Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # cloudflare_zero_trust_access_application.ssh_app will be created + resource "cloudflare_zero_trust_access_application" "ssh_app" { + account_id = "" + app_launcher_visible = true + aud = (known after apply) + auto_redirect_to_identity = false + cors_headers = (known after apply) + created_at = (known after apply) + destinations = (known after apply) + enable_binding_cookie = false + footer_links = (known after apply) + http_only_cookie_attribute = true + id = (known after apply) + landing_page_design = (known after apply) + name = "SSH Access Test" + path_cookie_attribute = false + policies = [ + { + connection_rules = { + ssh = { + usernames = [ + "root", ] } } + decision = "allow" + exclude = (known after apply) + id = (known after apply) + include = (known after apply) + precedence = 1 + require = (known after apply) }, ] + saas_app = (known after apply) + scim_config = (known after apply) + session_duration = "24h" + skip_app_launcher_login_page = false + target_criteria = [ + { + port = 22 + protocol = "SSH" + target_attributes = { + "hostname" = [ + "test-server", ] } }, ] + type = "infrastructure" + updated_at = (known after apply) } # cloudflare_zero_trust_access_infrastructure_target.test_server will be created + resource "cloudflare_zero_trust_access_infrastructure_target" "test_server" { + account_id = "" + created_at = (known after apply) + hostname = "test-server" + id = (known after apply) + ip = { + ipv4 = { + ip_addr = "10.0.0.1" } } + modified_at = (known after apply) } # cloudflare_zero_trust_access_policy.test_policy will be created + resource "cloudflare_zero_trust_access_policy" "test_policy" { + account_id = "" + app_count = (known after apply) + approval_groups = (known after apply) + created_at = (known after apply) + decision = "allow" + exclude = (known after apply) + id = (known after apply) + include = [ + { + email = { + email = "test@test.com" } }, ] + name = "Allow engineers" + require = (known after apply) + reusable = (known after apply) + session_duration = "24h" + updated_at = (known after apply) } Plan: 3 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes cloudflare_zero_trust_access_infrastructure_target.test_server: Creating... cloudflare_zero_trust_access_policy.test_policy: Creating... cloudflare_zero_trust_access_infrastructure_target.test_server: Creation complete after 0s [id=01961d70-e485-73ea-8f52-855d7e708e35] cloudflare_zero_trust_access_policy.test_policy: Creation complete after 0s [id=e3f46e7f-9fca-43ea-bd58-fc8043dc3fa4] cloudflare_zero_trust_access_application.ssh_app: Creating... ╷ │ Error: failed to make http request │ │ with cloudflare_zero_trust_access_application.ssh_app, │ on main.tf line 29, in resource "cloudflare_zero_trust_access_application" "ssh_app": │ 29: resource "cloudflare_zero_trust_access_application" "ssh_app" { │ │ POST "https://api.cloudflare.com/client/v4/accounts//access/apps": 400 Bad Request { │ "result": null, │ "success": false, │ "errors": [ │ { │ "code": 12130, │ "message": "access.api.error.invalid_request: invalid policy at index 0", │ "error_chain": [ │ { │ "message": "infrastructure apps do not support session duration" │ } │ ] │ } │ ], │ "messages": [] │ }