cloudflare_access_group (Resource)

Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.

Example Usage

# Allowing access to `test@example.com` email address only
resource "cloudflare_access_group" "example" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "staging group"

  include {
    email = ["test@example.com"]
  }
}

# Allowing `test@example.com` to access but only when coming from a
# specific IP.
resource "cloudflare_access_group" "example" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "staging group"

  include {
    email = ["test@example.com"]
  }

  require {
    ip = [var.office_ip]
  }
}

# Allow members of an Azure Group. The ID is the group UUID (id) in Azure.
resource "cloudflare_access_group" "example" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "test_group"

  include {
    azure {
      identity_provider_id = "ca298b82-93b5-41bf-bc2d-10493f09b761"
      id                   = ["86773093-5feb-48dd-814b-7ccd3676ff50"]
    }
  }
}

Schema

Required

Optional

Read-Only

Nested Schema for include

Optional:

Nested Schema for include.auth_context

Required:

Nested Schema for include.azure

Optional:

Nested Schema for include.external_evaluation

Optional:

Nested Schema for include.github

Optional:

Nested Schema for include.gsuite

Optional:

Nested Schema for include.okta

Optional:

Nested Schema for include.saml

Optional:

Nested Schema for exclude

Optional:

Nested Schema for exclude.auth_context

Required:

Nested Schema for exclude.azure

Optional:

Nested Schema for exclude.external_evaluation

Optional:

Nested Schema for exclude.github

Optional:

Nested Schema for exclude.gsuite

Optional:

Nested Schema for exclude.okta

Optional:

Nested Schema for exclude.saml

Optional:

Nested Schema for require

Optional:

Nested Schema for require.auth_context

Required:

Nested Schema for require.azure

Optional:

Nested Schema for require.external_evaluation

Optional:

Nested Schema for require.github

Optional:

Nested Schema for require.gsuite

Optional:

Nested Schema for require.okta

Optional:

Nested Schema for require.saml

Optional:

Import

Import is supported using the following syntax:

$ terraform import cloudflare_access_group.example <account_id>/<group_id>