Docs Home
Cloudflare v5.49.1 published on Tuesday, Feb 18, 2025 by Pulumi
cloudflare.ZeroTrustGatewayPolicy
Explore with Pulumi AI
Provides a Cloudflare Teams rule resource. Teams rules comprise secure web gateway policies.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const example = new cloudflare.ZeroTrustGatewayPolicy("example", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "office",
description: "desc",
precedence: 1,
action: "block",
filters: ["http"],
traffic: "http.request.uri == \"https://www.example.com/malicious\"",
ruleSettings: {
blockPageEnabled: true,
blockPageReason: "access not permitted",
},
});
import pulumi
import pulumi_cloudflare as cloudflare
example = cloudflare.ZeroTrustGatewayPolicy("example",
account_id="f037e56e89293a057740de681ac9abbe",
name="office",
description="desc",
precedence=1,
action="block",
filters=["http"],
traffic="http.request.uri == \"https://www.example.com/malicious\"",
rule_settings={
"block_page_enabled": True,
"block_page_reason": "access not permitted",
})
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.NewZeroTrustGatewayPolicy(ctx, "example", &cloudflare.ZeroTrustGatewayPolicyArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("office"),
Description: pulumi.String("desc"),
Precedence: pulumi.Int(1),
Action: pulumi.String("block"),
Filters: pulumi.StringArray{
pulumi.String("http"),
},
Traffic: pulumi.String("http.request.uri == \"https://www.example.com/malicious\""),
RuleSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsArgs{
BlockPageEnabled: pulumi.Bool(true),
BlockPageReason: pulumi.String("access not permitted"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var example = new Cloudflare.ZeroTrustGatewayPolicy("example", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "office",
Description = "desc",
Precedence = 1,
Action = "block",
Filters = new[]
{
"http",
},
Traffic = "http.request.uri == \"https://www.example.com/malicious\"",
RuleSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsArgs
{
BlockPageEnabled = true,
BlockPageReason = "access not permitted",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustGatewayPolicy;
import com.pulumi.cloudflare.ZeroTrustGatewayPolicyArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewayPolicyRuleSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ZeroTrustGatewayPolicy("example", ZeroTrustGatewayPolicyArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("office")
.description("desc")
.precedence(1)
.action("block")
.filters("http")
.traffic("http.request.uri == \"https://www.example.com/malicious\"")
.ruleSettings(ZeroTrustGatewayPolicyRuleSettingsArgs.builder()
.blockPageEnabled(true)
.blockPageReason("access not permitted")
.build())
.build());
}
}
resources:
example:
type: cloudflare:ZeroTrustGatewayPolicy
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: office
description: desc
precedence: 1
action: block
filters:
- http
traffic: http.request.uri == "https://www.example.com/malicious"
ruleSettings:
blockPageEnabled: true
blockPageReason: access not permitted
Create ZeroTrustGatewayPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZeroTrustGatewayPolicy(name: string, args: ZeroTrustGatewayPolicyArgs, opts?: CustomResourceOptions);@overload
def ZeroTrustGatewayPolicy(resource_name: str,
args: ZeroTrustGatewayPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ZeroTrustGatewayPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
action: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
precedence: Optional[int] = None,
device_posture: Optional[str] = None,
enabled: Optional[bool] = None,
filters: Optional[Sequence[str]] = None,
identity: Optional[str] = None,
rule_settings: Optional[ZeroTrustGatewayPolicyRuleSettingsArgs] = None,
traffic: Optional[str] = None)func NewZeroTrustGatewayPolicy(ctx *Context, name string, args ZeroTrustGatewayPolicyArgs, opts ...ResourceOption) (*ZeroTrustGatewayPolicy, error)public ZeroTrustGatewayPolicy(string name, ZeroTrustGatewayPolicyArgs args, CustomResourceOptions? opts = null)public ZeroTrustGatewayPolicy(String name, ZeroTrustGatewayPolicyArgs args)
public ZeroTrustGatewayPolicy(String name, ZeroTrustGatewayPolicyArgs args, CustomResourceOptions options)
type: cloudflare:ZeroTrustGatewayPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ZeroTrustGatewayPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ZeroTrustGatewayPolicyArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ZeroTrustGatewayPolicyArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ZeroTrustGatewayPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ZeroTrustGatewayPolicyArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zeroTrustGatewayPolicyResource = new Cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", new()
{
AccountId = "string",
Action = "string",
Description = "string",
Name = "string",
Precedence = 0,
DevicePosture = "string",
Enabled = false,
Filters = new[]
{
"string",
},
Identity = "string",
RuleSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsArgs
{
AddHeaders =
{
{ "string", "string" },
},
AllowChildBypass = false,
AuditSsh = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs
{
CommandLogging = false,
},
BisoAdminControls = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs
{
DisableClipboardRedirection = false,
DisableCopyPaste = false,
DisableDownload = false,
DisableKeyboard = false,
DisablePrinting = false,
DisableUpload = false,
},
BlockPageEnabled = false,
BlockPageReason = "string",
BypassParentRule = false,
CheckSession = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs
