1. Packages
  2. Cloudflare
  3. API Docs
  4. AccessPolicy
Cloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi

cloudflare.AccessPolicy

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi

    Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

    It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument. If ‘application_id’ is omitted, the policy created can be reused by multiple access applications. Any cloudflare.AccessApplication resource can reference reusable policies through its policies argument. To destroy a reusable policy and remove it from all applications’ policies lists on the same apply, preemptively set the lifecycle option create_before_destroy to true on the ‘cloudflare_access_policy’ resource.

    Create AccessPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AccessPolicy(resource_name: str,
                     args: AccessPolicyArgs,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccessPolicy(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     decision: Optional[str] = None,
                     name: Optional[str] = None,
                     includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
                     approval_required: Optional[bool] = None,
                     account_id: Optional[str] = None,
                     excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
                     approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
                     isolation_required: Optional[bool] = None,
                     application_id: Optional[str] = None,
                     precedence: Optional[int] = None,
                     purpose_justification_prompt: Optional[str] = None,
                     purpose_justification_required: Optional[bool] = None,
                     requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
                     session_duration: Optional[str] = None,
                     zone_id: Optional[str] = None)
    func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
    public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
    public AccessPolicy(String name, AccessPolicyArgs args)
    public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
    
    type: cloudflare:AccessPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var accessPolicyResource = new Cloudflare.AccessPolicy("accessPolicyResource", new()
    {
        Decision = "string",
        Name = "string",
        Includes = new[]
        {
            new Cloudflare.Inputs.AccessPolicyIncludeArgs
            {
                AnyValidServiceToken = false,
                AuthContexts = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyIncludeAuthContextArgs
                    {
                        AcId = "string",
                        Id = "string",
                        IdentityProviderId = "string",
                    },
                },
                AuthMethod = "string",
                Azures = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyIncludeAzureArgs
                    {
                        IdentityProviderId = "string",
                        Ids = new[]
                        {
                            "string",
                        },
                    },
                },
                Certificate = false,
                CommonName = "string",
                CommonNames = new[]
                {
                    "string",
                },
                DevicePostures = new[]
                {
                    "string",
                },
                EmailDomains = new[]
                {
                    "string",
                },
                EmailLists = new[]
                {
                    "string",
                },
                Emails = new[]
                {
                    "string",
                },
                Everyone = false,
                ExternalEvaluation = new Cloudflare.Inputs.AccessPolicyIncludeExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
                Geos = new[]
                {
                    "string",
                },
                Githubs = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyIncludeGithubArgs
                    {
                        IdentityProviderId = "string",
                        Name = "string",
                        Teams = new[]
                        {
                            "string",
                        },
                    },
                },
                Groups = new[]
                {
                    "string",
                },
                Gsuites = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyIncludeGsuiteArgs
                    {
                        Emails = new[]
                        {
                            "string",
                        },
                        IdentityProviderId = "string",
                    },
                },
                IpLists = new[]
                {
                    "string",
                },
                Ips = new[]
                {
                    "string",
                },
                LoginMethods = new[]
                {
                    "string",
                },
                Oktas = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyIncludeOktaArgs
                    {
                        IdentityProviderId = "string",
                        Names = new[]
                        {
                            "string",
                        },
                    },
                },
                Samls = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyIncludeSamlArgs
                    {
                        AttributeName = "string",
                        AttributeValue = "string",
                        IdentityProviderId = "string",
                    },
                },
                ServiceTokens = new[]
                {
                    "string",
                },
            },
        },
        ApprovalRequired = false,
        AccountId = "string",
        Excludes = new[]
        {
            new Cloudflare.Inputs.AccessPolicyExcludeArgs
            {
                AnyValidServiceToken = false,
                AuthContexts = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyExcludeAuthContextArgs
                    {
                        AcId = "string",
                        Id = "string",
                        IdentityProviderId = "string",
                    },
                },
                AuthMethod = "string",
                Azures = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyExcludeAzureArgs
                    {
                        IdentityProviderId = "string",
                        Ids = new[]
                        {
                            "string",
                        },
                    },
                },
                Certificate = false,
                CommonName = "string",
                CommonNames = new[]
                {
                    "string",
                },
                DevicePostures = new[]
                {
                    "string",
                },
                EmailDomains = new[]
                {
                    "string",
                },
                EmailLists = new[]
                {
                    "string",
                },
                Emails = new[]
                {
                    "string",
                },
                Everyone = false,
                ExternalEvaluation = new Cloudflare.Inputs.AccessPolicyExcludeExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
                Geos = new[]
                {
                    "string",
                },
                Githubs = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyExcludeGithubArgs
                    {
                        IdentityProviderId = "string",
                        Name = "string",
                        Teams = new[]
                        {
                            "string",
                        },
                    },
                },
                Groups = new[]
                {
                    "string",
                },
                Gsuites = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyExcludeGsuiteArgs
                    {
                        Emails = new[]
                        {
                            "string",
                        },
                        IdentityProviderId = "string",
                    },
                },
                IpLists = new[]
                {
                    "string",
                },
                Ips = new[]
                {
                    "string",
                },
                LoginMethods = new[]
                {
                    "string",
                },
                Oktas = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyExcludeOktaArgs
                    {
                        IdentityProviderId = "string",
                        Names = new[]
                        {
                            "string",
                        },
                    },
                },
                Samls = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyExcludeSamlArgs
                    {
                        AttributeName = "string",
                        AttributeValue = "string",
                        IdentityProviderId = "string",
                    },
                },
                ServiceTokens = new[]
                {
                    "string",
                },
            },
        },
        ApprovalGroups = new[]
        {
            new Cloudflare.Inputs.AccessPolicyApprovalGroupArgs
            {
                ApprovalsNeeded = 0,
                EmailAddresses = new[]
                {
                    "string",
                },
                EmailListUuid = "string",
            },
        },
        IsolationRequired = false,
        PurposeJustificationPrompt = "string",
        PurposeJustificationRequired = false,
        Requires = new[]
        {
            new Cloudflare.Inputs.AccessPolicyRequireArgs
            {
                AnyValidServiceToken = false,
                AuthContexts = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyRequireAuthContextArgs
                    {
                        AcId = "string",
                        Id = "string",
                        IdentityProviderId = "string",
                    },
                },
                AuthMethod = "string",
                Azures = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyRequireAzureArgs
                    {
                        IdentityProviderId = "string",
                        Ids = new[]
                        {
                            "string",
                        },
                    },
                },
                Certificate = false,
                CommonName = "string",
                CommonNames = new[]
                {
                    "string",
                },
                DevicePostures = new[]
                {
                    "string",
                },
                EmailDomains = new[]
                {
                    "string",
                },
                EmailLists = new[]
                {
                    "string",
                },
                Emails = new[]
                {
                    "string",
                },
                Everyone = false,
                ExternalEvaluation = new Cloudflare.Inputs.AccessPolicyRequireExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
                Geos = new[]
                {
                    "string",
                },
                Githubs = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyRequireGithubArgs
                    {
                        IdentityProviderId = "string",
                        Name = "string",
                        Teams = new[]
                        {
                            "string",
                        },
                    },
                },
                Groups = new[]
                {
                    "string",
                },
                Gsuites = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyRequireGsuiteArgs
                    {
                        Emails = new[]
                        {
                            "string",
                        },
                        IdentityProviderId = "string",
                    },
                },
                IpLists = new[]
                {
                    "string",
                },
                Ips = new[]
                {
                    "string",
                },
                LoginMethods = new[]
                {
                    "string",
                },
                Oktas = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyRequireOktaArgs
                    {
                        IdentityProviderId = "string",
                        Names = new[]
                        {
                            "string",
                        },
                    },
                },
                Samls = new[]
                {
                    new Cloudflare.Inputs.AccessPolicyRequireSamlArgs
                    {
                        AttributeName = "string",
                        AttributeValue = "string",
                        IdentityProviderId = "string",
                    },
                },
                ServiceTokens = new[]
                {
                    "string",
                },
            },
        },
        SessionDuration = "string",
        ZoneId = "string",
    });
    
