gcloud alpha compute org-security-policies rules update

NAME
gcloud alpha compute org-security-policies rules update - update a Compute Engine security policy rule
SYNOPSIS
gcloud alpha compute org-security-policies rules updatePRIORITY--security-policy=SECURITY_POLICY[--action=ACTION][--cloud-armor][--description=DESCRIPTION][--dest-ip-ranges=[DEST_IP_RANGE,…]][--dest-ports=[DEST_PORTS,…]][--direction=DIRECTION][--[no-]enable-logging][--layer4-configs=[LAYER4_CONFIG,…]][--new-priority=NEW_PRIORITY][--organization=ORGANIZATION][--[no-]preview][--target-resources=[TARGET_RESOURCES,…]][--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]][--expression=EXPRESSION    |--src-ip-ranges=[SRC_IP_RANGE,…]][GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA)gcloud alpha compute org-security-policies rulesupdate is used to update organization security policy rules.
EXAMPLES
To update a rule with priority10 in anorganization security policy with ID123456789 to change the action toallow and description tonew-example-rule, run:
gcloudalphacomputeorg-security-policiesrulesupdate10--security-policy=123456789--action=allow--description=new-example-rule
POSITIONAL ARGUMENTS
PRIORITY
Priority of the security policy rule to update.
REQUIRED FLAGS
--security-policy=SECURITY_POLICY
short name of the security policy into which the rule should be updated.
OPTIONAL FLAGS
--action=ACTION
Action to take if the request matches the match condition.ACTION must be one of:
allow
Allows the request from HTTP(S) Load Balancing.
deny
(DEPRECATED) Only used for Hierarchical Firewalls.
deny-403
Denies the request from HTTP(S) Load Balancing, with an HTTP response statuscode of 403.
deny-404
Denies the request from HTTP(S) Load Balancing, with an HTTP response statuscode of 404.
deny-502
Denies the request from HTTP(S) Load Balancing, with an HTTP response statuscode of 502.
goto-next
Defers enforcement to the next policy in the hierarchy.
redirect
Redirects the request from HTTP(S) Load Balancing, based on redirect options.
--cloud-armor
Specified for Hierarchical Cloud Armor rules.
--description=DESCRIPTION
An optional, textual description for the rule.
--dest-ip-ranges=[DEST_IP_RANGE,…]
Destination IP ranges to match for this rule. Can only be specified if DIRECTIONis egress.
--dest-ports=[DEST_PORTS,…]
A list of destination protocols and ports to which the firewall rule will apply.
--direction=DIRECTION
Direction of the traffic the rule is applied. The default is to apply onincoming traffic.DIRECTION must be one of:INGRESS,EGRESS.
--[no-]enable-logging
Use this flag to enable logging of connections that allowed or denied by thisrule. Use--enable-logging to enable and--no-enable-logging to disable.
--layer4-configs=[LAYER4_CONFIG,…]
A list of destination protocols and ports to which the firewall rule will apply.
--new-priority=NEW_PRIORITY
New priority for the rule to update. Valid in [0, 65535].
--organization=ORGANIZATION
Organization which the organization security policy belongs to. Must be set ifSECURITY_POLICY is short name.
--[no-]preview
If specified, the action will not be enforced. Use--preview toenable and--no-preview to disable.
--target-resources=[TARGET_RESOURCES,…]
List of URLs of target resources to which the rule is applied.
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]
List of target service accounts for the rule.
Security policy rule matcher.

At most one of these can be specified:

--expression=EXPRESSION
The Cloud Armor rules language expression to match for this rule.
--src-ip-ranges=[SRC_IP_RANGE,…]
The source IPs/IP ranges to match for this rule. To match all IPs specify *.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist. These variants are also available:
gcloudcomputeorg-security-policiesrulesupdate
gcloudbetacomputeorg-security-policiesrulesupdate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-14 UTC.