# =============================================================================
# CLOUDFLARE : Access : policies
# =============================================================================

#
resource "cloudflare_zero_trust_access_policy" "allow_policie" {
  account_id       = local.cloudflare_account_id
  name             = "Default"
  decision         = "allow"
  session_duration = "24h"

  include = [{
    group = {
        id = cloudflare_zero_trust_access_group.default_groups.id
    }
  }]
}

#
resource "cloudflare_zero_trust_access_policy" "intranet_web_app" {
  account_id       = local.cloudflare_account_id
  name             = "Intranet App Policy"
  decision         = "allow"
  session_duration = "0s"
}

#
resource "cloudflare_zero_trust_access_policy" "competition_web_app" {
  account_id       = local.cloudflare_account_id
  name             = "Competition App Policy"
  decision         = "allow"
  session_duration = "0s"
}

#
resource "cloudflare_zero_trust_access_policy" "employees_browser_rendering" {
  account_id       = local.cloudflare_account_id
  name             = "Employees AWS Database Policy"
  decision         = "allow"
  session_duration = "0s"
}