    example, err := cloudflare.NewAccessPolicy(ctx, "accessPolicyResource", &cloudflare.AccessPolicyArgs{
    	Decision: pulumi.String("string"),
    	Name:     pulumi.String("string"),
    	Includes: cloudflare.AccessPolicyIncludeArray{
    		&cloudflare.AccessPolicyIncludeArgs{
    			AnyValidServiceToken: pulumi.Bool(false),
    			AuthContexts: cloudflare.AccessPolicyIncludeAuthContextArray{
    				&cloudflare.AccessPolicyIncludeAuthContextArgs{
    					AcId:               pulumi.String("string"),
    					Id:                 pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			AuthMethod: pulumi.String("string"),
    			Azures: cloudflare.AccessPolicyIncludeAzureArray{
    				&cloudflare.AccessPolicyIncludeAzureArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Ids: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Certificate: pulumi.Bool(false),
    			CommonName:  pulumi.String("string"),
    			CommonNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DevicePostures: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailDomains: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Emails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Everyone: pulumi.Bool(false),
    			ExternalEvaluation: &cloudflare.AccessPolicyIncludeExternalEvaluationArgs{
    				EvaluateUrl: pulumi.String("string"),
    				KeysUrl:     pulumi.String("string"),
    			},
    			Geos: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Githubs: cloudflare.AccessPolicyIncludeGithubArray{
    				&cloudflare.AccessPolicyIncludeGithubArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Name:               pulumi.String("string"),
    					Teams: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Groups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Gsuites: cloudflare.AccessPolicyIncludeGsuiteArray{
    				&cloudflare.AccessPolicyIncludeGsuiteArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			IpLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Ips: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			LoginMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Oktas: cloudflare.AccessPolicyIncludeOktaArray{
    				&cloudflare.AccessPolicyIncludeOktaArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Names: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Samls: cloudflare.AccessPolicyIncludeSamlArray{
    				&cloudflare.AccessPolicyIncludeSamlArgs{
    					AttributeName:      pulumi.String("string"),
    					AttributeValue:     pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			ServiceTokens: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	ApprovalRequired: pulumi.Bool(false),
    	AccountId:        pulumi.String("string"),
    	Excludes: cloudflare.AccessPolicyExcludeArray{
    		&cloudflare.AccessPolicyExcludeArgs{
    			AnyValidServiceToken: pulumi.Bool(false),
    			AuthContexts: cloudflare.AccessPolicyExcludeAuthContextArray{
    				&cloudflare.AccessPolicyExcludeAuthContextArgs{
    					AcId:               pulumi.String("string"),
    					Id:                 pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			AuthMethod: pulumi.String("string"),
    			Azures: cloudflare.AccessPolicyExcludeAzureArray{
    				&cloudflare.AccessPolicyExcludeAzureArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Ids: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Certificate: pulumi.Bool(false),
    			CommonName:  pulumi.String("string"),
    			CommonNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DevicePostures: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailDomains: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Emails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Everyone: pulumi.Bool(false),
    			ExternalEvaluation: &cloudflare.AccessPolicyExcludeExternalEvaluationArgs{
    				EvaluateUrl: pulumi.String("string"),
    				KeysUrl:     pulumi.String("string"),
    			},
    			Geos: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Githubs: cloudflare.AccessPolicyExcludeGithubArray{
    				&cloudflare.AccessPolicyExcludeGithubArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Name:               pulumi.String("string"),
    					Teams: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Groups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Gsuites: cloudflare.AccessPolicyExcludeGsuiteArray{
    				&cloudflare.AccessPolicyExcludeGsuiteArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			IpLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Ips: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			LoginMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Oktas: cloudflare.AccessPolicyExcludeOktaArray{
    				&cloudflare.AccessPolicyExcludeOktaArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Names: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Samls: cloudflare.AccessPolicyExcludeSamlArray{
    				&cloudflare.AccessPolicyExcludeSamlArgs{
    					AttributeName:      pulumi.String("string"),
    					AttributeValue:     pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			ServiceTokens: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	ApprovalGroups: cloudflare.AccessPolicyApprovalGroupArray{
    		&cloudflare.AccessPolicyApprovalGroupArgs{
    			ApprovalsNeeded: pulumi.Int(0),
    			EmailAddresses: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailListUuid: pulumi.String("string"),
    		},
    	},
    	IsolationRequired:            pulumi.Bool(false),
    	PurposeJustificationPrompt:   pulumi.String("string"),
    	PurposeJustificationRequired: pulumi.Bool(false),
    	Requires: cloudflare.AccessPolicyRequireArray{
    		&cloudflare.AccessPolicyRequireArgs{
    			AnyValidServiceToken: pulumi.Bool(false),
    			AuthContexts: cloudflare.AccessPolicyRequireAuthContextArray{
    				&cloudflare.AccessPolicyRequireAuthContextArgs{
    					AcId:               pulumi.String("string"),
    					Id:                 pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			AuthMethod: pulumi.String("string"),
    			Azures: cloudflare.AccessPolicyRequireAzureArray{
    				&cloudflare.AccessPolicyRequireAzureArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Ids: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Certificate: pulumi.Bool(false),
    			CommonName:  pulumi.String("string"),
    			CommonNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DevicePostures: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailDomains: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			EmailLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Emails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Everyone: pulumi.Bool(false),
    			ExternalEvaluation: &cloudflare.AccessPolicyRequireExternalEvaluationArgs{
    				EvaluateUrl: pulumi.String("string"),
    				KeysUrl:     pulumi.String("string"),
    			},
    			Geos: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Githubs: cloudflare.AccessPolicyRequireGithubArray{
    				&cloudflare.AccessPolicyRequireGithubArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Name:               pulumi.String("string"),
    					Teams: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Groups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Gsuites: cloudflare.AccessPolicyRequireGsuiteArray{
    				&cloudflare.AccessPolicyRequireGsuiteArgs{
    					Emails: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			IpLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Ips: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			LoginMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Oktas: cloudflare.AccessPolicyRequireOktaArray{
    				&cloudflare.AccessPolicyRequireOktaArgs{
    					IdentityProviderId: pulumi.String("string"),
    					Names: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Samls: cloudflare.AccessPolicyRequireSamlArray{
    				&cloudflare.AccessPolicyRequireSamlArgs{
    					AttributeName:      pulumi.String("string"),
    					AttributeValue:     pulumi.String("string"),
    					IdentityProviderId: pulumi.String("string"),
    				},
    			},
    			ServiceTokens: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	SessionDuration: pulumi.String("string"),
    	ZoneId:          pulumi.String("string"),
    })
    