{
Duration = "string",
Enforce = false,
},
DnsResolvers = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs
{
Ipv4s = new[]
{
new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args
{
Ip = "string",
Port = 0,
RouteThroughPrivateNetwork = false,
VnetId = "string",
},
},
Ipv6s = new[]
{
new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args
{
Ip = "string",
Port = 0,
RouteThroughPrivateNetwork = false,
VnetId = "string",
},
},
},
Egress = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsEgressArgs
{
Ipv4 = "string",
Ipv6 = "string",
Ipv4Fallback = "string",
},
IgnoreCnameCategoryMatches = false,
InsecureDisableDnssecValidation = false,
IpCategories = false,
L4override = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs
{
Ip = "string",
Port = 0,
},
NotificationSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs
{
Enabled = false,
Message = "string",
SupportUrl = "string",
},
OverrideHost = "string",
OverrideIps = new[]
{
"string",
},
PayloadLog = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs
{
Enabled = false,
},
ResolveDnsInternally = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs
{
Fallback = "string",
ViewId = "string",
},
ResolveDnsThroughCloudflare = false,
UntrustedCert = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs
{
Action = "string",
},
},
Traffic = "string",
});
example, err := cloudflare.NewZeroTrustGatewayPolicy(ctx, "zeroTrustGatewayPolicyResource", &cloudflare.ZeroTrustGatewayPolicyArgs{
AccountId: pulumi.String("string"),
Action: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Precedence: pulumi.Int(0),
DevicePosture: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Filters: pulumi.StringArray{
pulumi.String("string"),
},
Identity: pulumi.String("string"),
RuleSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsArgs{
AddHeaders: pulumi.StringMap{
"string": pulumi.String("string"),
},
AllowChildBypass: pulumi.Bool(false),
AuditSsh: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs{
CommandLogging: pulumi.Bool(false),
},
BisoAdminControls: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs{
DisableClipboardRedirection: pulumi.Bool(false),
DisableCopyPaste: pulumi.Bool(false),
DisableDownload: pulumi.Bool(false),
DisableKeyboard: pulumi.Bool(false),
DisablePrinting: pulumi.Bool(false),
DisableUpload: pulumi.Bool(false),
},
BlockPageEnabled: pulumi.Bool(false),
BlockPageReason: pulumi.String("string"),
BypassParentRule: pulumi.Bool(false),
CheckSession: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs{
Duration: pulumi.String("string"),
Enforce: pulumi.Bool(false),
},
DnsResolvers: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs{
Ipv4s: cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Array{
&cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args{
Ip: pulumi.String("string"),
Port: pulumi.Int(0),
RouteThroughPrivateNetwork: pulumi.Bool(false),
VnetId: pulumi.String("string"),
},
},
Ipv6s: cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Array{
&cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args{
Ip: pulumi.String("string"),
Port: pulumi.Int(0),
RouteThroughPrivateNetwork: pulumi.Bool(false),
VnetId: pulumi.String("string"),
},
},
},
Egress: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsEgressArgs{
Ipv4: pulumi.String("string"),
Ipv6: pulumi.String("string"),
Ipv4Fallback: pulumi.String("string"),
},
IgnoreCnameCategoryMatches: pulumi.Bool(false),
InsecureDisableDnssecValidation: pulumi.Bool(false),
IpCategories: pulumi.Bool(false),
L4override: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs{
Ip: pulumi.String("string"),
Port: pulumi.Int(0),
},
NotificationSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs{
Enabled: pulumi.Bool(false),
Message: pulumi.String("string"),
SupportUrl: pulumi.String("string"),
},
OverrideHost: pulumi.String("string"),
OverrideIps: pulumi.StringArray{
pulumi.String("string"),
},
PayloadLog: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs{
Enabled: pulumi.Bool(false),
},
ResolveDnsInternally: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs{
Fallback: pulumi.String("string"),
ViewId: pulumi.String("string"),
},
ResolveDnsThroughCloudflare: pulumi.Bool(false),
UntrustedCert: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs{
Action: pulumi.String("string"),
},
},
Traffic: pulumi.String("string"),
})
var zeroTrustGatewayPolicyResource = new ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", ZeroTrustGatewayPolicyArgs.builder()
.accountId("string")
.action("string")
.description("string")
.name("string")
.precedence(0)
.devicePosture("string")
.enabled(false)
.filters("string")
.identity("string")
.ruleSettings(ZeroTrustGatewayPolicyRuleSettingsArgs.builder()
.addHeaders(Map.of("string", "string"))
.allowChildBypass(false)
.auditSsh(ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs.builder()
.commandLogging(false)
.build())
.bisoAdminControls(ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs.builder()
.disableClipboardRedirection(false)
.disableCopyPaste(false)
.disableDownload(false)
.disableKeyboard(false)
.disablePrinting(false)
.disableUpload(false)
.build())
.blockPageEnabled(false)
.blockPageReason("string")
.bypassParentRule(false)
.checkSession(ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs.builder()
.duration("string")
.enforce(false)
.build())
.dnsResolvers(ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs.builder()
.ipv4s(ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args.builder()
.ip("string")
.port(0)
.routeThroughPrivateNetwork(false)
.vnetId("string")
.build())
