NAME
    gcloud alpha network-security firewall-endpoint-associations create -
        create a Firewall Plus endpoint association

SYNOPSIS
    gcloud alpha network-security firewall-endpoint-associations create
        [ASSOCIATION_ID] --network=NETWORK --zone=ZONE
        (--endpoint=ENDPOINT
          : --endpoint-zone=ENDPOINT_ZONE --organization=ORGANIZATION)
        [--async] [--labels=[KEY=VALUE,...]]
        [--max-wait=MAX_WAIT; default="60m"]
        [--tls-inspection-policy=TLS_INSPECTION_POLICY
          : --tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT
          --tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (ALPHA) Associate the specified network with the firewall endpoint.
    Successful creation of a firewall endpoint association results in an
    association in READY state. Check the progress of association creation by
    using gcloud network-security firewall-endpoint-associations list.

    For more examples, refer to the EXAMPLES section below.

EXAMPLES
    To associate a network with a firewall endpoint, run:

        $ gcloud alpha network-security firewall-endpoint-associations \
          create --network=projects/my-project/networks/global/myNetwork \
          --endpoint=organizations/1234/locations/us-central1-a/\
        firewallEndpoints/my-endpoint --zone=us-central1-a \
            --project=my-project

POSITIONAL ARGUMENTS
     [ASSOCIATION_ID]
        Name to give the association. If not specified, an auto-generated UUID
        will be used.

REQUIRED FLAGS
     Network resource - Firewall Plus. This represents a Cloud resource. (NOTE)
     Some attributes are not given arguments in this group but can be set in
     other ways.

     To set the project attribute:
      ◆ provide the argument --network on the command line with a fully
        specified name;
      ◆ provide the argument --project on the command line;
      ◆ set the property core/project.

     This must be specified.

       --network=NETWORK
          ID of the network or fully qualified identifier for the network.

          To set the network-name attribute:
          ▸ provide the argument --network on the command line.

     --zone=ZONE
        Zone of a firewall endpoint association

     Firewall endpoint resource - Firewall Plus. The arguments in this group
     can be used to specify the attributes of this resource.

     This must be specified.

       --endpoint=ENDPOINT
          ID of the firewall endpoint or fully qualified identifier for the
          firewall endpoint.

          To set the endpoint-name attribute:
          ▸ provide the argument --endpoint on the command line.

          This flag argument must be specified if any of the other arguments in
          this group are specified.

       --endpoint-zone=ENDPOINT_ZONE
          Zone of the firewall endpoint.

          To set the endpoint-zone attribute:
          ▸ provide the argument --endpoint on the command line with a fully
            specified name;
          ▸ provide the argument --endpoint-zone on the command line;
          ▸ provide the argument --zone on the command line;
          ▸ provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command
            line with a fully specified name.

       --organization=ORGANIZATION
          Organization ID to which the changes should apply.

          To set the organization attribute:
          ▸ provide the argument --endpoint on the command line with a fully
            specified name;
          ▸ provide the argument --organization on the command line.

OPTIONAL FLAGS
     --async
        Return immediately, without waiting for the operation in progress to
        complete. The default is True. Enabled by default, use --no-async to
        disable.

     --labels=[KEY=VALUE,...]
        List of label KEY=VALUE pairs to add.

        Keys must start with a lowercase character and contain only hyphens
        (-), underscores (_), lowercase characters, and numbers. Values must
        contain only hyphens (-), underscores (_), lowercase characters, and
        numbers.

     --max-wait=MAX_WAIT; default="60m"
        Time to synchronously wait for the operation to complete, after which
        the operation continues asynchronously. Ignored if --no-async isn't
        specified. See $ gcloud topic datetimes for information on time
        formats.

     TLS Inspection Policy resource - Path to TLS Inspection Policy
     configuration to use for intercepting TLS-encrypted traffic in this
     network. The arguments in this group can be used to specify the attributes
     of this resource.

       --tls-inspection-policy=TLS_INSPECTION_POLICY
          ID of the TLS Inspection Policy or fully qualified identifier for the
          TLS Inspection Policy.

          To set the tls_inspection_policy attribute:
          ▸ provide the argument --tls-inspection-policy on the command line.

          This flag argument must be specified if any of the other arguments in
          this group are specified.

       --tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT
          Project of the TLS Inspection Policy.

          To set the tls-inspection-policy-project attribute:
          ▸ provide the argument --tls-inspection-policy on the command line
            with a fully specified name;
          ▸ provide the argument --tls-inspection-policy-project on the
            command line;
          ▸ provide the argument --project on the command line;
          ▸ provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command
            line with a fully specified name.

       --tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION
          Region of the TLS Inspection Policy. NOTE: TLS Inspection Policy
          needs to be in the same region as Firewall Plus endpoint resource.

          To set the tls-inspection-policy-region attribute:
          ▸ provide the argument --tls-inspection-policy on the command line
            with a fully specified name;
          ▸ provide the argument --tls-inspection-policy-region on the
            command line.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in alpha and might change without notice. If this
    command fails with API permission errors despite specifying the correct
    project, you might be trying to access an API with an invitation-only early
    access allowlist. These variants are also available:

        $ gcloud network-security firewall-endpoint-associations create

        $ gcloud beta network-security firewall-endpoint-associations create

