gcloud alpha network-security firewall-endpoint-associations create

NAME
gcloud alpha network-security firewall-endpoint-associations create - create a Firewall Plus endpoint association
SYNOPSIS
gcloud alpha network-security firewall-endpoint-associations create [ASSOCIATION_ID] --network=NETWORK --zone=ZONE (--endpoint=ENDPOINT : --endpoint-zone=ENDPOINT_ZONE --organization=ORGANIZATION) [--async] [--labels=[KEY=VALUE,…]] [--max-wait=MAX_WAIT; default="60m"] [--tls-inspection-policy=TLS_INSPECTION_POLICY : --tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT --tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Associate the specified network with the firewall endpoint. Successful creation of a firewall endpoint association results in an association in READY state. Check the progress of association creation by using gcloud network-security firewall-endpoint-associations list.

For more examples, refer to the EXAMPLES section below.

EXAMPLES
To associate a network with a firewall endpoint, run:
gcloud alpha network-security firewall-endpoint-associations create --network=projects/my-project/networks/global/myNetwork --endpoint=organizations/1234/locations/us-central1-a/firewallEndpoints/my-endpoint --zone=us-central1-a --project=my-project
POSITIONAL ARGUMENTS
[ASSOCIATION_ID]
Name to give the association. If not specified, an auto-generated UUID will be used.
REQUIRED FLAGS
Network resource - Firewall Plus. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument --network on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.

This must be specified.

--network=NETWORK
ID of the network or fully qualified identifier for the network.

To set the network-name attribute:

  • provide the argument --network on the command line.
--zone=ZONE
Zone of a firewall endpoint association
Firewall endpoint resource - Firewall Plus. The arguments in this group can be used to specify the attributes of this resource.

This must be specified.

--endpoint=ENDPOINT
ID of the firewall endpoint or fully qualified identifier for the firewall endpoint.

To set the endpoint-name attribute:

  • provide the argument --endpoint on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--endpoint-zone=ENDPOINT_ZONE
Zone of the firewall endpoint.

To set the endpoint-zone attribute:

  • provide the argument --endpoint on the command line with a fully specified name;
  • provide the argument --endpoint-zone on the command line;
  • provide the argument --zone on the command line;
  • provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command line with a fully specified name.
--organization=ORGANIZATION
Organization ID to which the changes should apply.

To set the organization attribute:

  • provide the argument --endpoint on the command line with a fully specified name;
  • provide the argument --organization on the command line.
OPTIONAL FLAGS
--async
Return immediately, without waiting for the operation in progress to complete. The default is True. Enabled by default, use --no-async to disable.
--labels=[KEY=VALUE,…]
List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--max-wait=MAX_WAIT; default="60m"
Time to synchronously wait for the operation to complete, after which the operation continues asynchronously. Ignored if --no-async isn't specified. See $ gcloud topic datetimes for information on time formats.
TLS Inspection Policy resource - Path to TLS Inspection Policy configuration to use for intercepting TLS-encrypted traffic in this network. The arguments in this group can be used to specify the attributes of this resource.
--tls-inspection-policy=TLS_INSPECTION_POLICY
ID of the TLS Inspection Policy or fully qualified identifier for the TLS Inspection Policy.

To set the tls_inspection_policy attribute:

  • provide the argument --tls-inspection-policy on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT
Project of the TLS Inspection Policy.

To set the tls-inspection-policy-project attribute:

  • provide the argument --tls-inspection-policy on the command line with a fully specified name;
  • provide the argument --tls-inspection-policy-project on the command line;
  • provide the argument --project on the command line;
  • provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command line with a fully specified name.
--tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION
Region of the TLS Inspection Policy. NOTE: TLS Inspection Policy needs to be in the same region as Firewall Plus endpoint resource. To set the tls-inspection-policy-region attribute:
  • provide the argument --tls-inspection-policy on the command line with a fully specified name;
  • provide the argument --tls-inspection-policy-region on the command line.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
gcloud network-security firewall-endpoint-associations create
gcloud beta network-security firewall-endpoint-associations create