.ipv6s(ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args.builder()
.ip("string")
.port(0)
.routeThroughPrivateNetwork(false)
.vnetId("string")
.build())
.build())
.egress(ZeroTrustGatewayPolicyRuleSettingsEgressArgs.builder()
.ipv4("string")
.ipv6("string")
.ipv4Fallback("string")
.build())
.ignoreCnameCategoryMatches(false)
.insecureDisableDnssecValidation(false)
.ipCategories(false)
.l4override(ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs.builder()
.ip("string")
.port(0)
.build())
.notificationSettings(ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs.builder()
.enabled(false)
.message("string")
.supportUrl("string")
.build())
.overrideHost("string")
.overrideIps("string")
.payloadLog(ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs.builder()
.enabled(false)
.build())
.resolveDnsInternally(ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs.builder()
.fallback("string")
.viewId("string")
.build())
.resolveDnsThroughCloudflare(false)
.untrustedCert(ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs.builder()
.action("string")
.build())
.build())
.traffic("string")
.build());
zero_trust_gateway_policy_resource = cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource",
account_id="string",
action="string",
description="string",
name="string",
precedence=0,
device_posture="string",
enabled=False,
filters=["string"],
identity="string",
rule_settings={
"add_headers": {
"string": "string",
},
"allow_child_bypass": False,
"audit_ssh": {
"command_logging": False,
},
"biso_admin_controls": {
"disable_clipboard_redirection": False,
"disable_copy_paste": False,
"disable_download": False,
"disable_keyboard": False,
"disable_printing": False,
"disable_upload": False,
},
"block_page_enabled": False,
"block_page_reason": "string",
"bypass_parent_rule": False,
"check_session": {
"duration": "string",
"enforce": False,
},
"dns_resolvers": {
"ipv4s": [{
"ip": "string",
"port": 0,
"route_through_private_network": False,
"vnet_id": "string",
}],
"ipv6s": [{
"ip": "string",
"port": 0,
"route_through_private_network": False,
"vnet_id": "string",
}],
},
"egress": {
"ipv4": "string",
"ipv6": "string",
"ipv4_fallback": "string",
},
"ignore_cname_category_matches": False,
"insecure_disable_dnssec_validation": False,
"ip_categories": False,
"l4override": {
"ip": "string",
"port": 0,
},
"notification_settings": {
"enabled": False,
"message": "string",
"support_url": "string",
},
"override_host": "string",
"override_ips": ["string"],
"payload_log": {
"enabled": False,
},
"resolve_dns_internally": {
"fallback": "string",
"view_id": "string",
},
"resolve_dns_through_cloudflare": False,
"untrusted_cert": {
"action": "string",
},
},
traffic="string")
const zeroTrustGatewayPolicyResource = new cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", {
accountId: "string",
action: "string",
description: "string",
name: "string",
precedence: 0,
devicePosture: "string",
enabled: false,
filters: ["string"],
identity: "string",
ruleSettings: {
addHeaders: {
string: "string",
},
allowChildBypass: false,
auditSsh: {
commandLogging: false,
},
bisoAdminControls: {
disableClipboardRedirection: false,
disableCopyPaste: false,
disableDownload: false,
disableKeyboard: false,
disablePrinting: false,
disableUpload: false,
},
blockPageEnabled: false,
blockPageReason: "string",
bypassParentRule: false,
checkSession: {
duration: "string",
enforce: false,
},
dnsResolvers: {
ipv4s: [{
ip: "string",
port: 0,
routeThroughPrivateNetwork: false,
vnetId: "string",
}],
ipv6s: [{
ip: "string",
port: 0,
routeThroughPrivateNetwork: false,
vnetId: "string",
}],
},
egress: {
ipv4: "string",
ipv6: "string",
ipv4Fallback: "string",
},
ignoreCnameCategoryMatches: false,
insecureDisableDnssecValidation: false,
ipCategories: false,
l4override: {
ip: "string",
port: 0,
},
notificationSettings: {
enabled: false,
message: "string",
supportUrl: "string",
},
overrideHost: "string",
overrideIps: ["string"],
payloadLog: {
enabled: false,
},
resolveDnsInternally: {
fallback: "string",
viewId: "string",
},
resolveDnsThroughCloudflare: false,
untrustedCert: {
action: "string",
},
},
traffic: "string",
});
type: cloudflare:ZeroTrustGatewayPolicy
properties:
accountId: string
action: string
description: string
devicePosture: string
enabled: false
filters:
- string
identity: string
name: string
precedence: 0
ruleSettings:
addHeaders:
string: string
allowChildBypass: false
auditSsh:
commandLogging: false
bisoAdminControls:
disableClipboardRedirection: false
disableCopyPaste: false
disableDownload: false
disableKeyboard: false
disablePrinting: false
disableUpload: false
blockPageEnabled: false
blockPageReason: string
bypassParentRule: false
checkSession:
duration: string
enforce: false
dnsResolvers:
ipv4s:
- ip: string
port: 0
routeThroughPrivateNetwork: false
vnetId: string
ipv6s:
- ip: string
port: 0
routeThroughPrivateNetwork: false
vnetId: string
egress:
ipv4: string
ipv4Fallback: string
ipv6: string
ignoreCnameCategoryMatches: false
insecureDisableDnssecValidation: false
ipCategories: false
l4override:
ip: string
port: 0
notificationSettings:
enabled: false
message: string
supportUrl: string
overrideHost: string
overrideIps:
- string
payloadLog:
enabled: false
resolveDnsInternally:
fallback: string
viewId: string
resolveDnsThroughCloudflare: false
untrustedCert:
action: string
traffic: string
ZeroTrustGatewayPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ZeroTrustGatewayPolicy resource accepts the following input properties:
- Account
Id This property is required. string - The account identifier to target for the resource.