    var accessPolicyResource = new AccessPolicy("accessPolicyResource", AccessPolicyArgs.builder()
        .decision("string")
        .name("string")
        .includes(AccessPolicyIncludeArgs.builder()
            .anyValidServiceToken(false)
            .authContexts(AccessPolicyIncludeAuthContextArgs.builder()
                .acId("string")
                .id("string")
                .identityProviderId("string")
                .build())
            .authMethod("string")
            .azures(AccessPolicyIncludeAzureArgs.builder()
                .identityProviderId("string")
                .ids("string")
                .build())
            .certificate(false)
            .commonName("string")
            .commonNames("string")
            .devicePostures("string")
            .emailDomains("string")
            .emailLists("string")
            .emails("string")
            .everyone(false)
            .externalEvaluation(AccessPolicyIncludeExternalEvaluationArgs.builder()
                .evaluateUrl("string")
                .keysUrl("string")
                .build())
            .geos("string")
            .githubs(AccessPolicyIncludeGithubArgs.builder()
                .identityProviderId("string")
                .name("string")
                .teams("string")
                .build())
            .groups("string")
            .gsuites(AccessPolicyIncludeGsuiteArgs.builder()
                .emails("string")
                .identityProviderId("string")
                .build())
            .ipLists("string")
            .ips("string")
            .loginMethods("string")
            .oktas(AccessPolicyIncludeOktaArgs.builder()
                .identityProviderId("string")
                .names("string")
                .build())
            .samls(AccessPolicyIncludeSamlArgs.builder()
                .attributeName("string")
                .attributeValue("string")
                .identityProviderId("string")
                .build())
            .serviceTokens("string")
            .build())
        .approvalRequired(false)
        .accountId("string")
        .excludes(AccessPolicyExcludeArgs.builder()
            .anyValidServiceToken(false)
            .authContexts(AccessPolicyExcludeAuthContextArgs.builder()
                .acId("string")
                .id("string")
                .identityProviderId("string")
                .build())
            .authMethod("string")
            .azures(AccessPolicyExcludeAzureArgs.builder()
                .identityProviderId("string")
                .ids("string")
                .build())
            .certificate(false)
            .commonName("string")
            .commonNames("string")
            .devicePostures("string")
            .emailDomains("string")
            .emailLists("string")
            .emails("string")
            .everyone(false)
            .externalEvaluation(AccessPolicyExcludeExternalEvaluationArgs.builder()
                .evaluateUrl("string")
                .keysUrl("string")
                .build())
            .geos("string")
            .githubs(AccessPolicyExcludeGithubArgs.builder()
                .identityProviderId("string")
                .name("string")
                .teams("string")
                .build())
            .groups("string")
            .gsuites(AccessPolicyExcludeGsuiteArgs.builder()
                .emails("string")
                .identityProviderId("string")
                .build())
            .ipLists("string")
            .ips("string")
            .loginMethods("string")
            .oktas(AccessPolicyExcludeOktaArgs.builder()
                .identityProviderId("string")
                .names("string")
                .build())
            .samls(AccessPolicyExcludeSamlArgs.builder()
                .attributeName("string")
                .attributeValue("string")
                .identityProviderId("string")
                .build())
            .serviceTokens("string")
            .build())
        .approvalGroups(AccessPolicyApprovalGroupArgs.builder()
            .approvalsNeeded(0)
            .emailAddresses("string")
            .emailListUuid("string")
            .build())
        .isolationRequired(false)
        .purposeJustificationPrompt("string")
        .purposeJustificationRequired(false)
        .requires(AccessPolicyRequireArgs.builder()
            .anyValidServiceToken(false)
            .authContexts(AccessPolicyRequireAuthContextArgs.builder()
                .acId("string")
                .id("string")
                .identityProviderId("string")
                .build())
            .authMethod("string")
            .azures(AccessPolicyRequireAzureArgs.builder()
                .identityProviderId("string")
                .ids("string")
                .build())
            .certificate(false)
            .commonName("string")
            .commonNames("string")
            .devicePostures("string")
            .emailDomains("string")
            .emailLists("string")
            .emails("string")
            .everyone(false)
            .externalEvaluation(AccessPolicyRequireExternalEvaluationArgs.builder()
                .evaluateUrl("string")
                .keysUrl("string")
                .build())
            .geos("string")
            .githubs(AccessPolicyRequireGithubArgs.builder()
                .identityProviderId("string")
                .name("string")
                .teams("string")
                .build())
            .groups("string")
            .gsuites(AccessPolicyRequireGsuiteArgs.builder()
                .emails("string")
                .identityProviderId("string")
                .build())
            .ipLists("string")
            .ips("string")
            .loginMethods("string")
            .oktas(AccessPolicyRequireOktaArgs.builder()
                .identityProviderId("string")
                .names("string")
                .build())
            .samls(AccessPolicyRequireSamlArgs.builder()
                .attributeName("string")
                .attributeValue("string")
                .identityProviderId("string")
                .build())
            .serviceTokens("string")
            .build())
        .sessionDuration("string")
        .zoneId("string")
        .build());
    
    access_policy_resource = cloudflare.AccessPolicy("accessPolicyResource",
        decision="string",
        name="string",
        includes=[cloudflare.AccessPolicyIncludeArgs(
            any_valid_service_token=False,
            auth_contexts=[cloudflare.AccessPolicyIncludeAuthContextArgs(
                ac_id="string",
                id="string",
                identity_provider_id="string",
            )],
            auth_method="string",
            azures=[cloudflare.AccessPolicyIncludeAzureArgs(
                identity_provider_id="string",
                ids=["string"],
            )],
            certificate=False,
            common_name="string",
            common_names=["string"],
            device_postures=["string"],
            email_domains=["string"],
            email_lists=["string"],
            emails=["string"],
            everyone=False,
            external_evaluation=cloudflare.AccessPolicyIncludeExternalEvaluationArgs(
                evaluate_url="string",
                keys_url="string",
            ),
            geos=["string"],
            githubs=[cloudflare.AccessPolicyIncludeGithubArgs(
                identity_provider_id="string",
                name="string",
                teams=["string"],
            )],
            groups=["string"],
            gsuites=[cloudflare.AccessPolicyIncludeGsuiteArgs(
                emails=["string"],
                identity_provider_id="string",
            )],
            ip_lists=["string"],
            ips=["string"],
            login_methods=["string"],
            oktas=[cloudflare.AccessPolicyIncludeOktaArgs(
                identity_provider_id="string",
                names=["string"],
            )],
            samls=[cloudflare.AccessPolicyIncludeSamlArgs(
                attribute_name="string",
                attribute_value="string",
                identity_provider_id="string",
            )],
            service_tokens=["string"],
        )],
        approval_required=False,
        account_id="string",
        excludes=[cloudflare.AccessPolicyExcludeArgs(
            any_valid_service_token=False,
            auth_contexts=[cloudflare.AccessPolicyExcludeAuthContextArgs(
                ac_id="string",
                id="string",
                identity_provider_id="string",
            )],
            auth_method="string",
            azures=[cloudflare.AccessPolicyExcludeAzureArgs(
                identity_provider_id="string",
                ids=["string"],
            )],
            certificate=False,
            common_name="string",
            common_names=["string"],
            device_postures=["string"],
            email_domains=["string"],
            email_lists=["string"],
            emails=["string"],
            everyone=False,
            external_evaluation=cloudflare.AccessPolicyExcludeExternalEvaluationArgs(
                evaluate_url="string",
                keys_url="string",
            ),
            geos=["string"],
            githubs=[cloudflare.AccessPolicyExcludeGithubArgs(
                identity_provider_id="string",
                name="string",
                teams=["string"],
            )],
            groups=["string"],
            gsuites=[cloudflare.AccessPolicyExcludeGsuiteArgs(
                emails=["string"],
                identity_provider_id="string",
            )],
            ip_lists=["string"],
            ips=["string"],
            login_methods=["string"],
            oktas=[cloudflare.AccessPolicyExcludeOktaArgs(
                identity_provider_id="string",
                names=["string"],
            )],
            samls=[cloudflare.AccessPolicyExcludeSamlArgs(
                attribute_name="string",
                attribute_value="string",
                identity_provider_id="string",
            )],
            service_tokens=["string"],
        )],
        approval_groups=[cloudflare.AccessPolicyApprovalGroupArgs(
            approvals_needed=0,
            email_addresses=["string"],
            email_list_uuid="string",
        )],
        isolation_required=False,
        purpose_justification_prompt="string",
        purpose_justification_required=False,
        requires=[cloudflare.AccessPolicyRequireArgs(
            any_valid_service_token=False,
            auth_contexts=[cloudflare.AccessPolicyRequireAuthContextArgs(
                ac_id="string",
                id="string",
                identity_provider_id="string",
            )],
            auth_method="string",
            azures=[cloudflare.AccessPolicyRequireAzureArgs(
                identity_provider_id="string",
                ids=["string"],
            )],
            certificate=False,
            common_name="string",
            common_names=["string"],
            device_postures=["string"],
            email_domains=["string"],
            email_lists=["string"],
            emails=["string"],
            everyone=False,
            external_evaluation=cloudflare.AccessPolicyRequireExternalEvaluationArgs(
                evaluate_url="string",
                keys_url="string",
            ),
            geos=["string"],
            githubs=[cloudflare.AccessPolicyRequireGithubArgs(
                identity_provider_id="string",
                name="string",
                teams=["string"],
            )],
            groups=["string"],
            gsuites=[cloudflare.AccessPolicyRequireGsuiteArgs(
                emails=["string"],
                identity_provider_id="string",
            )],
            ip_lists=["string"],
            ips=["string"],
            login_methods=["string"],
            oktas=[cloudflare.AccessPolicyRequireOktaArgs(
                identity_provider_id="string",
                names=["string"],
            )],
            samls=[cloudflare.AccessPolicyRequireSamlArgs(
                attribute_name="string",
                attribute_value="string",
                identity_provider_id="string",
            )],
            service_tokens=["string"],
        )],
        session_duration="string",
        zone_id="string")
    
