1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 18:45:13 +00:00
gcloud-help/gcloud/access-context-manager/policies/create
2022-03-01 21:43:54 +00:00

84 lines
3.2 KiB
Text

NAME
gcloud access-context-manager policies create - create a new access policy
SYNOPSIS
gcloud access-context-manager policies create --organization=ORGANIZATION
--title=TITLE [--async] [--scopes=[SCOPES,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Create a new Access Context Manager policy. An Access Context Manager
policy, also known as an access policy, is a container for access levels
and VPC Service Controls service perimeters.
You can optionally specify either a folder or a project as a scope of an
access policy. A scoped policy only allows projects under that scope to be
restricted by any service perimeters defined with that policy. The scope
must be within the organization that this policy is associated with. You
can specify only one folder or project as the scope for an access policy.
If you don't specify a scope, then the scope extends to the entire
organization and any projects within the organization can be added to
service perimeters in this policy.
This command only creates an access policy. Access levels and service
perimeters need to be created explicitly.
EXAMPLES
To create an access policy that applies to the entire organization, run:
$ gcloud access-context-manager policies create \
--organization=organizations/123 --title="My Policy"
To create an access policy that applies to the folder with the ID 345, run:
$ gcloud access-context-manager policies create \
--organization=organizations/123 --scopes=folders/345 \
--title="My Folder Policy"
Only projects within this folder can be added to service perimeters within
this policy.
To create an access policy that applies only to the project with the
project number 567, run:
$ gcloud access-context-manager policies create \
--organization=organizations/123 --scopes=projects/567 \
--title="My Project Policy"
REQUIRED FLAGS
--organization=ORGANIZATION
Parent organization for the access policies.
--title=TITLE
Short human-readable title of the access policy.
OPTIONAL FLAGS
--async
Return immediately, without waiting for the operation in progress to
complete.
--scopes=[SCOPES,...]
Folder or project on which this policy is applicable. You can specify
only one folder or project as the scope and the scope must exist within
the specified organization. If you don't specify a scope, the policy
applies to the entire organization.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
API REFERENCE
This command uses the accesscontextmanager/v1 API. The full documentation
for this API can be found at:
https://cloud.google.com/access-context-manager/docs/reference/rest/
NOTES
These variants are also available:
$ gcloud alpha access-context-manager policies create
$ gcloud beta access-context-manager policies create