Provides a Cloudflare Teams Account resource. The Teams Account resource defines configuration for secure web gateway.
resource "cloudflare_teams_account" "example" {
account_id = "f037e56e89293a057740de681ac9abbe"
tls_decrypt_enabled = true
protocol_detection_enabled = true
block_page {
footer_text = "hello"
header_text = "hello"
logo_path = "https://example.com/logo.jpg"
background_color = "#000000"
}
body_scanning {
inspection_mode = "deep"
}
antivirus {
enabled_download_phase = true
enabled_upload_phase = false
fail_closed = true
notification_settings {
enabled = true
message = "you are blocked"
support_url = "https://example.com/blocked"
}
}
fips {
tls = true
}
proxy {
tcp = true
udp = true
root_ca = true
}
url_browser_isolation_enabled = true
logging {
redact_pii = true
settings_by_rule_type {
dns {
log_all = false
log_blocks = true
}
http {
log_all = true
log_blocks = true
}
l4 {
log_all = false
log_blocks = true
}
}
}
extended_email_matching {
enabled = true
}
}
account_id
(String) The account identifier to target for the resource.activity_log_enabled
(Boolean) Whether to enable the activity log.antivirus
(Block List, Max: 1) Configuration block for antivirus traffic scanning. (see below for nested schema)block_page
(Block List, Max: 1) Configuration for a custom block page. (see below for nested schema)body_scanning
(Block List, Max: 1) Configuration for body scanning. (see below for nested schema)custom_certificate
(Block List, Max: 1) Configuration for custom certificates / BYO-PKI. (see below for nested schema)extended_email_matching
(Block List, Max: 1) Configuration for extended e-mail matching. (see below for nested schema)fips
(Block List, Max: 1) Configure compliance with Federal Information Processing Standards. (see below for nested schema)logging
(Block List, Max: 1) (see below for nested schema)non_identity_browser_isolation_enabled
(Boolean) Enable non-identity onramp for Browser Isolation. Defaults to false
.payload_log
(Block List, Max: 1) Configuration for DLP Payload Logging. (see below for nested schema)protocol_detection_enabled
(Boolean) Indicator that protocol detection is enabled.proxy
(Block List, Max: 1) Configuration block for specifying which protocols are proxied. (see below for nested schema)ssh_session_log
(Block List, Max: 1) Configuration for SSH Session Logging. (see below for nested schema)tls_decrypt_enabled
(Boolean) Indicator that decryption of TLS traffic is enabled.url_browser_isolation_enabled
(Boolean) Safely browse websites in Browser Isolation through a URL. Defaults to false
.id
(String) The ID of this resource.antivirus
Required:
enabled_download_phase
(Boolean) Scan on file download.enabled_upload_phase
(Boolean) Scan on file upload.fail_closed
(Boolean) Block requests for files that cannot be scanned.Optional:
notification_settings
(Block List, Max: 1) Set notifications for antivirus. (see below for nested schema)antivirus.notification_settings
Optional:
enabled
(Boolean) Enable notification settings.message
(String) Notification content.support_url
(String) Support URL to show in the notification.block_page
Optional:
background_color
(String) Hex code of block page background color.enabled
(Boolean) Indicator of enablement.footer_text
(String) Block page footer text.header_text
(String) Block page header text.logo_path
(String) URL of block page logo.mailto_address
(String) Admin email for users to contact.mailto_subject
(String) Subject line for emails created from block page.name
(String) Name of block page configuration.body_scanning
Required:
inspection_mode
(String) Body scanning inspection mode. Available values: deep
, shallow
.custom_certificate
Required:
enabled
(Boolean) Whether TLS encryption should use a custom certificate.Optional:
id
(String) ID of custom certificate.Read-Only:
updated_at
(String)extended_email_matching
Required:
enabled
(Boolean) Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.fips
Optional:
tls
(Boolean) Only allow FIPS-compliant TLS configuration.logging
Required:
redact_pii
(Boolean) Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).settings_by_rule_type
(Block List, Min: 1, Max: 1) Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters. (see below for nested schema)logging.settings_by_rule_type
Required:
dns
(Block List, Min: 1, Max: 1) Logging configuration for DNS requests. (see below for nested schema)http
(Block List, Min: 1, Max: 1) Logging configuration for HTTP requests. (see below for nested schema)l4
(Block List, Min: 1, Max: 1) Logging configuration for layer 4 requests. (see below for nested schema)logging.settings_by_rule_type.dns
Required:
log_all
(Boolean) Whether to log all activity.log_blocks
(Boolean)logging.settings_by_rule_type.http
Required:
log_all
(Boolean) Whether to log all activity.log_blocks
(Boolean)logging.settings_by_rule_type.l4
Required:
log_all
(Boolean) Whether to log all activity.log_blocks
(Boolean)payload_log
Required:
public_key
(String) Public key used to encrypt matched payloads.proxy
Required:
root_ca
(Boolean) Whether root ca is enabled account wide for ZT clients.tcp
(Boolean) Whether gateway proxy is enabled on gateway devices for TCP traffic.udp
(Boolean) Whether gateway proxy is enabled on gateway devices for UDP traffic.ssh_session_log
Required:
public_key
(String) Public key used to encrypt ssh session.Import is supported using the following syntax:
$ terraform import cloudflare_teams_account.example <account_id>