    const accessPolicyResource = new cloudflare.AccessPolicy("accessPolicyResource", {
        decision: "string",
        name: "string",
        includes: [{
            anyValidServiceToken: false,
            authContexts: [{
                acId: "string",
                id: "string",
                identityProviderId: "string",
            }],
            authMethod: "string",
            azures: [{
                identityProviderId: "string",
                ids: ["string"],
            }],
            certificate: false,
            commonName: "string",
            commonNames: ["string"],
            devicePostures: ["string"],
            emailDomains: ["string"],
            emailLists: ["string"],
            emails: ["string"],
            everyone: false,
            externalEvaluation: {
                evaluateUrl: "string",
                keysUrl: "string",
            },
            geos: ["string"],
            githubs: [{
                identityProviderId: "string",
                name: "string",
                teams: ["string"],
            }],
            groups: ["string"],
            gsuites: [{
                emails: ["string"],
                identityProviderId: "string",
            }],
            ipLists: ["string"],
            ips: ["string"],
            loginMethods: ["string"],
            oktas: [{
                identityProviderId: "string",
                names: ["string"],
            }],
            samls: [{
                attributeName: "string",
                attributeValue: "string",
                identityProviderId: "string",
            }],
            serviceTokens: ["string"],
        }],
        approvalRequired: false,
        accountId: "string",
        excludes: [{
            anyValidServiceToken: false,
            authContexts: [{
                acId: "string",
                id: "string",
                identityProviderId: "string",
            }],
            authMethod: "string",
            azures: [{
                identityProviderId: "string",
                ids: ["string"],
            }],
            certificate: false,
            commonName: "string",
            commonNames: ["string"],
            devicePostures: ["string"],
            emailDomains: ["string"],
            emailLists: ["string"],
            emails: ["string"],
            everyone: false,
            externalEvaluation: {
                evaluateUrl: "string",
                keysUrl: "string",
            },
            geos: ["string"],
            githubs: [{
                identityProviderId: "string",
                name: "string",
                teams: ["string"],
            }],
            groups: ["string"],
            gsuites: [{
                emails: ["string"],
                identityProviderId: "string",
            }],
            ipLists: ["string"],
            ips: ["string"],
            loginMethods: ["string"],
            oktas: [{
                identityProviderId: "string",
                names: ["string"],
            }],
            samls: [{
                attributeName: "string",
                attributeValue: "string",
                identityProviderId: "string",
            }],
            serviceTokens: ["string"],
        }],
        approvalGroups: [{
            approvalsNeeded: 0,
            emailAddresses: ["string"],
            emailListUuid: "string",
        }],
        isolationRequired: false,
        purposeJustificationPrompt: "string",
        purposeJustificationRequired: false,
        requires: [{
            anyValidServiceToken: false,
            authContexts: [{
                acId: "string",
                id: "string",
                identityProviderId: "string",
            }],
            authMethod: "string",
            azures: [{
                identityProviderId: "string",
                ids: ["string"],
            }],
            certificate: false,
            commonName: "string",
            commonNames: ["string"],
            devicePostures: ["string"],
            emailDomains: ["string"],
            emailLists: ["string"],
            emails: ["string"],
            everyone: false,
            externalEvaluation: {
                evaluateUrl: "string",
                keysUrl: "string",
            },
            geos: ["string"],
            githubs: [{
                identityProviderId: "string",
                name: "string",
                teams: ["string"],
            }],
            groups: ["string"],
            gsuites: [{
                emails: ["string"],
                identityProviderId: "string",
            }],
            ipLists: ["string"],
            ips: ["string"],
            loginMethods: ["string"],
            oktas: [{
                identityProviderId: "string",
                names: ["string"],
            }],
            samls: [{
                attributeName: "string",
                attributeValue: "string",
                identityProviderId: "string",
            }],
            serviceTokens: ["string"],
        }],
        sessionDuration: "string",
        zoneId: "string",
    });
    
    type: cloudflare:AccessPolicy
    properties:
        accountId: string
        approvalGroups:
            - approvalsNeeded: 0
              emailAddresses:
                - string
              emailListUuid: string
        approvalRequired: false
        decision: string
        excludes:
            - anyValidServiceToken: false
              authContexts:
                - acId: string
                  id: string
                  identityProviderId: string
              authMethod: string
              azures:
                - identityProviderId: string
                  ids:
                    - string
              certificate: false
              commonName: string
              commonNames:
                - string
              devicePostures:
                - string
              emailDomains:
                - string
              emailLists:
                - string
              emails:
                - string
              everyone: false
              externalEvaluation:
                evaluateUrl: string
                keysUrl: string
              geos:
                - string
              githubs:
                - identityProviderId: string
                  name: string
                  teams:
                    - string
              groups:
                - string
              gsuites:
                - emails:
                    - string
                  identityProviderId: string
              ipLists:
                - string
              ips:
                - string
              loginMethods:
                - string
              oktas:
                - identityProviderId: string
                  names:
                    - string
              samls:
                - attributeName: string
                  attributeValue: string
                  identityProviderId: string
              serviceTokens:
                - string
        includes:
            - anyValidServiceToken: false
              authContexts:
                - acId: string
                  id: string
                  identityProviderId: string
              authMethod: string
              azures:
                - identityProviderId: string
                  ids:
                    - string
              certificate: false
              commonName: string
              commonNames:
                - string
              devicePostures:
                - string
              emailDomains:
                - string
              emailLists:
                - string
              emails:
                - string
              everyone: false
              externalEvaluation:
                evaluateUrl: string
                keysUrl: string
              geos:
                - string
              githubs:
                - identityProviderId: string
                  name: string
                  teams:
                    - string
              groups:
                - string
              gsuites:
                - emails:
                    - string
                  identityProviderId: string
              ipLists:
                - string
              ips:
                - string
              loginMethods:
                - string
              oktas:
                - identityProviderId: string
                  names:
                    - string
              samls:
                - attributeName: string
                  attributeValue: string
                  identityProviderId: string
              serviceTokens:
                - string
        isolationRequired: false
        name: string
        purposeJustificationPrompt: string
        purposeJustificationRequired: false
        requires:
            - anyValidServiceToken: false
              authContexts:
                - acId: string
                  id: string
                  identityProviderId: string
              authMethod: string
              azures:
                - identityProviderId: string
                  ids:
                    - string
              certificate: false
              commonName: string
              commonNames:
                - string
              devicePostures:
                - string
              emailDomains:
                - string
              emailLists:
                - string
              emails:
                - string
              everyone: false
              externalEvaluation:
                evaluateUrl: string
                keysUrl: string
              geos:
                - string
              githubs:
                - identityProviderId: string
                  name: string
                  teams:
                    - string
              groups:
                - string
              gsuites:
                - emails:
                    - string
                  identityProviderId: string
              ipLists:
                - string
              ips:
                - string
              loginMethods:
                - string
              oktas:
                - identityProviderId: string
                  names:
                    - string
              samls:
                - attributeName: string
                  attributeValue: string
                  identityProviderId: string
              serviceTokens:
                - string
        sessionDuration: string
        zoneId: string
    

    AccessPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccessPolicy resource accepts the following input properties:

