- NAME
-
- gcloud alpha services vpc-peerings get-vpc-service-controls - get VPC state of Service Controls for the peering connection
- SYNOPSIS
-
-
gcloud alpha services vpc-peerings get-vpc-service-controls
--network
=NETWORK
[--service
=SERVICE
; default="servicenetworking.googleapis.com"] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
This command provides the state of the VPC Service Controls for a connection. The state can be enabled or disabled.When enabled, Google Cloud makes the following route configuration changes in the service producer VPC network: Google Cloud removes the IPv4 default route (destination 0.0.0.0/0, next hop default internet gateway), Google Cloud then creates an IPv4 route for destination 199.36.153.4/30 using the default internet gateway next hop.
When enabled, Google Cloud also creates Cloud DNS managed private zones and authorizes those zones for the service producer VPC network. The zones include googleapis.com, gcr.io, pkg.dev, notebooks.cloud.google.com, kernels.googleusercontent.com, backupdr.cloud.google.com, and backupdr.googleusercontent.com as necessary domains or host names for Google APIs and services that are compatible with VPC Service Controls. Record data in the zones resolves all host names to 199.36.153.4, 199.36.153.5, 199.36.153.6, and 199.36.153.7.
When disabled, Google Cloud makes the following route configuration changes in the service producer VPC network: Google Cloud restores a default route (destination 0.0.0.0/0, next hop default internet gateway), Google Cloud also deletes the Cloud DNS managed private zones that provided the host name overrides.
While enabled, the service producer VPC network can still import static and dynamic routes from the peered customer network if you enable custom route export. These custom routes can include a default route. For this reason, this command is not to be used solely as a means for preventing access to the internet.
- EXAMPLES
-
To get the status of the VPC Service Controls for a connection peering a network
called
my-network
on the current project to a service calledyour-service
, run:gcloud alpha services vpc-peerings get-vpc-service-controls --network=my-network --service=your-service
- REQUIRED FLAGS
-
--network
=NETWORK
- The network in the current project that is peered with the service.
- OPTIONAL FLAGS
-
--service
=SERVICE
; default="servicenetworking.googleapis.com"- The service to get VPC service controls for.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud services vpc-peerings get-vpc-service-controls
gcloud beta services vpc-peerings get-vpc-service-controls
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-05-29 UTC.