context.
IdentityProviderId string: The ID of the Azure Identity provider.

acId String: The ACID of the Authentication Context.
id String: The ID of the Authentication Context.
identityProviderId String: The ID of the Azure Identity provider.

acId string: The ACID of the Authentication Context.
id string: The ID of the Authentication Context.
identityProviderId string: The ID of the Azure Identity provider.

ac_id str: The ACID of the Authentication Context.
id str: The ID of the Authentication Context.
identity_provider_id str: The ID of the Azure Identity provider.

acId String: The ACID of the Authentication Context.
id String: The ID of the Authentication Context.
identityProviderId String: The ID of the Azure Identity provider.

AccessPolicyRequireAzure, AccessPolicyRequireAzureArgs

IdentityProviderId string: The ID of the Azure Identity provider.
Ids List<string>: The ID of the Azure group or user.

IdentityProviderId string: The ID of the Azure Identity provider.
Ids []string: The ID of the Azure group or user.

identityProviderId String: The ID of the Azure Identity provider.
ids List<String>: The ID of the Azure group or user.

identityProviderId string: The ID of the Azure Identity provider.
ids string[]: The ID of the Azure group or user.

identity_provider_id str: The ID of the Azure Identity provider.
ids Sequence[str]: The ID of the Azure group or user.

identityProviderId String: The ID of the Azure Identity provider.
ids List<String>: The ID of the Azure group or user.

AccessPolicyRequireExternalEvaluation, AccessPolicyRequireExternalEvaluationArgs

EvaluateUrl string
KeysUrl string

EvaluateUrl string
KeysUrl string

evaluateUrl String
keysUrl String

evaluateUrl string
keysUrl string

evaluate_url str
keys_url str

evaluateUrl String
keysUrl String

AccessPolicyRequireGithub, AccessPolicyRequireGithubArgs

IdentityProviderId string
Name string
Teams List<string>

IdentityProviderId string
Name string
Teams []string

identityProviderId String
name String
teams List<String>

identityProviderId string
name string
teams string[]

identity_provider_id str
name str
teams Sequence[str]

identityProviderId String
name String
teams List<String>

AccessPolicyRequireGsuite, AccessPolicyRequireGsuiteArgs

Emails List<string>
IdentityProviderId string

Emails []string
IdentityProviderId string

emails List<String>
identityProviderId String

emails string[]
identityProviderId string

emails Sequence[str]
identity_provider_id str

emails List<String>
identityProviderId String

AccessPolicyRequireOkta, AccessPolicyRequireOktaArgs

IdentityProviderId string
Names List<string>

IdentityProviderId string
Names []string

identityProviderId String
names List<String>

identityProviderId string
names string[]

identity_provider_id str
names Sequence[str]

identityProviderId String
names List<String>

AccessPolicyRequireSaml, AccessPolicyRequireSamlArgs

AttributeName string
AttributeValue string
IdentityProviderId string

AttributeName string
AttributeValue string
IdentityProviderId string

attributeName String
attributeValue String
identityProviderId String

attributeName string
attributeValue string
identityProviderId string

attribute_name str
attribute_value str
identity_provider_id str

attributeName String
attributeValue String
identityProviderId String

Import

$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.AccessPolicy

On this page

On this page

Create AccessPolicy Resource

Constructor syntax

Parameters

Constructor example

AccessPolicy Resource Properties

Inputs

Outputs

Look up Existing AccessPolicy Resource

Supporting Types

AccessPolicyApprovalGroup, AccessPolicyApprovalGroupArgs

AccessPolicyExclude, AccessPolicyExcludeArgs

AccessPolicyExcludeAuthContext, AccessPolicyExcludeAuthContextArgs

AccessPolicyExcludeAzure, AccessPolicyExcludeAzureArgs

AccessPolicyExcludeExternalEvaluation, AccessPolicyExcludeExternalEvaluationArgs

AccessPolicyExcludeGithub, AccessPolicyExcludeGithubArgs

AccessPolicyExcludeGsuite, AccessPolicyExcludeGsuiteArgs

AccessPolicyExcludeOkta, AccessPolicyExcludeOktaArgs

AccessPolicyExcludeSaml, AccessPolicyExcludeSamlArgs

AccessPolicyInclude, AccessPolicyIncludeArgs

AccessPolicyIncludeAuthContext, AccessPolicyIncludeAuthContextArgs

AccessPolicyIncludeAzure, AccessPolicyIncludeAzureArgs

AccessPolicyIncludeExternalEvaluation, AccessPolicyIncludeExternalEvaluationArgs

AccessPolicyIncludeGithub, AccessPolicyIncludeGithubArgs

AccessPolicyIncludeGsuite, AccessPolicyIncludeGsuiteArgs

AccessPolicyIncludeOkta, AccessPolicyIncludeOktaArgs

AccessPolicyIncludeSaml, AccessPolicyIncludeSamlArgs

AccessPolicyRequire, AccessPolicyRequireArgs

AccessPolicyRequireAuthContext, AccessPolicyRequireAuthContextArgs

AccessPolicyRequireAzure, AccessPolicyRequireAzureArgs

AccessPolicyRequireExternalEvaluation, AccessPolicyRequireExternalEvaluationArgs

AccessPolicyRequireGithub, AccessPolicyRequireGithubArgs

AccessPolicyRequireGsuite, AccessPolicyRequireGsuiteArgs

AccessPolicyRequireOkta, AccessPolicyRequireOktaArgs

AccessPolicyRequireSaml, AccessPolicyRequireSamlArgs

Import

Package Details

On this page

On this page