NAME gcloud beta network-security firewall-endpoint-associations create - create a Firewall Plus endpoint association SYNOPSIS gcloud beta network-security firewall-endpoint-associations create [ASSOCIATION_ID] --network=NETWORK --zone=ZONE (--endpoint=ENDPOINT : --endpoint-zone=ENDPOINT_ZONE --organization=ORGANIZATION) [--async] [--labels=[KEY=VALUE,...]] [--max-wait=MAX_WAIT; default="60m"] [--tls-inspection-policy=TLS_INSPECTION_POLICY : --tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT --tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Associate the specified network with the firewall endpoint. Successful creation of a firewall endpoint association results in an association in READY state. Check the progress of association creation by using gcloud network-security firewall-endpoint-associations list. For more examples, refer to the EXAMPLES section below. EXAMPLES To associate a network with a firewall endpoint, run: $ gcloud beta network-security firewall-endpoint-associations \ create --network=projects/my-project/networks/global/myNetwork \ --endpoint=organizations/1234/locations/us-central1-a/\ firewallEndpoints/my-endpoint --zone=us-central1-a \ --project=my-project POSITIONAL ARGUMENTS [ASSOCIATION_ID] Name to give the association. If not specified, an auto-generated UUID will be used. REQUIRED FLAGS Network resource - Firewall Plus. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute: ◆ provide the argument --network on the command line with a fully specified name; ◆ provide the argument --project on the command line; ◆ set the property core/project. This must be specified. --network=NETWORK ID of the network or fully qualified identifier for the network. To set the network-name attribute: ▸ provide the argument --network on the command line. --zone=ZONE Zone of a firewall endpoint association Firewall endpoint resource - Firewall Plus. The arguments in this group can be used to specify the attributes of this resource. This must be specified. --endpoint=ENDPOINT ID of the firewall endpoint or fully qualified identifier for the firewall endpoint. To set the endpoint-name attribute: ▸ provide the argument --endpoint on the command line. This flag argument must be specified if any of the other arguments in this group are specified. --endpoint-zone=ENDPOINT_ZONE Zone of the firewall endpoint. To set the endpoint-zone attribute: ▸ provide the argument --endpoint on the command line with a fully specified name; ▸ provide the argument --endpoint-zone on the command line; ▸ provide the argument --zone on the command line; ▸ provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command line with a fully specified name. --organization=ORGANIZATION Organization ID to which the changes should apply. To set the organization attribute: ▸ provide the argument --endpoint on the command line with a fully specified name; ▸ provide the argument --organization on the command line. OPTIONAL FLAGS --async Return immediately, without waiting for the operation in progress to complete. The default is True. Enabled by default, use --no-async to disable. --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers. --max-wait=MAX_WAIT; default="60m" Time to synchronously wait for the operation to complete, after which the operation continues asynchronously. Ignored if --no-async isn't specified. See $ gcloud topic datetimes for information on time formats. TLS Inspection Policy resource - Path to TLS Inspection Policy configuration to use for intercepting TLS-encrypted traffic in this network. The arguments in this group can be used to specify the attributes of this resource. --tls-inspection-policy=TLS_INSPECTION_POLICY ID of the TLS Inspection Policy or fully qualified identifier for the TLS Inspection Policy. To set the tls_inspection_policy attribute: ▸ provide the argument --tls-inspection-policy on the command line. This flag argument must be specified if any of the other arguments in this group are specified. --tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT Project of the TLS Inspection Policy. To set the tls-inspection-policy-project attribute: ▸ provide the argument --tls-inspection-policy on the command line with a fully specified name; ▸ provide the argument --tls-inspection-policy-project on the command line; ▸ provide the argument --project on the command line; ▸ provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command line with a fully specified name. --tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION Region of the TLS Inspection Policy. NOTE: TLS Inspection Policy needs to be in the same region as Firewall Plus endpoint resource. To set the tls-inspection-policy-region attribute: ▸ provide the argument --tls-inspection-policy on the command line with a fully specified name; ▸ provide the argument --tls-inspection-policy-region on the command line. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details. NOTES This command is currently in beta and might change without notice. These variants are also available: $ gcloud network-security firewall-endpoint-associations create $ gcloud alpha network-security firewall-endpoint-associations create