    Decision string
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    Includes List<AccessPolicyInclude>
    A series of access conditions, see Access Groups.
    Name string
    Friendly name of the Access Policy.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    ApplicationId string
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    ApprovalGroups List<AccessPolicyApprovalGroup>
    ApprovalRequired bool
    Excludes List<AccessPolicyExclude>
    A series of access conditions, see Access Groups.
    IsolationRequired bool
    Require this application to be served in an isolated browser for users matching this policy.
    Precedence int
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    PurposeJustificationPrompt string
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    PurposeJustificationRequired bool
    Whether to prompt the user for a justification for accessing the resource.
    Requires List<AccessPolicyRequire>
    A series of access conditions, see Access Groups.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    Decision string
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    Includes []AccessPolicyIncludeArgs
    A series of access conditions, see Access Groups.
    Name string
    Friendly name of the Access Policy.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    ApplicationId string
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    ApprovalGroups []AccessPolicyApprovalGroupArgs
    ApprovalRequired bool
    Excludes []AccessPolicyExcludeArgs
    A series of access conditions, see Access Groups.
    IsolationRequired bool
    Require this application to be served in an isolated browser for users matching this policy.
    Precedence int
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    PurposeJustificationPrompt string
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    PurposeJustificationRequired bool
    Whether to prompt the user for a justification for accessing the resource.
    Requires []AccessPolicyRequireArgs
    A series of access conditions, see Access Groups.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    decision String
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    includes List<AccessPolicyInclude>
    A series of access conditions, see Access Groups.
    name String
    Friendly name of the Access Policy.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    applicationId String
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approvalGroups List<AccessPolicyApprovalGroup>
    approvalRequired Boolean
    excludes List<AccessPolicyExclude>
    A series of access conditions, see Access Groups.
    isolationRequired Boolean
    Require this application to be served in an isolated browser for users matching this policy.
    precedence Integer
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purposeJustificationPrompt String
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purposeJustificationRequired Boolean
    Whether to prompt the user for a justification for accessing the resource.
    requires List<AccessPolicyRequire>
    A series of access conditions, see Access Groups.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    decision string
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    includes AccessPolicyInclude[]
    A series of access conditions, see Access Groups.
    name string
    Friendly name of the Access Policy.
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    applicationId string
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approvalGroups AccessPolicyApprovalGroup[]
    approvalRequired boolean
    excludes AccessPolicyExclude[]
    A series of access conditions, see Access Groups.
    isolationRequired boolean
    Require this application to be served in an isolated browser for users matching this policy.
    precedence number
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purposeJustificationPrompt string
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purposeJustificationRequired boolean
    Whether to prompt the user for a justification for accessing the resource.
    requires AccessPolicyRequire[]
    A series of access conditions, see Access Groups.
    sessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    decision str
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    includes Sequence[AccessPolicyIncludeArgs]
    A series of access conditions, see Access Groups.
    name str
    Friendly name of the Access Policy.
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    application_id str
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approval_groups Sequence[AccessPolicyApprovalGroupArgs]
    approval_required bool
    excludes Sequence[AccessPolicyExcludeArgs]
    A series of access conditions, see Access Groups.
    isolation_required bool
    Require this application to be served in an isolated browser for users matching this policy.
    precedence int
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purpose_justification_prompt str
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purpose_justification_required bool
    Whether to prompt the user for a justification for accessing the resource.
    requires Sequence[AccessPolicyRequireArgs]
    A series of access conditions, see Access Groups.
    session_duration str
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    decision String
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    includes List<Property Map>
    A series of access conditions, see Access Groups.
    name String
    Friendly name of the Access Policy.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    applicationId String
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approvalGroups List<Property Map>
    approvalRequired Boolean
    excludes List<Property Map>
    A series of access conditions, see Access Groups.
    isolationRequired Boolean
    Require this application to be served in an isolated browser for users matching this policy.
    precedence Number
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purposeJustificationPrompt String
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purposeJustificationRequired Boolean
    Whether to prompt the user for a justification for accessing the resource.
    requires List<Property Map>
    A series of access conditions, see Access Groups.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AccessPolicy Resource

    Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            application_id: Optional[str] = None,
            approval_groups: Optional[Sequence[AccessPolicyApprovalGroupArgs]] = None,
            approval_required: Optional[bool] = None,
            decision: Optional[str] = None,
            excludes: Optional[Sequence[AccessPolicyExcludeArgs]] = None,
            includes: Optional[Sequence[AccessPolicyIncludeArgs]] = None,
            isolation_required: Optional[bool] = None,
            name: Optional[str] = None,
            precedence: Optional[int] = None,
            purpose_justification_prompt: Optional[str] = None,
            purpose_justification_required: Optional[bool] = None,
            requires: Optional[Sequence[AccessPolicyRequireArgs]] = None,
            session_duration: Optional[str] = None,
            zone_id: Optional[str] = None) -> AccessPolicy
    func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)
    public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)
    public static AccessPolicy get(String name, Output<String> id, AccessPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    ApplicationId string
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    ApprovalGroups List<AccessPolicyApprovalGroup>
    ApprovalRequired bool
    Decision string
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    Excludes List<AccessPolicyExclude>
    A series of access conditions, see Access Groups.
    Includes List<AccessPolicyInclude>
    A series of access conditions, see Access Groups.
    IsolationRequired bool
    Require this application to be served in an isolated browser for users matching this policy.
    Name string
    Friendly name of the Access Policy.
    Precedence int
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    PurposeJustificationPrompt string
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    PurposeJustificationRequired bool
    Whether to prompt the user for a justification for accessing the resource.
    Requires List<AccessPolicyRequire>
    A series of access conditions, see Access Groups.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    ApplicationId string
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    ApprovalGroups []AccessPolicyApprovalGroupArgs
    ApprovalRequired bool
    Decision string
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    Excludes []AccessPolicyExcludeArgs
    A series of access conditions, see Access Groups.
    Includes []AccessPolicyIncludeArgs
    A series of access conditions, see Access Groups.
    IsolationRequired bool
    Require this application to be served in an isolated browser for users matching this policy.
    Name string
    Friendly name of the Access Policy.
    Precedence int
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    PurposeJustificationPrompt string
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    PurposeJustificationRequired bool
    Whether to prompt the user for a justification for accessing the resource.
    Requires []AccessPolicyRequireArgs
    A series of access conditions, see Access Groups.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    applicationId String
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approvalGroups List<AccessPolicyApprovalGroup>
    approvalRequired Boolean
    decision String
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    excludes List<AccessPolicyExclude>
    A series of access conditions, see Access Groups.
    includes List<AccessPolicyInclude>
    A series of access conditions, see Access Groups.
    isolationRequired Boolean
    Require this application to be served in an isolated browser for users matching this policy.
    name String
    Friendly name of the Access Policy.
    precedence Integer
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purposeJustificationPrompt String
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purposeJustificationRequired Boolean
    Whether to prompt the user for a justification for accessing the resource.
    requires List<AccessPolicyRequire>
    A series of access conditions, see Access Groups.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    applicationId string
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approvalGroups AccessPolicyApprovalGroup[]
    approvalRequired boolean
    decision string
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    excludes AccessPolicyExclude[]
    A series of access conditions, see Access Groups.
    includes AccessPolicyInclude[]
    A series of access conditions, see Access Groups.
    isolationRequired boolean
    Require this application to be served in an isolated browser for users matching this policy.
    name string
    Friendly name of the Access Policy.
    precedence number
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purposeJustificationPrompt string
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purposeJustificationRequired boolean
    Whether to prompt the user for a justification for accessing the resource.
    requires AccessPolicyRequire[]
    A series of access conditions, see Access Groups.
    sessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    application_id str
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approval_groups Sequence[AccessPolicyApprovalGroupArgs]
    approval_required bool
    decision str
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    excludes Sequence[AccessPolicyExcludeArgs]
    A series of access conditions, see Access Groups.
    includes Sequence[AccessPolicyIncludeArgs]
    A series of access conditions, see Access Groups.
    isolation_required bool
    Require this application to be served in an isolated browser for users matching this policy.
    name str
    Friendly name of the Access Policy.
    precedence int
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purpose_justification_prompt str
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purpose_justification_required bool
    Whether to prompt the user for a justification for accessing the resource.
    requires Sequence[AccessPolicyRequireArgs]
    A series of access conditions, see Access Groups.
    session_duration str
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    applicationId String
    The ID of the application the policy is associated with. Required when using precedence. Modifying this attribute will force creation of a new resource.

