cloudflare_access_policy (Resource)

Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource.

Example Usage

# Allowing access to `test@example.com` email address only
resource "cloudflare_access_policy" "test_policy" {
  application_id = "cb029e245cfdd66dc8d2e570d5dd3322"
  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
  name           = "staging policy"
  precedence     = "1"
  decision       = "allow"

  include {
    email = ["test@example.com"]
  }

  require {
    email = ["test@example.com"]
  }
}

# Allowing `test@example.com` to access but only when coming from a
# specific IP.
resource "cloudflare_access_policy" "test_policy" {
  application_id = "cb029e245cfdd66dc8d2e570d5dd3322"
  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
  name           = "staging policy"
  precedence     = "1"
  decision       = "allow"

  include {
    email = ["test@example.com"]
  }

  require {
    ip = [var.office_ip]
  }
}

Schema

Required

Optional

Read-Only

Nested Schema for include

Optional:

Nested Schema for include.auth_context

Required:

Nested Schema for include.azure

Optional:

Nested Schema for include.external_evaluation

Optional:

Nested Schema for include.github

Optional:

Nested Schema for include.gsuite

Optional:

Nested Schema for include.okta

Optional:

Nested Schema for include.saml

Optional:

Nested Schema for approval_group

Required:

Optional:

Nested Schema for exclude

Optional:

Nested Schema for exclude.auth_context

Required:

Nested Schema for exclude.azure

Optional:

Nested Schema for exclude.external_evaluation

Optional:

Nested Schema for exclude.github

Optional:

Nested Schema for exclude.gsuite

Optional:

Nested Schema for exclude.okta

Optional:

Nested Schema for exclude.saml

Optional:

Nested Schema for require

Optional:

Nested Schema for require.auth_context

Required:

Nested Schema for require.azure

Optional:

Nested Schema for require.external_evaluation

Optional:

Nested Schema for require.github

Optional:

Nested Schema for require.gsuite

Optional:

Nested Schema for require.okta

Optional:

Nested Schema for require.saml

Optional:

Import

Import is supported using the following syntax:

# Account level import.
$ terraform import cloudflare_access_policy.example account/<account_id>/<application_id>/<policy_id>

# Zone level import.
$ terraform import cloudflare_access_policy.example zone/<zone_id>/<application_id>/<policy_id>