Create and manage mirroring deployment groups

Create a mirroring deployment group to represent the producer services across different zones within a project.

This page explains how to configure the mirroring deployment groups by using the Google Cloud CLI.

Before you begin

• You must enable the Network Security API in your project.
• Install the gcloud CLI if you want to run the gcloud command-line examples in this guide.

Roles

To get the permissions that you need to create, view, or delete mirroring deployment groups, ask your administrator to grant you the necessary Identity and Access Management (IAM) roles on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

To check the progress of the operations listed on this page, make sure that your user role has the following Mirroring Deployment Admin role (roles/networksecurity.mirroringDeploymentAdmin) permissions:

• networksecurity.mirroringDeployments.create
• networksecurity.mirroringDeployments.delete
• networksecurity.mirroringDeployments.get
• networksecurity.mirroringDeployments.list

Create a mirroring deployment group

The mirroring deployment group is a collection of mirroring deployments. You create a mirroring deployment group across different locations within a project. The deployment group references the network in which all deployments are created.

When you create a mirroring deployment group, you can specify the name of the mirroring deployment group as a string or as a unique URL identifier. The unique URL for a project-scoped mirroring deployment group can be constructed in the following format:

    projects/PROJECT_ID/locations/global/mirroringDeploymentGroups/DEPLOYMENT_GROUP_ID

Replace the following:

• PROJECT_ID: ID of the project.

• DEPLOYMENT_GROUP_ID: ID of the mirroring deployment group.

If you use a unique URL identifier for the mirroring deployment group name, the project and location of the mirroring deployment group is already included in the URL identifier. However, if you use only the mirroring deployment group name, you must specify the project and location separately. For more information about unique URL identifiers, see mirroring deployment group specifications.

 gcloud beta network-security mirroring-deployment-groups \
     create DEPLOYMENT_GROUP \
     --location global \
     --project PROJECT \
     --network NETWORK \
     --no-async

View a mirroring deployment group

You can view the details of a specific mirroring deployment group in a project.

gcloud beta network-security mirroring-deployment-groups \
    describe DEPLOYMENT_GROUP \
    --project PROJECT \
    --location global

List mirroring deployments

You can list all the mirroring deployment groups in your project.

 gcloud beta network-security mirroring-deployment-groups list \
     --project PROJECT

Delete a mirroring deployment group

You can delete a mirroring deployment by specifying its name, location, and project. However, if a mirroring deployment group is referenced by a mirroring deployment then it cannot be deleted.

 gcloud beta network-security mirroring-deployment-groups \
     delete DEPLOYMENT_GROUP \
     --location global \
     --projects PROJECT \
     --no-async

What's next

• Create and manage mirroring deployments
• Mirroring deployment groups overview