Update access_groups.tf

access_groups.tf

@@ -59,3 +59,75 @@ resource "cloudflare_zero_trust_access_group" "country_requirements_rule_group"
     }
   ]
 }
+
+# Device Posture Rule Groups
+resource "cloudflare_zero_trust_access_group" "latest_os_version_requirements_rule_group" {
+  account_id = local.cloudflare_account_id
+  name       = "Latest OS Version Requirements"
+
+  include = [
+    for posture_id in local.os_posture_checks : {
+      device_posture = {
+        integration_uid = posture_id
+      }
+    }
+  ]
+}
+
+# Composite Rule Groups
+resource "cloudflare_zero_trust_access_group" "employees_rule_group" {
+  account_id = local.cloudflare_account_id
+  name       = "Employees"
+
+  include = [
+    for group_key in ["it_admin", "sales", "sales_engineering", "infrastructure_admin"] : {
+      group = {
+        id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
+      }
+    }
+  ]
+}
+
+resource "cloudflare_zero_trust_access_group" "sales_team_rule_group" {
+  account_id = local.cloudflare_account_id
+  name       = "Sales Team"
+
+  include = [
+    for group_key in ["sales", "sales_engineering"] : {
+      group = {
+        id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
+      }
+    }
+  ]
+}
+
+resource "cloudflare_zero_trust_access_group" "admins_rule_group" {
+  account_id = var.cloudflare_account_id
+  name       = "Administrators"
+
+  include = [
+    for group_key in ["it_admin", "infrastructure_admin"] : {
+      group = {
+        id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
+      }
+    }
+  ]
+}
+
+resource "cloudflare_zero_trust_access_group" "contractors_rule_group" {
+  account_id = local.cloudflare_account_id
+  name       = "Contractors Extended"
+
+  include = [
+    {
+      group = {
+        id = cloudflare_zero_trust_access_group.saml_groups["contractors"].id
+      }
+    },
+    {
+      email_domain = {
+        domain = var.cloudflare_email_domain
+      }
+    }
+  ]
+}