turbot/cloudflare
steampipe plugin install cloudflare

Table: cloudflare_access_group - Query Cloudflare Access Groups using SQL

Cloudflare Access Groups is a feature within Cloudflare that allows you to manage and control access to your applications and services. It provides a way to set up and manage groups of users who have access to specific resources, based on predefined conditions. Cloudflare Access Groups help you maintain the security and integrity of your resources by ensuring only authorized users can access them.

Table Usage Guide

The cloudflare_access_group table provides insights into Access Groups within Cloudflare. As a security analyst, explore group-specific details through this table, including group names, user emails, and associated metadata. Utilize it to uncover information about groups, such as those with specific access permissions, the users associated with each group, and the verification of access controls.

Examples

Basic info

Determine the areas in which Cloudflare access groups were established by examining their creation dates. This can help in understanding the timeline of security group deployment and aid in managing access control.

select
name,
id,
created_at
from
cloudflare_access_group;
select
name,
id,
created_at
from
cloudflare_access_group;

List access group rules

Analyze the settings to understand the rules of your access groups. This can help you pinpoint specific locations where access is granted or denied, providing a comprehensive view of your security configurations.

select
name,
id,
jsonb_pretty(include) as include,
jsonb_pretty(exclude) as exclude,
jsonb_pretty(require) as require
from
cloudflare_access_group;
select
name,
id,
include,
exclude,
require
from
cloudflare_access_group;

Schema for cloudflare_access_group

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=ID of the account, access group belongs.
account_nametext=Name of the account, access group belongs.
created_attimestamp with time zoneTimestamp when access group was created.
excludejsonbThe exclude policy works like a NOT logical operator. The user must not satisfy all of the rules in exclude.
idtextIdentifier of the access group.
includejsonbThe include policy works like an OR logical operator. The user must satisfy one of the rules in includes.
nametextFriendly name of the access group.
requirejsonbThe require policy works like a AND logical operator. The user must satisfy all of the rules in require.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
updated_attimestamp with time zoneTImestamp when access group was last modified.
user_idtext=, !=, ~~, ~~*, !~~, !~~*ID of the current user.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- cloudflare

You can pass the configuration to the command with the --config argument:

steampipe_export_cloudflare --config '<your_config>' cloudflare_access_group