    Deprecated: This field is deprecated. Policies can now be standalone and reusable by multiple applications.Please use cloudflare_access_application.policies to associate reusable access policies with access applications.

    approvalGroups List<Property Map>
    approvalRequired Boolean
    decision String
    Defines the action Access will take if the policy matches the user. Available values: allow, deny, non_identity, bypass.
    excludes List<Property Map>
    A series of access conditions, see Access Groups.
    includes List<Property Map>
    A series of access conditions, see Access Groups.
    isolationRequired Boolean
    Require this application to be served in an isolated browser for users matching this policy.
    name String
    Friendly name of the Access Policy.
    precedence Number
    The unique precedence for policies on a single application. Required when using application_id.

    Deprecated: This field is deprecated. Access policies can now be reusable by multiple applications. Please use cloudflare_access_application.policies to link policies to an application with ascending order of precedence.

    purposeJustificationPrompt String
    The prompt to display to the user for a justification for accessing the resource. Required when using purpose_justification_required.
    purposeJustificationRequired Boolean
    Whether to prompt the user for a justification for accessing the resource.
    requires List<Property Map>
    A series of access conditions, see Access Groups.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

    Supporting Types

    AccessPolicyApprovalGroup, AccessPolicyApprovalGroupArgs

    ApprovalsNeeded int
    Number of approvals needed.
    EmailAddresses List<string>
    List of emails to request approval from.
    EmailListUuid string
    ApprovalsNeeded int
    Number of approvals needed.
    EmailAddresses []string
    List of emails to request approval from.
    EmailListUuid string
    approvalsNeeded Integer
    Number of approvals needed.
    emailAddresses List<String>
    List of emails to request approval from.
    emailListUuid String
    approvalsNeeded number
    Number of approvals needed.
    emailAddresses string[]
    List of emails to request approval from.
    emailListUuid string
    approvals_needed int
    Number of approvals needed.
    email_addresses Sequence[str]
    List of emails to request approval from.
    email_list_uuid str
    approvalsNeeded Number
    Number of approvals needed.
    emailAddresses List<String>
    List of emails to request approval from.
    emailListUuid String

    AccessPolicyExclude, AccessPolicyExcludeArgs

    AnyValidServiceToken bool
    AuthContexts List<AccessPolicyExcludeAuthContext>
    AuthMethod string
    Azures List<AccessPolicyExcludeAzure>
    Certificate bool
    CommonName string
    CommonNames List<string>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures List<string>
    EmailDomains List<string>
    EmailLists List<string>
    Emails List<string>
    Everyone bool
    ExternalEvaluation AccessPolicyExcludeExternalEvaluation
    Geos List<string>
    Githubs List<AccessPolicyExcludeGithub>
    Groups List<string>
    Gsuites List<AccessPolicyExcludeGsuite>
    IpLists List<string>
    The ID of an existing IP list to reference.
    Ips List<string>
    An IPv4 or IPv6 CIDR block.
    LoginMethods List<string>
    Oktas List<AccessPolicyExcludeOkta>
    Samls List<AccessPolicyExcludeSaml>
    ServiceTokens List<string>
    AnyValidServiceToken bool
    AuthContexts []AccessPolicyExcludeAuthContext
    AuthMethod string
    Azures []AccessPolicyExcludeAzure
    Certificate bool
    CommonName string
    CommonNames []string
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures []string
    EmailDomains []string
    EmailLists []string
    Emails []string
    Everyone bool
    ExternalEvaluation AccessPolicyExcludeExternalEvaluation
    Geos []string
    Githubs []AccessPolicyExcludeGithub
    Groups []string
    Gsuites []AccessPolicyExcludeGsuite
    IpLists []string
    The ID of an existing IP list to reference.
    Ips []string
    An IPv4 or IPv6 CIDR block.
    LoginMethods []string
    Oktas []AccessPolicyExcludeOkta
    Samls []AccessPolicyExcludeSaml
    ServiceTokens []string
    anyValidServiceToken Boolean
    authContexts List<AccessPolicyExcludeAuthContext>
    authMethod String
    azures List<AccessPolicyExcludeAzure>
    certificate Boolean
    commonName String
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    emailDomains List<String>
    emailLists List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation AccessPolicyExcludeExternalEvaluation
    geos List<String>
    githubs List<AccessPolicyExcludeGithub>
    groups List<String>
    gsuites List<AccessPolicyExcludeGsuite>
    ipLists List<String>
    The ID of an existing IP list to reference.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    oktas List<AccessPolicyExcludeOkta>
    samls List<AccessPolicyExcludeSaml>
    serviceTokens List<String>
    anyValidServiceToken boolean
    authContexts AccessPolicyExcludeAuthContext[]
    authMethod string
    azures AccessPolicyExcludeAzure[]
    certificate boolean
    commonName string
    commonNames string[]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures string[]
    emailDomains string[]
    emailLists string[]
    emails string[]
    everyone boolean
    externalEvaluation AccessPolicyExcludeExternalEvaluation
    geos string[]
    githubs AccessPolicyExcludeGithub[]
    groups string[]
    gsuites AccessPolicyExcludeGsuite[]
    ipLists string[]
    The ID of an existing IP list to reference.
    ips string[]
    An IPv4 or IPv6 CIDR block.
    loginMethods string[]
    oktas AccessPolicyExcludeOkta[]
    samls AccessPolicyExcludeSaml[]
    serviceTokens string[]
    any_valid_service_token bool
    auth_contexts Sequence[AccessPolicyExcludeAuthContext]
    auth_method str
    azures Sequence[AccessPolicyExcludeAzure]
    certificate bool
    common_name str
    common_names Sequence[str]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    device_postures Sequence[str]
    email_domains Sequence[str]
    email_lists Sequence[str]
    emails Sequence[str]
    everyone bool
    external_evaluation AccessPolicyExcludeExternalEvaluation
    geos Sequence[str]
    githubs Sequence[AccessPolicyExcludeGithub]
    groups Sequence[str]
    gsuites Sequence[AccessPolicyExcludeGsuite]
    ip_lists Sequence[str]
    The ID of an existing IP list to reference.
    ips Sequence[str]
    An IPv4 or IPv6 CIDR block.
    login_methods Sequence[str]
    oktas Sequence[AccessPolicyExcludeOkta]
    samls Sequence[AccessPolicyExcludeSaml]
    service_tokens Sequence[str]
    anyValidServiceToken Boolean
    authContexts List<Property Map>
    authMethod String
    azures List<Property Map>
    certificate Boolean
    commonName String
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    emailDomains List<String>
    emailLists List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation Property Map
    geos List<String>
    githubs List<Property Map>
    groups List<String>
    gsuites List<Property Map>
    ipLists List<String>
    The ID of an existing IP list to reference.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    oktas List<Property Map>
    samls List<Property Map>
    serviceTokens List<String>

    AccessPolicyExcludeAuthContext, AccessPolicyExcludeAuthContextArgs

    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure Identity provider.
    acId string
    The ACID of the Authentication Context.
    id string
    The ID of the Authentication Context.
    identityProviderId string
    The ID of the Azure Identity provider.
    ac_id str
    The ACID of the Authentication Context.
    id str
    The ID of the Authentication Context.
    identity_provider_id str
    The ID of the Azure Identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure Identity provider.

    AccessPolicyExcludeAzure, AccessPolicyExcludeAzureArgs

    IdentityProviderId string
    The ID of the Azure Identity provider.
    Ids List<string>
    The ID of the Azure group or user.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    Ids []string
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure Identity provider.
    ids List<String>
    The ID of the Azure group or user.
    identityProviderId string
    The ID of the Azure Identity provider.
    ids string[]
    The ID of the Azure group or user.
    identity_provider_id str
    The ID of the Azure Identity provider.
    ids Sequence[str]
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure Identity provider.
    ids List<String>
    The ID of the Azure group or user.

