gcloud iam principal-access-boundary-policies create

NAME
gcloud iam principal-access-boundary-policies create - create PrincipalAccessBoundaryPolicy instance
SYNOPSIS
gcloud iam principal-access-boundary-policies create (PRINCIPAL_ACCESS_BOUNDARY_POLICY : --location=LOCATION --organization=ORGANIZATION) [--annotations=[ANNOTATIONS,…]] [--async] [--display-name=DISPLAY_NAME] [--etag=ETAG] [[--details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES] : --details-enforcement-version=DETAILS_ENFORCEMENT_VERSION]] [GCLOUD_WIDE_FLAG]
DESCRIPTION
Create PrincipalAccessBoundaryPolicy instance.
EXAMPLES
To create a policy instance called my-policy, run:
gcloud iam principal-access-boundary-policies create my-policy --organization=123 --location=global
POSITIONAL ARGUMENTS
PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of the principal access boundary policy.

The following format is supported: organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id} The arguments in this group can be used to specify the attributes of this resource.

This must be specified.

PRINCIPAL_ACCESS_BOUNDARY_POLICY
ID of the principalAccessBoundaryPolicy or fully qualified identifier for the principalAccessBoundaryPolicy.

To set the principal_access_boundary_policy attribute:

  • provide the argument principal_access_boundary_policy on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--location=LOCATION
The location id of the principalAccessBoundaryPolicy resource.

To set the location attribute:

  • provide the argument principal_access_boundary_policy on the command line with a fully specified name;
  • provide the argument --location on the command line.
--organization=ORGANIZATION
The organization id of the principalAccessBoundaryPolicy resource.

To set the organization attribute:

  • provide the argument principal_access_boundary_policy on the command line with a fully specified name;
  • provide the argument --organization on the command line.
FLAGS
--annotations=[ANNOTATIONS,…]
User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations.
KEY
Sets KEY value.
VALUE
Sets VALUE value.
Shorthand Example:
--annotations=string=string

JSON Example:

--annotations='{"string": "string"}'

File Example:

--annotations=path_to_file.(yaml|json)
--async
Return immediately, without waiting for the operation in progress to complete.
--display-name=DISPLAY_NAME
The description of the principal access boundary policy. Must be less than or equal to 63 characters.
--etag=ETAG
The etag for the principal access boundary. If this is provided on update, it must match the server's etag.
Principal access boundary policy details
--details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
Required, A list of principal access boundary policy rules. The number of rules in a policy is limited to 500.
description
The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
The access relationship of principals to the resources in this rule.
resources
A list of Cloud Resource Manager resources. The resource and all the descendants are included. The number of resources in a policy is limited to 500 across all rules.

The following resource types are supported:

  • Organizations, such as //cloudresourcemanager.googleapis.com/organizations/123.
  • Folders, such as //cloudresourcemanager.googleapis.com/folders/123.
  • Projects, such as //cloudresourcemanager.googleapis.com/projects/123 or //cloudresourcemanager.googleapis.com/projects/my-project-id.
Shorthand Example:
--details-rules=description=string,effect=string,resources=["string"] --details-rules=description=string,effect=string,resources=["string"]

JSON Example:

--details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

File Example:

--details-rules=path_to_file.(yaml|json)

This flag argument must be specified if any of the other arguments in this group are specified.

--details-enforcement-version=DETAILS_ENFORCEMENT_VERSION
The version number that indicates which Google Cloud services are included in the enforcement (e.g. "latest", "1", …). If empty, the PAB policy version will be set to the current latest version, and this version won't get updated when new versions are released.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE
This command uses the iam/v3 API. The full documentation for this API can be found at: https://cloud.google.com/iam/
NOTES
This variant is also available:
gcloud beta iam principal-access-boundary-policies create