This page describes how to create an access policy for your organization.
Before you begin
- Ensure you have the correct permissions to use Access Context Manager.
Create an access policy
Console
When you create an access level or VPC Service Controls service perimeter, a default access policy is created automatically. No additional manual steps are required.
gcloud
To create an access policy, use the create
command.
gcloud access-context-manager policies create \ --organization ORGANIZATION_ID --title POLICY_TITLE
Where:
ORGANIZATION_ID is the numeric ID of your organization.
POLICY_TITLE is a human-readable title for your policy.
You should see output similar to:
Create request issued Waiting for operation [accessPolicies/POLICY_NAME/create/1521580097614100] to complete...done. Created.
Next, set your default policy.
API
To create an access policy:
Craft a request body.
{ "parent": "ORGANIZATION_ID", "title": "POLICY_TITLE" }
Where:
ORGANIZATION_ID is the numeric ID of your organization.
POLICY_TITLE is a human-readable title for your policy.
Create the access policy by calling
accessPolicies.create
.POST https://accesscontextmanager.googleapis.com/v1/accessPolicies
Response body
If successful, the response body for the call contains an
Operation
resource that provides details about the
POST
operation.