    AccessPolicyExcludeExternalEvaluation, AccessPolicyExcludeExternalEvaluationArgs

    EvaluateUrl string
    KeysUrl string
    EvaluateUrl string
    KeysUrl string
    evaluateUrl String
    keysUrl String
    evaluateUrl string
    keysUrl string
    evaluateUrl String
    keysUrl String

    AccessPolicyExcludeGithub, AccessPolicyExcludeGithubArgs

    IdentityProviderId string
    Name string
    Teams List<string>
    IdentityProviderId string
    Name string
    Teams []string
    identityProviderId String
    name String
    teams List<String>
    identityProviderId string
    name string
    teams string[]
    identity_provider_id str
    name str
    teams Sequence[str]
    identityProviderId String
    name String
    teams List<String>

    AccessPolicyExcludeGsuite, AccessPolicyExcludeGsuiteArgs

    Emails List<string>
    IdentityProviderId string
    Emails []string
    IdentityProviderId string
    emails List<String>
    identityProviderId String
    emails string[]
    identityProviderId string
    emails Sequence[str]
    identity_provider_id str
    emails List<String>
    identityProviderId String

    AccessPolicyExcludeOkta, AccessPolicyExcludeOktaArgs

    IdentityProviderId string
    Names List<string>
    IdentityProviderId string
    Names []string
    identityProviderId String
    names List<String>
    identityProviderId string
    names string[]
    identity_provider_id str
    names Sequence[str]
    identityProviderId String
    names List<String>

    AccessPolicyExcludeSaml, AccessPolicyExcludeSamlArgs

    AccessPolicyInclude, AccessPolicyIncludeArgs

    AnyValidServiceToken bool
    AuthContexts List<AccessPolicyIncludeAuthContext>
    AuthMethod string
    Azures List<AccessPolicyIncludeAzure>
    Certificate bool
    CommonName string
    CommonNames List<string>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures List<string>
    EmailDomains List<string>
    EmailLists List<string>
    Emails List<string>
    Everyone bool
    ExternalEvaluation AccessPolicyIncludeExternalEvaluation
    Geos List<string>
    Githubs List<AccessPolicyIncludeGithub>
    Groups List<string>
    Gsuites List<AccessPolicyIncludeGsuite>
    IpLists List<string>
    The ID of an existing IP list to reference.
    Ips List<string>
    An IPv4 or IPv6 CIDR block.
    LoginMethods List<string>
    Oktas List<AccessPolicyIncludeOkta>
    Samls List<AccessPolicyIncludeSaml>
    ServiceTokens List<string>
    AnyValidServiceToken bool
    AuthContexts []AccessPolicyIncludeAuthContext
    AuthMethod string
    Azures []AccessPolicyIncludeAzure
    Certificate bool
    CommonName string
    CommonNames []string
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures []string
    EmailDomains []string
    EmailLists []string
    Emails []string
    Everyone bool
    ExternalEvaluation AccessPolicyIncludeExternalEvaluation
    Geos []string
    Githubs []AccessPolicyIncludeGithub
    Groups []string
    Gsuites []AccessPolicyIncludeGsuite
    IpLists []string
    The ID of an existing IP list to reference.
    Ips []string
    An IPv4 or IPv6 CIDR block.
    LoginMethods []string
    Oktas []AccessPolicyIncludeOkta
    Samls []AccessPolicyIncludeSaml
    ServiceTokens []string
    anyValidServiceToken Boolean
    authContexts List<AccessPolicyIncludeAuthContext>
    authMethod String
    azures List<AccessPolicyIncludeAzure>
    certificate Boolean
    commonName String
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    emailDomains List<String>
    emailLists List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation AccessPolicyIncludeExternalEvaluation
    geos List<String>
    githubs List<AccessPolicyIncludeGithub>
    groups List<String>
    gsuites List<AccessPolicyIncludeGsuite>
    ipLists List<String>
    The ID of an existing IP list to reference.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    oktas List<AccessPolicyIncludeOkta>
    samls List<AccessPolicyIncludeSaml>
    serviceTokens List<String>
    anyValidServiceToken boolean
    authContexts AccessPolicyIncludeAuthContext[]
    authMethod string
    azures AccessPolicyIncludeAzure[]
    certificate boolean
    commonName string
    commonNames string[]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures string[]
    emailDomains string[]
    emailLists string[]
    emails string[]
    everyone boolean
    externalEvaluation AccessPolicyIncludeExternalEvaluation
    geos string[]
    githubs AccessPolicyIncludeGithub[]
    groups string[]
    gsuites AccessPolicyIncludeGsuite[]
    ipLists string[]
    The ID of an existing IP list to reference.
    ips string[]
    An IPv4 or IPv6 CIDR block.
    loginMethods string[]
    oktas AccessPolicyIncludeOkta[]
    samls AccessPolicyIncludeSaml[]
    serviceTokens string[]
    any_valid_service_token bool
    auth_contexts Sequence[AccessPolicyIncludeAuthContext]
    auth_method str
    azures Sequence[AccessPolicyIncludeAzure]
    certificate bool
    common_name str
    common_names Sequence[str]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    device_postures Sequence[str]
    email_domains Sequence[str]
    email_lists Sequence[str]
    emails Sequence[str]
    everyone bool
    external_evaluation AccessPolicyIncludeExternalEvaluation
    geos Sequence[str]
    githubs Sequence[AccessPolicyIncludeGithub]
    groups Sequence[str]
    gsuites Sequence[AccessPolicyIncludeGsuite]
    ip_lists Sequence[str]
    The ID of an existing IP list to reference.
    ips Sequence[str]
    An IPv4 or IPv6 CIDR block.
    login_methods Sequence[str]
    oktas Sequence[AccessPolicyIncludeOkta]
    samls Sequence[AccessPolicyIncludeSaml]
    service_tokens Sequence[str]
    anyValidServiceToken Boolean
    authContexts List<Property Map>
    authMethod String
    azures List<Property Map>
    certificate Boolean
    commonName String
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    emailDomains List<String>
    emailLists List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation Property Map
    geos List<String>
    githubs List<Property Map>
    groups List<String>
    gsuites List<Property Map>
    ipLists List<String>
    The ID of an existing IP list to reference.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    oktas List<Property Map>
    samls List<Property Map>
    serviceTokens List<String>

    AccessPolicyIncludeAuthContext, AccessPolicyIncludeAuthContextArgs

    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure Identity provider.
    acId string
    The ACID of the Authentication Context.
    id string
    The ID of the Authentication Context.
    identityProviderId string
    The ID of the Azure Identity provider.
    ac_id str
    The ACID of the Authentication Context.
    id str
    The ID of the Authentication Context.
    identity_provider_id str
    The ID of the Azure Identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure Identity provider.

    AccessPolicyIncludeAzure, AccessPolicyIncludeAzureArgs

    IdentityProviderId string
    The ID of the Azure Identity provider.
    Ids List<string>
    The ID of the Azure group or user.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    Ids []string
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure Identity provider.
    ids List<String>
    The ID of the Azure group or user.
    identityProviderId string
    The ID of the Azure Identity provider.
    ids string[]
    The ID of the Azure group or user.
    identity_provider_id str
    The ID of the Azure Identity provider.
    ids Sequence[str]
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure Identity provider.
    ids List<String>
    The ID of the Azure group or user.

    AccessPolicyIncludeExternalEvaluation, AccessPolicyIncludeExternalEvaluationArgs

    EvaluateUrl string
    KeysUrl string
    EvaluateUrl string
    KeysUrl string
    evaluateUrl String
    keysUrl String
    evaluateUrl string
    keysUrl string
    evaluateUrl String
    keysUrl String

    AccessPolicyIncludeGithub, AccessPolicyIncludeGithubArgs

    IdentityProviderId string
    Name string
    Teams List<string>
    IdentityProviderId string
    Name string
    Teams []string
    identityProviderId String
    name String
    teams List<String>
    identityProviderId string
    name string
    teams string[]
    identity_provider_id str
    name str
    teams Sequence[str]
    identityProviderId String
    name String
    teams List<String>

    AccessPolicyIncludeGsuite, AccessPolicyIncludeGsuiteArgs

    Emails List<string>
    IdentityProviderId string
    Emails []string
    IdentityProviderId string
    emails List<String>
    identityProviderId String
    emails string[]
    identityProviderId string
    emails Sequence[str]
    identity_provider_id str
    emails List<String>
    identityProviderId String

    AccessPolicyIncludeOkta, AccessPolicyIncludeOktaArgs

    IdentityProviderId string
    Names List<string>
    IdentityProviderId string
    Names []string
    identityProviderId String
    names List<String>
    identityProviderId string
    names string[]
    identity_provider_id str
    names Sequence[str]
    identityProviderId String
    names List<String>

