gcloud assured workloads create

NAME
gcloud assured workloads create - create a new Assured Workloads environment
SYNOPSIS
gcloud assured workloads create--billing-account=BILLING_ACCOUNT--compliance-regime=COMPLIANCE_REGIME--display-name=DISPLAY_NAME--location=LOCATION--organization=ORGANIZATION[--enable-sovereign-controls=ENABLE_SOVEREIGN_CONTROLS][--external-identifier=EXTERNAL_IDENTIFIER][--labels=[KEY=VALUE,…]][--next-rotation-time=NEXT_ROTATION_TIME][--partner=PARTNER][--partner-permissions=[KEY=VALUE,…]][--partner-services-billing-account=PARTNER_SERVICES_BILLING_ACCOUNT][--provisioned-resources-parent=PROVISIONED_RESOURCES_PARENT][--resource-settings=[KEY=VALUE,…]][--rotation-period=ROTATION_PERIOD][GCLOUD_WIDE_FLAG]
DESCRIPTION
Create a new Assured Workloads environment
EXAMPLES
The following example command creates a new Assured Workloads environment withthese properties:
  • belonging to an organization with ID 123
  • located in theus-central1 region
  • display nameTest-Workload
  • compliance regimeFEDRAMP_MODERATE
  • billing accountbillingAccounts/456
  • first key rotation set for 10:15am on the December 30, 2020
  • key rotation interval set for every 48 hours
  • with the label: key = 'LabelKey1', value = 'LabelValue1'
  • with the label: key = 'LabelKey2', value = 'LabelValue2'
  • provisioned resources parent 'folders/789'
  • with custom project id 'my-custom-id' for consumer project
  • with external identifier for the workload of 'external-id'
gcloudassuredworkloadscreate--organization=123--location=us-central1--display-name=Test-Workload--compliance-regime=FEDRAMP_MODERATE--billing-account=billingAccounts/456--next-rotation-time=2020-12-30T10:15:00.00Z--rotation-period=172800s--labels=LabelKey1=LabelValue1,LabelKey2=LabelValue2--provisioned-resources-parent=folders/789--resource-settings=consumer-project-id=my-custom-id--external-identifier=external-id
The following example command creates a new Partner Assured Workloads, with thefollowing properties:
  • belonging to an organization with ID 123
  • located in theme-central2 region
  • display nameTest-Workload
  • partnerCNTXT
  • partner services billing accountbillingAccounts/789
  • billing accountbillingAccounts/456
  • data logs viewer partner permission enabled
  • first key rotation set for 10:15am on the December 30, 2020
  • key rotation interval set for every 48 hours
  • with the label: key = 'LabelKey1', value = 'LabelValue1'
  • with the label: key = 'LabelKey2', value = 'LabelValue2'
  • provisioned resources parent 'folders/789'
  • with custom project id 'my-custom-id' for consumer project
  • with external identifier for the workload of 'external-id'
gcloudassuredworkloadscreate--organization=123--location=me-central2--display-name=Test-Workload--compliance-regime=ASSURED_WORKLOADS_FOR_PARTNERS--partner=SOVEREIGN_CONTROLS_BY_CNTXT--partner-services-billing-account=billingAccounts/01BF3F-2C6DE5-30C607--partner-permissions=data-logs-viewer=true--billing-account=billingAccounts/456--next-rotation-time=2020-12-30T10:15:00.00Z--rotation-period=172800s--labels=LabelKey1=LabelValue1,LabelKey2=LabelValue2--provisioned-resources-parent=folders/789--resource-settings=consumer-project-id=my-custom-id--external-identifier=external-id
REQUIRED FLAGS
--billing-account=BILLING_ACCOUNT
The billing account of the new Assured Workloads environment, for example,billingAccounts/0000AA-AAA00A-A0A0A0
--compliance-regime=COMPLIANCE_REGIME
The compliance regime of the new Assured Workloads environment.COMPLIANCE_REGIME must be one of:assured-workloads-for-partners,au-regions-and-us-support,australia-data-boundary-and-support,ca-protected-b,ca-regions-and-support,canada-controlled-goods,canada-data-boundary-and-support,cjis,data-boundary-for-canada-controlled-goods,data-boundary-for-canada-protected-b,data-boundary-for-cjis,data-boundary-for-fedramp-high,data-boundary-for-fedramp-moderate,data-boundary-for-il2,data-boundary-for-il4,data-boundary-for-il5,data-boundary-for-irs-publication-1075,data-boundary-for-itar,eu-data-boundary-and-support,eu-regions-and-support,fedramp-high,fedramp-moderate,healthcare-and-life-sciences-controls,healthcare-and-life-sciences-controls-us-support,hipaa,hitrust,il2,il4,il5,irs-1075,isr-regions,isr-regions-and-support,israel-data-boundary-and-support,itar,japan-data-boundary,jp-regions-and-support,ksa-data-boundary-with-access-justifications,ksa-regions-and-support-with-sovereignty-controls,regional-controls,regional-data-boundary,us-data-boundary-and-support,us-data-boundary-for-healthcare-and-life-sciences,us-data-boundary-for-healthcare-and-life-sciences-with-support,us-regional-access.
--display-name=DISPLAY_NAME
The display name of the new Assured Workloads environment
--location=LOCATION
The location of the new Assured Workloads environment. For a current list ofsupported LOCATION values, seeAssuredWorkloads locations.
--organization=ORGANIZATION
The parent organization of the new Assured Workloads environment, provided as anorganization ID
OPTIONAL FLAGS
--enable-sovereign-controls=ENABLE_SOVEREIGN_CONTROLS
If true, enable sovereign controls for the new Assured Workloads environment,currently only supported by EU_REGIONS_AND_SUPPORT
--external-identifier=EXTERNAL_IDENTIFIER
The external identifier of the new Assured Workloads environment
--labels=[KEY=VALUE,…]
The labels of the new Assured Workloads environment, for example,LabelKey1=LabelValue1,LabelKey2=LabelValue2
--next-rotation-time=NEXT_ROTATION_TIME
The next rotation time of the KMS settings of new Assured Workloads environment,for example, 2020-12-30T10:15:30.00Z
--partner=PARTNER
The partner choice when creating a workload managed by local trusted partners.PARTNER must be one of:local-controls-by-s3ns,sovereign-controls-by-cntxt,sovereign-controls-by-cntxt-no-ekm,sovereign-controls-by-psn,sovereign-controls-by-sia-minsait,sovereign-controls-by-t-systems.
--partner-permissions=[KEY=VALUE,…]
The partner permissions for the partner regime, for example,data-logs-viewer=true/false
--partner-services-billing-account=PARTNER_SERVICES_BILLING_ACCOUNT
Billing account necessary for purchasing services from Sovereign Partners. Thisfield is required for creating SIA/PSN/CNTXT partner workloads. The callershould have 'billing.resourceAssociations.create' IAM permission on thisbilling-account. The format of this string isbillingAccounts/AAAAAA-BBBBBB-CCCCCC
--provisioned-resources-parent=PROVISIONED_RESOURCES_PARENT
The parent of the provisioned projects, for example, folders/{FOLDER_ID}
--resource-settings=[KEY=VALUE,…]
A comma-separated, key=value map of custom resource settings such as customproject ids, for example: consumer-project-id={CONSUMER_PROJECT_ID} Note:Currently only consumer-project-id, consumer-project-name,encryption-keys-project-id, encryption-keys-project-name and keyring-id aresupported. The encryption-keys-project-id, encryption-keys-project-name andkeyring-id settings can be specified only if KMS settings are provided
--rotation-period=ROTATION_PERIOD
The rotation period of the KMS settings of the new Assured Workloadsenvironment, for example, 172800s
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
These variants are also available:
gcloudalphaassuredworkloadscreate
gcloudbetaassuredworkloadscreate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-07-15 UTC.