- Action
This property is required. string - The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - Description
This property is required. string - The description of the teams rule.
- Name
This property is required. string - The name of the teams rule.
- Precedence
This property is required. int - The evaluation precedence of the teams rule.
- Device
Posture string - The wirefilter expression to be used for device_posture check matching.
- Enabled bool
- Indicator of rule enablement.
- Filters List<string>
- The protocol or layer to evaluate the traffic and identity expressions.
- Identity string
- The wirefilter expression to be used for identity matching.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional rule settings.
- Traffic string
- The wirefilter expression to be used for traffic matching.
- Account
Id This property is required. string - The account identifier to target for the resource.
- Action
This property is required. string - The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - Description
This property is required. string - The description of the teams rule.
- Name
This property is required. string - The name of the teams rule.
- Precedence
This property is required. int - The evaluation precedence of the teams rule.
- Device
Posture string - The wirefilter expression to be used for device_posture check matching.
- Enabled bool
- Indicator of rule enablement.
- Filters []string
- The protocol or layer to evaluate the traffic and identity expressions.
- Identity string
- The wirefilter expression to be used for identity matching.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings Args - Additional rule settings.
- Traffic string
- The wirefilter expression to be used for traffic matching.
- account
Id This property is required. String - The account identifier to target for the resource.
- action
This property is required. String - The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description
This property is required. String - The description of the teams rule.
- name
This property is required. String - The name of the teams rule.
- precedence
This property is required. Integer - The evaluation precedence of the teams rule.
- device
Posture String - The wirefilter expression to be used for device_posture check matching.
- enabled Boolean
- Indicator of rule enablement.
- filters List<String>
- The protocol or layer to evaluate the traffic and identity expressions.
- identity String
- The wirefilter expression to be used for identity matching.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional rule settings.
- traffic String
- The wirefilter expression to be used for traffic matching.
- account
Id This property is required. string - The account identifier to target for the resource.
- action
This property is required. string - The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description
This property is required. string - The description of the teams rule.
- name
This property is required. string - The name of the teams rule.
- precedence
This property is required. number - The evaluation precedence of the teams rule.
- device
Posture string - The wirefilter expression to be used for device_posture check matching.
- enabled boolean
- Indicator of rule enablement.
- filters string[]
- The protocol or layer to evaluate the traffic and identity expressions.
- identity string
- The wirefilter expression to be used for identity matching.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional rule settings.
- traffic string
- The wirefilter expression to be used for traffic matching.
- account_
id This property is required. str - The account identifier to target for the resource.
- action
This property is required. str - The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description
This property is required. str - The description of the teams rule.
- name
This property is required. str - The name of the teams rule.
- precedence
This property is required. int - The evaluation precedence of the teams rule.
- device_
posture str - The wirefilter expression to be used for device_posture check matching.
- enabled bool
- Indicator of rule enablement.
- filters Sequence[str]
- The protocol or layer to evaluate the traffic and identity expressions.
- identity str
- The wirefilter expression to be used for identity matching.
- rule_
settings ZeroTrust Gateway Policy Rule Settings Args - Additional rule settings.
- traffic str
- The wirefilter expression to be used for traffic matching.
- account
Id This property is required. String - The account identifier to target for the resource.
- action
This property is required. String - The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description
This property is required. String - The description of the teams rule.
- name
This property is required. String - The name of the teams rule.
- precedence
This property is required. Number - The evaluation precedence of the teams rule.
- device
Posture String - The wirefilter expression to be used for device_posture check matching.
- enabled Boolean
- Indicator of rule enablement.
- filters List<String>
- The protocol or layer to evaluate the traffic and identity expressions.
- identity String
- The wirefilter expression to be used for identity matching.
- rule
Settings Property Map - Additional rule settings.
- traffic String
- The wirefilter expression to be used for traffic matching.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZeroTrustGatewayPolicy resource produces the following output properties:
Look up Existing ZeroTrustGatewayPolicy Resource
Get an existing ZeroTrustGatewayPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZeroTrustGatewayPolicyState, opts?: CustomResourceOptions): ZeroTrustGatewayPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
action: Optional[str] = None,
description: Optional[str] = None,
device_posture: Optional[str] = None,
enabled: Optional[bool] = None,
filters: Optional[Sequence[str]] = None,
identity: Optional[str] = None,
name: Optional[str] = None,
precedence: Optional[int] = None,
rule_settings: Optional[ZeroTrustGatewayPolicyRuleSettingsArgs] = None,
traffic: Optional[str] = None,
version: Optional[int] = None) -> ZeroTrustGatewayPolicyfunc GetZeroTrustGatewayPolicy(ctx *Context, name string, id IDInput, state *ZeroTrustGatewayPolicyState, opts ...ResourceOption) (*ZeroTrustGatewayPolicy, error)public static ZeroTrustGatewayPolicy Get(string name, Input<string> id, ZeroTrustGatewayPolicyState? state, CustomResourceOptions? opts = null)public static ZeroTrustGatewayPolicy get(String name, Output<String> id, ZeroTrustGatewayPolicyState state, CustomResourceOptions options)resources: _: type: cloudflare:ZeroTrustGatewayPolicy get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Account
Id string - The account identifier to target for the resource.
