gcloud alpha access-context-manager perimeters create - create a new service perimeter

gcloud alpha access-context-manager perimeters create(PERIMETER :--policy=POLICY)--title=TITLE[--access-levels=[LEVEL,…]][--async][--description=DESCRIPTION][--egress-policies=YAML_FILE][--ingress-policies=YAML_FILE][--perimeter-type=PERIMETER_TYPE; default="regular"][--resources=[RESOURCES,…]][--restricted-services=[SERVICE,…]][--vpc-accessible-services=VPC_ACCESSIBLE_SERVICES_YAML_FILE    |--enable-vpc-accessible-services--vpc-allowed-services=[VPC_SERVICE,…]][GCLOUD_WIDE_FLAG …]

Perimeter resource - The service perimeter to create. The arguments in thisgroup can be used to specify the attributes of this resource.

This must be specified.

PERIMETER

ID of the perimeter or fully qualified identifier for the perimeter.

To set theperimeter attribute:

• provide the argumentperimeter on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--policy=POLICY

The ID of the access policy.To set thepolicy attribute:

• provide the argumentperimeter on the command line with a fullyspecified name;
• provide the argument--policy on the command line;
• set the propertyaccess_context_manager/policy;
• automatically, if the current account belongs to an organization with exactlyone access policy..

--title=TITLE

Short human-readable title for the service perimeter.

--access-levels=[LEVEL,…]

Comma-separated list of IDs for access levels (in the same policy) that anintra-perimeter request must satisfy to be allowed.

--async

Return immediately, without waiting for the operation in progress to complete.

--description=DESCRIPTION

Long-form description of service perimeter.

--egress-policies=YAML_FILE

Path to a file containing a list of Engress Policies.

This file contains a list of YAML-compliant objects representing EngressPolicies described in the API reference.

For more information about the alpha version, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimetersFor more information about non-alpha versions, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters

--ingress-policies=YAML_FILE

Path to a file containing a list of Ingress Policies.

This file contains a list of YAML-compliant objects representing IngressPolicies described in the API reference.

For more information about the alpha version, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimetersFor more information about non-alpha versions, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters

--perimeter-type=PERIMETER_TYPE; default="regular"

Type of the perimeter.PERIMETER_TYPE must be one of:

bridge

Allows resources in different regular service perimeters to import and exportdata between each other.

A project may belong to multiple bridge service perimeters (only if it alsobelongs to a regular service perimeter). Both restricted and unrestrictedservice lists, as well as access level lists, must be empty.

regular

Allows resources within this service perimeter to import and export data amongstthemselves.

A project may belong to at most one regular service perimeter.

--resources=[RESOURCES,…]

Comma-separated list of resources (currently only projects, in the formprojects/<projectnumber>) in this perimeter.

--restricted-services=[SERVICE,…]

Comma-separated list of services to which the perimeter boundarydoes apply (for example,storage.googleapis.com).

At most one of these can be specified:

--vpc-accessible-services=VPC_ACCESSIBLE_SERVICES_YAML_FILE

Path to a YAML file containing the full VPC Accessible Services configuration.This file should contain a single YAML object representing aVpcAccessibleServices message as described in the API reference. This cannot beused with--vpc-allowed-services or--enable-vpc-accessible-services.

For more information about the alpha version, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimetersFor more information about non-alpha versions, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters

--enable-vpc-accessible-services

Whether to restrict API calls within the perimeter to those in thevpc-allowed-services list.

--vpc-allowed-services=[VPC_SERVICE,…]

Comma-separated list of APIs accessible from within the Service Perimeter. Inorder to include all restricted services, use reference "RESTRICTED-SERVICES".Requires vpc-accessible-services be enabled.

Run$gcloud help for details.