- NAME
-
- gcloud alpha compute start-iap-tunnel - starts an IAP TCP forwarding tunnel
- SYNOPSIS
-
-
gcloud alpha compute start-iap-tunnel
INSTANCE_NAME
INSTANCE_PORT
[--iap-tunnel-disable-connection-check
] [--local-host-port
=LOCAL_HOST_PORT
; default="localhost:0"] [--zone
=ZONE
] [--region
=REGION
: [--network
=NETWORK
:--dest-group
=DEST_GROUP
]] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
Starts a tunnel to Cloud Identity-Aware Proxy for TCP forwarding through which another process can create a connection (eg. SSH, RDP) to a Google Compute Engine instance.To learn more, see the IAP for TCP forwarding documentation.
If the
--region
and--network
flags are provided, then an IP address or FQDN must be supplied instead of an instance name. This is most useful for connecting to on-prem resources. - EXAMPLES
-
To open a tunnel to the instances's RDP port on an arbitrary local port, run:
gcloud alpha compute start-iap-tunnel my-instance 3389
To open a tunnel to the instance's RDP port on a specific local port, run:
gcloud alpha compute start-iap-tunnel my-instance 3389 --local-host-port=localhost:3333
To use the IP address or FQDN of your remote VM (eg, for on-prem), you must also specify the
--region
and--network
flags:gcloud alpha compute start-iap-tunnel 10.1.2.3 3389 --region=us-central1 --network=default
- POSITIONAL ARGUMENTS
-
INSTANCE_NAME
- Name of the instance to operate on. For details on valid instance names, refer to the criteria documented under the field 'name' at: https://cloud.google.com/compute/docs/reference/rest/v1/instances
INSTANCE_PORT
- The name or number of the instance's port to connect to.
- FLAGS
-
--iap-tunnel-disable-connection-check
- Disables the immediate check of the connection.
--local-host-port
=LOCAL_HOST_PORT
; default="localhost:0"-
LOCAL_HOST:LOCAL_PORT
on which gcloud should bind and listen for connections that should be tunneled.LOCAL_PORT
may be omitted, in which case it is treated as 0 and an arbitrary unused local port is chosen. The colon also may be omitted in that case.If
LOCAL_PORT
is 0, an arbitrary unused local port is chosen. --zone
=ZONE
-
Zone of the instance to operate on. If not specified, you might be prompted to
select a zone (interactive mode only).
gcloud
attempts to identify the appropriate zone by searching for resources in your currently active project. If the zone cannot be determined,gcloud
prompts you for a selection with all available Google Cloud Platform zones.To avoid prompting when this flag is omitted, the user can set the
property:compute/zone
gcloud config set compute/zone ZONE
A list of zones can be fetched by running:
gcloud compute zones list
To unset the property, run:
gcloud config unset compute/zone
Alternatively, the zone can be stored in the environment variable
.CLOUDSDK_COMPUTE_ZONE
--region
=REGION
- Configures the region to use when connecting via IP address or FQDN.
-
At most one of these can be specified:
--network
=NETWORK
-
Configures the VPC network to use when connecting via IP address or FQDN.
This flag argument must be specified if any of the other arguments in this group are specified.
--dest-group
=DEST_GROUP
- Configures the destination group to use when connecting via IP address or FQDN.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud compute start-iap-tunnel
gcloud beta compute start-iap-tunnel
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.