- Action string
- The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - Description string
- The description of the teams rule.
- Device
Posture string - The wirefilter expression to be used for device_posture check matching.
- Enabled bool
- Indicator of rule enablement.
- Filters List<string>
- The protocol or layer to evaluate the traffic and identity expressions.
- Identity string
- The wirefilter expression to be used for identity matching.
- Name string
- The name of the teams rule.
- Precedence int
- The evaluation precedence of the teams rule.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional rule settings.
- Traffic string
- The wirefilter expression to be used for traffic matching.
- Version int
- Account
Id string - The account identifier to target for the resource.
- Action string
- The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - Description string
- The description of the teams rule.
- Device
Posture string - The wirefilter expression to be used for device_posture check matching.
- Enabled bool
- Indicator of rule enablement.
- Filters []string
- The protocol or layer to evaluate the traffic and identity expressions.
- Identity string
- The wirefilter expression to be used for identity matching.
- Name string
- The name of the teams rule.
- Precedence int
- The evaluation precedence of the teams rule.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings Args - Additional rule settings.
- Traffic string
- The wirefilter expression to be used for traffic matching.
- Version int
- account
Id String - The account identifier to target for the resource.
- action String
- The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description String
- The description of the teams rule.
- device
Posture String - The wirefilter expression to be used for device_posture check matching.
- enabled Boolean
- Indicator of rule enablement.
- filters List<String>
- The protocol or layer to evaluate the traffic and identity expressions.
- identity String
- The wirefilter expression to be used for identity matching.
- name String
- The name of the teams rule.
- precedence Integer
- The evaluation precedence of the teams rule.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional rule settings.
- traffic String
- The wirefilter expression to be used for traffic matching.
- version Integer
- account
Id string - The account identifier to target for the resource.
- action string
- The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description string
- The description of the teams rule.
- device
Posture string - The wirefilter expression to be used for device_posture check matching.
- enabled boolean
- Indicator of rule enablement.
- filters string[]
- The protocol or layer to evaluate the traffic and identity expressions.
- identity string
- The wirefilter expression to be used for identity matching.
- name string
- The name of the teams rule.
- precedence number
- The evaluation precedence of the teams rule.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional rule settings.
- traffic string
- The wirefilter expression to be used for traffic matching.
- version number
- account_
id str - The account identifier to target for the resource.
- action str
- The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description str
- The description of the teams rule.
- device_
posture str - The wirefilter expression to be used for device_posture check matching.
- enabled bool
- Indicator of rule enablement.
- filters Sequence[str]
- The protocol or layer to evaluate the traffic and identity expressions.
- identity str
- The wirefilter expression to be used for identity matching.
- name str
- The name of the teams rule.
- precedence int
- The evaluation precedence of the teams rule.
- rule_
settings ZeroTrust Gateway Policy Rule Settings Args - Additional rule settings.
- traffic str
- The wirefilter expression to be used for traffic matching.
- version int
- account
Id String - The account identifier to target for the resource.
- action String
- The action executed by matched teams rule. Available values:
allow,block,safesearch,ytrestricted,on,off,scan,noscan,isolate,noisolate,override,l4_override,egress,audit_ssh,resolve. - description String
- The description of the teams rule.
- device
Posture String - The wirefilter expression to be used for device_posture check matching.
- enabled Boolean
- Indicator of rule enablement.
- filters List<String>
- The protocol or layer to evaluate the traffic and identity expressions.
- identity String
- The wirefilter expression to be used for identity matching.
- name String
- The name of the teams rule.
- precedence Number
- The evaluation precedence of the teams rule.
- rule
Settings Property Map - Additional rule settings.
- traffic String
- The wirefilter expression to be used for traffic matching.
- version Number
Supporting Types
ZeroTrustGatewayPolicyRuleSettings, ZeroTrustGatewayPolicyRuleSettingsArgs
, ZeroTrustGatewayPolicyRuleSettingsArgs
- Add
Headers Dictionary<string, string> - Add custom headers to allowed requests in the form of key-value pairs.
- Allow
Child boolBypass - Allow parent MSP accounts to enable bypass their children's rules.
- Audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for auditing SSH usage.
- Biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- Block
Page boolEnabled - Indicator of block page enablement.
- Block
Page stringReason - The displayed reason for a user being blocked.
- Bypass
Parent boolRule - Allow child MSP accounts to bypass their parent's rule.
- Check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- Dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
- Egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
- Ignore
Cname boolCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response.
- Insecure
Disable boolDnssec Validation - Disable DNSSEC validation (must be Allow rule).
- Ip
Categories bool - Turns on IP category based filter on dns if the rule contains dns category checks.
- L4override
Zero
Trust Gateway Policy Rule Settings L4override - Settings to forward layer 4 traffic.
- Notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Notification settings on a block rule.
- Override
Host string - The host to override matching DNS queries with.
- Override
Ips List<string> - The IPs to override matching DNS queries with.
- Payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP Payload Logging settings for this rule.
- Resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- Resolve
Dns boolThrough Cloudflare - Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when
dns_resolversare specified. - Untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure untrusted certificate settings for this rule.
- Add
Headers map[string]string - Add custom headers to allowed requests in the form of key-value pairs.
- Allow
Child boolBypass - Allow parent MSP accounts to enable bypass their children's rules.
- Audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for auditing SSH usage.
- Biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- Block
Page boolEnabled - Indicator of block page enablement.
- Block
Page stringReason - The displayed reason for a user being blocked.
- Bypass
Parent boolRule - Allow child MSP accounts to bypass their parent's rule.
- Check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- Dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
- Egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
- Ignore
Cname boolCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response.
- Insecure
Disable boolDnssec Validation - Disable DNSSEC validation (must be Allow rule).
- Ip
Categories bool - Turns on IP category based filter on dns if the rule contains dns category checks.
- L4override
Zero
Trust Gateway Policy Rule Settings L4override - Settings to forward layer 4 traffic.
- Notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Notification settings on a block rule.
- Override
Host string - The host to override matching DNS queries with.
- Override
Ips []string - The IPs to override matching DNS queries with.
- Payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP Payload Logging settings for this rule.
- Resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- Resolve
Dns boolThrough Cloudflare - Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when
dns_resolversare specified. - Untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure untrusted certificate settings for this rule.
- add
Headers Map<String,String> - Add custom headers to allowed requests in the form of key-value pairs.
- allow
Child BooleanBypass - Allow parent MSP accounts to enable bypass their children's rules.
- audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for auditing SSH usage.
- biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- block
Page BooleanEnabled - Indicator of block page enablement.
- block
Page StringReason - The displayed reason for a user being blocked.
- bypass
Parent BooleanRule - Allow child MSP accounts to bypass their parent's rule.
- check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
- egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
- ignore
Cname BooleanCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response.
- insecure
Disable BooleanDnssec Validation - Disable DNSSEC validation (must be Allow rule).
- ip
Categories Boolean - Turns on IP category based filter on dns if the rule contains dns category checks.
- l4override
Zero
Trust Gateway Policy Rule Settings L4override - Settings to forward layer 4 traffic.
- notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Notification settings on a block rule.
- override
Host String - The host to override matching DNS queries with.
- override
Ips List<String> - The IPs to override matching DNS queries with.
- payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP Payload Logging settings for this rule.
- resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve
Dns BooleanThrough Cloudflare - Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when
dns_resolversare specified. - untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure untrusted certificate settings for this rule.
- add
Headers {[key: string]: string} - Add custom headers to allowed requests in the form of key-value pairs.
- allow
Child booleanBypass - Allow parent MSP accounts to enable bypass their children's rules.
- audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for auditing SSH usage.
- biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- block
Page booleanEnabled - Indicator of block page enablement.
- block
Page stringReason - The displayed reason for a user being blocked.
- bypass
Parent booleanRule - Allow child MSP accounts to bypass their parent's rule.
- check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
- egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
- ignore
Cname booleanCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response.
- insecure
Disable booleanDnssec Validation - Disable DNSSEC validation (must be Allow rule).
- ip
Categories boolean - Turns on IP category based filter on dns if the rule contains dns category checks.
- l4override
Zero
Trust Gateway Policy Rule Settings L4override - Settings to forward layer 4 traffic.
- notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Notification settings on a block rule.
- override
Host string - The host to override matching DNS queries with.
- override
Ips string[] - The IPs to override matching DNS queries with.
- payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP Payload Logging settings for this rule.
- resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve
Dns booleanThrough Cloudflare - Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when
dns_resolversare specified. - untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure untrusted certificate settings for this rule.
- add_
headers Mapping[str, str] - Add custom headers to allowed requests in the form of key-value pairs.
- allow_
child_ boolbypass - Allow parent MSP accounts to enable bypass their children's rules.
- audit_
ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for auditing SSH usage.
- biso_
admin_ Zerocontrols Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- block_
page_ boolenabled - Indicator of block page enablement.
- block_
page_ strreason - The displayed reason for a user being blocked.
- bypass_
parent_ boolrule - Allow child MSP accounts to bypass their parent's rule.
- check_
session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- dns_
resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
- egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
- ignore_
cname_ boolcategory_ matches - Set to true, to ignore the category matches at CNAME domains in a response.
- insecure_
disable_ booldnssec_ validation - Disable DNSSEC validation (must be Allow rule).
- ip_
categories bool - Turns on IP category based filter on dns if the rule contains dns category checks.
- l4override
Zero
Trust Gateway Policy Rule Settings L4override - Settings to forward layer 4 traffic.
- notification_
settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Notification settings on a block rule.
- override_
host str - The host to override matching DNS queries with.
- override_
ips Sequence[str] - The IPs to override matching DNS queries with.
- payload_
log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP Payload Logging settings for this rule.
- resolve_
dns_ Zerointernally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve_
dns_ boolthrough_ cloudflare - Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when
dns_resolversare specified. - untrusted_
cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure untrusted certificate settings for this rule.
- add
Headers Map<String> - Add custom headers to allowed requests in the form of key-value pairs.
- allow
Child BooleanBypass - Allow parent MSP accounts to enable bypass their children's rules.
- audit
Ssh Property Map - Settings for auditing SSH usage.
- biso
Admin Property MapControls - Configure how browser isolation behaves.
- block
Page BooleanEnabled - Indicator of block page enablement.
- block
Page StringReason - The displayed reason for a user being blocked.
- bypass
Parent BooleanRule - Allow child MSP accounts to bypass their parent's rule.
- check
Session Property Map - Configure how session check behaves.
- dns
Resolvers Property Map - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
- egress Property Map
- Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
- ignore
Cname BooleanCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response.
- insecure
Disable BooleanDnssec Validation - Disable DNSSEC validation (must be Allow rule).
- ip
Categories Boolean - Turns on IP category based filter on dns if the rule contains dns category checks.
- l4override Property Map
- Settings to forward layer 4 traffic.
- notification
Settings Property Map - Notification settings on a block rule.
- override
Host String - The host to override matching DNS queries with.
- override
Ips List<String> - The IPs to override matching DNS queries with.
- payload
Log Property Map - Configure DLP Payload Logging settings for this rule.
- resolve
Dns Property MapInternally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve
Dns BooleanThrough Cloudflare - Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when
dns_resolversare specified. - untrusted
Cert Property Map - Configure untrusted certificate settings for this rule.
ZeroTrustGatewayPolicyRuleSettingsAuditSsh, ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs
, ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs
- Command
Logging This property is required. bool - Log all SSH commands.
- Command
Logging This property is required. bool - Log all SSH commands.
- command
Logging This property is required. Boolean - Log all SSH commands.
- command
Logging This property is required. boolean - Log all SSH commands.
- command_
logging This property is required. bool - Log all SSH commands.
- command
Logging This property is required. Boolean - Log all SSH commands.
ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls, ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs
, ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs
- Disable
Clipboard boolRedirection - Disable clipboard redirection.
- Disable
Copy boolPaste - Disable copy-paste.
- Disable
Download bool - Disable download.
- Disable
Keyboard bool - Disable keyboard usage.
- Disable
Printing bool - Disable printing.
- Disable
Upload bool - Disable upload.
- Disable
Clipboard boolRedirection - Disable clipboard redirection.
- Disable
Copy boolPaste - Disable copy-paste.
- Disable
Download bool - Disable download.
- Disable
Keyboard bool - Disable keyboard usage.
- Disable
Printing bool - Disable printing.
- Disable
Upload bool - Disable upload.
- disable
Clipboard BooleanRedirection - Disable clipboard redirection.
- disable
Copy BooleanPaste - Disable copy-paste.
- disable
Download Boolean - Disable download.
- disable
Keyboard Boolean - Disable keyboard usage.
- disable
Printing Boolean - Disable printing.
- disable
Upload Boolean - Disable upload.
- disable
Clipboard booleanRedirection - Disable clipboard redirection.
- disable
Copy booleanPaste - Disable copy-paste.
- disable
Download boolean - Disable download.
- disable
Keyboard boolean - Disable keyboard usage.
- disable
Printing boolean - Disable printing.
- disable
Upload boolean - Disable upload.
- disable_
clipboard_ boolredirection - Disable clipboard redirection.
- disable_
copy_ boolpaste - Disable copy-paste.
- disable_
download bool - Disable download.
- disable_
keyboard bool - Disable keyboard usage.
- disable_
printing bool - Disable printing.
- disable_
upload bool - Disable upload.
- disable
Clipboard BooleanRedirection - Disable clipboard redirection.
- disable
Copy BooleanPaste - Disable copy-paste.
- disable
Download Boolean - Disable download.
- disable
Keyboard Boolean - Disable keyboard usage.
- disable
Printing Boolean - Disable printing.
- disable
Upload Boolean - Disable upload.
ZeroTrustGatewayPolicyRuleSettingsCheckSession, ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs
, ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs
ZeroTrustGatewayPolicyRuleSettingsDnsResolvers, ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs
, ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs
- Ipv4s
List<Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv4> - IPv4 resolvers.
- Ipv6s
List<Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv6> - IPv6 resolvers.
- Ipv4s
[]Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv4 - IPv4 resolvers.
- Ipv6s
[]Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv6 - IPv6 resolvers.
- ipv4s
List<Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv4> - IPv4 resolvers.
- ipv6s
List<Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv6> - IPv6 resolvers.
- ipv4s
Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv4[] - IPv4 resolvers.
- ipv6s
Zero
Trust Gateway Policy Rule Settings Dns Resolvers Ipv6[] - IPv6 resolvers.
- ipv4s List<Property Map>
- IPv4 resolvers.
- ipv6s List<Property Map>
- IPv6 resolvers.
ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args
, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args
- Ip
This property is required. string - The IPv4 or IPv6 address of the upstream resolver.
- Port int
- A port number to use for the upstream resolver. Defaults to
53. - Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - Vnet
Id string - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- Ip
This property is required. string - The IPv4 or IPv6 address of the upstream resolver.
- Port int
- A port number to use for the upstream resolver. Defaults to
53. - Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - Vnet
Id string - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. String - The IPv4 or IPv6 address of the upstream resolver.
- port Integer
- A port number to use for the upstream resolver. Defaults to
53. - route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet
Id String - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. string - The IPv4 or IPv6 address of the upstream resolver.
- port number
- A port number to use for the upstream resolver. Defaults to
53. - route
Through booleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet
Id string - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. str - The IPv4 or IPv6 address of the upstream resolver.
- port int
- A port number to use for the upstream resolver. Defaults to
53. - route_
through_ boolprivate_ network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet_
id str - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. String - The IPv4 or IPv6 address of the upstream resolver.
- port Number
- A port number to use for the upstream resolver. Defaults to
53. - route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet
Id String - specify a virtual network for this resolver. Uses default virtual network id if omitted.
ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args
, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args
- Ip
This property is required. string - The IPv4 or IPv6 address of the upstream resolver.
- Port int
- A port number to use for the upstream resolver. Defaults to
53. - Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - Vnet
Id string - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- Ip
This property is required. string - The IPv4 or IPv6 address of the upstream resolver.
- Port int
- A port number to use for the upstream resolver. Defaults to
53. - Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - Vnet
Id string - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. String - The IPv4 or IPv6 address of the upstream resolver.
- port Integer
- A port number to use for the upstream resolver. Defaults to
53. - route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet
Id String - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. string - The IPv4 or IPv6 address of the upstream resolver.
- port number
- A port number to use for the upstream resolver. Defaults to
53. - route
Through booleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet
Id string - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. str - The IPv4 or IPv6 address of the upstream resolver.
- port int
- A port number to use for the upstream resolver. Defaults to
53. - route_
through_ boolprivate_ network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet_
id str - specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip
This property is required. String - The IPv4 or IPv6 address of the upstream resolver.
- port Number
- A port number to use for the upstream resolver. Defaults to
53. - route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when
vnet_idis set. - vnet
Id String - specify a virtual network for this resolver. Uses default virtual network id if omitted.
ZeroTrustGatewayPolicyRuleSettingsEgress, ZeroTrustGatewayPolicyRuleSettingsEgressArgs
, ZeroTrustGatewayPolicyRuleSettingsEgressArgs
- Ipv4
This property is required. string - The IPv4 address to be used for egress.
- Ipv6
This property is required. string - The IPv6 range to be used for egress.
- Ipv4Fallback string
- The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
- Ipv4
This property is required. string - The IPv4 address to be used for egress.
- Ipv6
This property is required. string - The IPv6 range to be used for egress.
- Ipv4Fallback string
- The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
- ipv4
This property is required. String - The IPv4 address to be used for egress.
- ipv6
This property is required. String - The IPv6 range to be used for egress.
- ipv4Fallback String
- The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
- ipv4
This property is required. string - The IPv4 address to be used for egress.
- ipv6
This property is required. string - The IPv6 range to be used for egress.
- ipv4Fallback string
- The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
- ipv4
This property is required. str - The IPv4 address to be used for egress.
- ipv6
This property is required. str - The IPv6 range to be used for egress.
- ipv4_
fallback str - The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
- ipv4
This property is required. String - The IPv4 address to be used for egress.
- ipv6
This property is required. String - The IPv6 range to be used for egress.
- ipv4Fallback String
- The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
ZeroTrustGatewayPolicyRuleSettingsL4override, ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs
, ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs
ZeroTrustGatewayPolicyRuleSettingsNotificationSettings, ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs
, ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs
- Enabled bool
- Enable notification settings.
- Message string
- Notification content.
- Support
Url string - Support URL to show in the notification.
- Enabled bool
- Enable notification settings.
- Message string
- Notification content.
- Support
Url string - Support URL to show in the notification.
- enabled Boolean
- Enable notification settings.
- message String
- Notification content.
- support
Url String - Support URL to show in the notification.
- enabled boolean
- Enable notification settings.
- message string
- Notification content.
- support
Url string - Support URL to show in the notification.
- enabled bool
- Enable notification settings.
- message str
- Notification content.
- support_
url str - Support URL to show in the notification.
- enabled Boolean
- Enable notification settings.
- message String
- Notification content.
- support
Url String - Support URL to show in the notification.
ZeroTrustGatewayPolicyRuleSettingsPayloadLog, ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs
, ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs
- Enabled
This property is required. bool - Enable or disable DLP Payload Logging for this rule.
- Enabled
This property is required. bool - Enable or disable DLP Payload Logging for this rule.
- enabled
This property is required. Boolean - Enable or disable DLP Payload Logging for this rule.
- enabled
This property is required. boolean - Enable or disable DLP Payload Logging for this rule.
- enabled
This property is required. bool - Enable or disable DLP Payload Logging for this rule.
- enabled
This property is required. Boolean - Enable or disable DLP Payload Logging for this rule.
ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally, ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs
, ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs
ZeroTrustGatewayPolicyRuleSettingsUntrustedCert, ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs
, ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs
- Action string
- Action to be taken when the SSL certificate of upstream is invalid. Available values:
pass_through,block,error.
- Action string
- Action to be taken when the SSL certificate of upstream is invalid. Available values:
pass_through,block,error.
- action String
- Action to be taken when the SSL certificate of upstream is invalid. Available values:
pass_through,block,error.
- action string
- Action to be taken when the SSL certificate of upstream is invalid. Available values:
pass_through,block,error.
- action str
- Action to be taken when the SSL certificate of upstream is invalid. Available values:
pass_through,block,error.
- action String
- Action to be taken when the SSL certificate of upstream is invalid. Available values:
pass_through,block,error.
Import
$ pulumi import cloudflare:index/zeroTrustGatewayPolicy:ZeroTrustGatewayPolicy example <account_id>/<teams_rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.