turbot/cloudflare
steampipe plugin install cloudflare

Table: cloudflare_access_application - Query Cloudflare Access Applications using SQL

Cloudflare Access is a cloud-based security service that protects your internal applications without a VPN. It operates on a per-user basis, giving you control over who can access your internal applications, and from where. It also offers features like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for added security.

Table Usage Guide

The cloudflare_access_application table provides insights into Access Applications within Cloudflare Access. As a security engineer, explore application-specific details through this table, including the application's domain, session duration, and access policies. Utilize it to uncover information about applications, such as their configuration, settings, and the security measures in place.

Examples

Basic info

Explore which Cloudflare access applications have been created, along with their respective names, IDs and domains. This can be beneficial in managing access control and understanding the distribution of applications across different domains.

select
name,
id,
domain,
created_at
from
cloudflare_access_application;
select
name,
id,
domain,
created_at
from
cloudflare_access_application;

Get application count by account

Gain insights into the distribution of applications across different accounts. This query is useful for understanding the usage patterns and managing resources efficiently.

select
count(*),
type
from
cloudflare_access_application
group by
account_id;
select
count(*),
type
from
cloudflare_access_application
group by
account_id;

Analyze the settings to understand which applications have the binding cookie enabled for increased security. This is useful for identifying potential vulnerabilities and ensuring optimal security configurations.

select
name,
id,
domain
from
cloudflare_access_application
where
enable_binding_cookie;
select
name,
id,
domain
from
cloudflare_access_application
where
enable_binding_cookie = 1;

Schema for cloudflare_access_application

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=ID of the account, access application belongs.
account_nametext=Name of the account, access application belongs.
allowed_idpsjsonbThe identity providers selected for the application.
audtextAudience tag.
auto_redirect_to_identitybooleanOption to skip identity provider selection if only one is configured in allowed_idps. Defaults to false (disabled).
cors_headersjsonbCORS configuration for the access application. See below for reference structure.
created_attimestamp with time zoneTimestamp when the application was created.
custom_deny_messagetextOption that returns a custom error message when a user is denied access to the application.
custom_deny_urltextOption that redirects to a custom URL when a user is denied access to the application.
domaintextThe domain and path that access will block.
enable_binding_cookiebooleanOption to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
idtextApplication API uuid.
nametextFriendly name of the access application.
session_durationtextHow often a user will be forced to re-authorise. Must be in the format "48h" or "2h45m". Valid time units are ns, us (or µs), ms, s, m, h. Defaults to 24h.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
updated_attimestamp with time zoneTimestamp when the application was last modified.
user_idtext=, !=, ~~, ~~*, !~~, !~~*ID of the current user.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- cloudflare

You can pass the configuration to the command with the --config argument:

steampipe_export_cloudflare --config '<your_config>' cloudflare_access_application