    AccessPolicyIncludeSaml, AccessPolicyIncludeSamlArgs

    AccessPolicyRequire, AccessPolicyRequireArgs

    AnyValidServiceToken bool
    AuthContexts List<AccessPolicyRequireAuthContext>
    AuthMethod string
    Azures List<AccessPolicyRequireAzure>
    Certificate bool
    CommonName string
    CommonNames List<string>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures List<string>
    EmailDomains List<string>
    EmailLists List<string>
    Emails List<string>
    Everyone bool
    ExternalEvaluation AccessPolicyRequireExternalEvaluation
    Geos List<string>
    Githubs List<AccessPolicyRequireGithub>
    Groups List<string>
    Gsuites List<AccessPolicyRequireGsuite>
    IpLists List<string>
    The ID of an existing IP list to reference.
    Ips List<string>
    An IPv4 or IPv6 CIDR block.
    LoginMethods List<string>
    Oktas List<AccessPolicyRequireOkta>
    Samls List<AccessPolicyRequireSaml>
    ServiceTokens List<string>
    AnyValidServiceToken bool
    AuthContexts []AccessPolicyRequireAuthContext
    AuthMethod string
    Azures []AccessPolicyRequireAzure
    Certificate bool
    CommonName string
    CommonNames []string
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    DevicePostures []string
    EmailDomains []string
    EmailLists []string
    Emails []string
    Everyone bool
    ExternalEvaluation AccessPolicyRequireExternalEvaluation
    Geos []string
    Githubs []AccessPolicyRequireGithub
    Groups []string
    Gsuites []AccessPolicyRequireGsuite
    IpLists []string
    The ID of an existing IP list to reference.
    Ips []string
    An IPv4 or IPv6 CIDR block.
    LoginMethods []string
    Oktas []AccessPolicyRequireOkta
    Samls []AccessPolicyRequireSaml
    ServiceTokens []string
    anyValidServiceToken Boolean
    authContexts List<AccessPolicyRequireAuthContext>
    authMethod String
    azures List<AccessPolicyRequireAzure>
    certificate Boolean
    commonName String
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    emailDomains List<String>
    emailLists List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation AccessPolicyRequireExternalEvaluation
    geos List<String>
    githubs List<AccessPolicyRequireGithub>
    groups List<String>
    gsuites List<AccessPolicyRequireGsuite>
    ipLists List<String>
    The ID of an existing IP list to reference.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    oktas List<AccessPolicyRequireOkta>
    samls List<AccessPolicyRequireSaml>
    serviceTokens List<String>
    anyValidServiceToken boolean
    authContexts AccessPolicyRequireAuthContext[]
    authMethod string
    azures AccessPolicyRequireAzure[]
    certificate boolean
    commonName string
    commonNames string[]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures string[]
    emailDomains string[]
    emailLists string[]
    emails string[]
    everyone boolean
    externalEvaluation AccessPolicyRequireExternalEvaluation
    geos string[]
    githubs AccessPolicyRequireGithub[]
    groups string[]
    gsuites AccessPolicyRequireGsuite[]
    ipLists string[]
    The ID of an existing IP list to reference.
    ips string[]
    An IPv4 or IPv6 CIDR block.
    loginMethods string[]
    oktas AccessPolicyRequireOkta[]
    samls AccessPolicyRequireSaml[]
    serviceTokens string[]
    any_valid_service_token bool
    auth_contexts Sequence[AccessPolicyRequireAuthContext]
    auth_method str
    azures Sequence[AccessPolicyRequireAzure]
    certificate bool
    common_name str
    common_names Sequence[str]
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    device_postures Sequence[str]
    email_domains Sequence[str]
    email_lists Sequence[str]
    emails Sequence[str]
    everyone bool
    external_evaluation AccessPolicyRequireExternalEvaluation
    geos Sequence[str]
    githubs Sequence[AccessPolicyRequireGithub]
    groups Sequence[str]
    gsuites Sequence[AccessPolicyRequireGsuite]
    ip_lists Sequence[str]
    The ID of an existing IP list to reference.
    ips Sequence[str]
    An IPv4 or IPv6 CIDR block.
    login_methods Sequence[str]
    oktas Sequence[AccessPolicyRequireOkta]
    samls Sequence[AccessPolicyRequireSaml]
    service_tokens Sequence[str]
    anyValidServiceToken Boolean
    authContexts List<Property Map>
    authMethod String
    azures List<Property Map>
    certificate Boolean
    commonName String
    commonNames List<String>
    Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
    devicePostures List<String>
    emailDomains List<String>
    emailLists List<String>
    emails List<String>
    everyone Boolean
    externalEvaluation Property Map
    geos List<String>
    githubs List<Property Map>
    groups List<String>
    gsuites List<Property Map>
    ipLists List<String>
    The ID of an existing IP list to reference.
    ips List<String>
    An IPv4 or IPv6 CIDR block.
    loginMethods List<String>
    oktas List<Property Map>
    samls List<Property Map>
    serviceTokens List<String>

    AccessPolicyRequireAuthContext, AccessPolicyRequireAuthContextArgs

    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    AcId string
    The ACID of the Authentication Context.
    Id string
    The ID of the Authentication Context.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure Identity provider.
    acId string
    The ACID of the Authentication Context.
    id string
    The ID of the Authentication Context.
    identityProviderId string
    The ID of the Azure Identity provider.
    ac_id str
    The ACID of the Authentication Context.
    id str
    The ID of the Authentication Context.
    identity_provider_id str
    The ID of the Azure Identity provider.
    acId String
    The ACID of the Authentication Context.
    id String
    The ID of the Authentication Context.
    identityProviderId String
    The ID of the Azure Identity provider.

    AccessPolicyRequireAzure, AccessPolicyRequireAzureArgs

    IdentityProviderId string
    The ID of the Azure Identity provider.
    Ids List<string>
    The ID of the Azure group or user.
    IdentityProviderId string
    The ID of the Azure Identity provider.
    Ids []string
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure Identity provider.
    ids List<String>
    The ID of the Azure group or user.
    identityProviderId string
    The ID of the Azure Identity provider.
    ids string[]
    The ID of the Azure group or user.
    identity_provider_id str
    The ID of the Azure Identity provider.
    ids Sequence[str]
    The ID of the Azure group or user.
    identityProviderId String
    The ID of the Azure Identity provider.
    ids List<String>
    The ID of the Azure group or user.

    AccessPolicyRequireExternalEvaluation, AccessPolicyRequireExternalEvaluationArgs

    EvaluateUrl string
    KeysUrl string
    EvaluateUrl string
    KeysUrl string
    evaluateUrl String
    keysUrl String
    evaluateUrl string
    keysUrl string
    evaluateUrl String
    keysUrl String

    AccessPolicyRequireGithub, AccessPolicyRequireGithubArgs

    IdentityProviderId string
    Name string
    Teams List<string>
    IdentityProviderId string
    Name string
    Teams []string
    identityProviderId String
    name String
    teams List<String>
    identityProviderId string
    name string
    teams string[]
    identity_provider_id str
    name str
    teams Sequence[str]
    identityProviderId String
    name String
    teams List<String>

    AccessPolicyRequireGsuite, AccessPolicyRequireGsuiteArgs

    Emails List<string>
    IdentityProviderId string
    Emails []string
    IdentityProviderId string
    emails List<String>
    identityProviderId String
    emails string[]
    identityProviderId string
    emails Sequence[str]
    identity_provider_id str
    emails List<String>
    identityProviderId String

    AccessPolicyRequireOkta, AccessPolicyRequireOktaArgs

    IdentityProviderId string
    Names List<string>
    IdentityProviderId string
    Names []string
    identityProviderId String
    names List<String>
    identityProviderId string
    names string[]
    identity_provider_id str
    names Sequence[str]
    identityProviderId String
    names List<String>

    AccessPolicyRequireSaml, AccessPolicyRequireSamlArgs

    Import

    $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the cloudflare Terraform Provider.
    cloudflare logo
    Cloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi