File: //snap/google-cloud-cli/394/help/man/man1/gcloud_beta_assured_workloads_create.1
.TH "GCLOUD_BETA_ASSURED_WORKLOADS_CREATE" 1
.SH "NAME"
.HP
gcloud beta assured workloads create \- create a new Assured Workloads environment
.SH "SYNOPSIS"
.HP
\f5gcloud beta assured workloads create\fR \fB\-\-billing\-account\fR=\fIBILLING_ACCOUNT\fR \fB\-\-compliance\-regime\fR=\fICOMPLIANCE_REGIME\fR \fB\-\-display\-name\fR=\fIDISPLAY_NAME\fR \fB\-\-location\fR=\fILOCATION\fR \fB\-\-organization\fR=\fIORGANIZATION\fR [\fB\-\-enable\-sovereign\-controls\fR=\fIENABLE_SOVEREIGN_CONTROLS\fR] [\fB\-\-external\-identifier\fR=\fIEXTERNAL_IDENTIFIER\fR] [\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-next\-rotation\-time\fR=\fINEXT_ROTATION_TIME\fR] [\fB\-\-partner\fR=\fIPARTNER\fR] [\fB\-\-partner\-permissions\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-partner\-services\-billing\-account\fR=\fIPARTNER_SERVICES_BILLING_ACCOUNT\fR] [\fB\-\-provisioned\-resources\-parent\fR=\fIPROVISIONED_RESOURCES_PARENT\fR] [\fB\-\-resource\-settings\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-rotation\-period\fR=\fIROTATION_PERIOD\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(BETA)\fR Create a new Assured Workloads environment
.SH "EXAMPLES"
The following example command creates a new Assured Workloads environment with
these properties:
.RS 2m
.IP "\(bu" 2m
belonging to an organization with ID 123
.IP "\(bu" 2m
located in the \f5us\-central1\fR region
.IP "\(bu" 2m
display name \f5Test\-Workload\fR
.IP "\(bu" 2m
compliance regime \f5FEDRAMP_MODERATE\fR
.IP "\(bu" 2m
billing account \f5billingAccounts/456\fR
.IP "\(bu" 2m
first key rotation set for 10:15am on the December 30, 2020
.IP "\(bu" 2m
key rotation interval set for every 48 hours
.IP "\(bu" 2m
with the label: key = 'LabelKey1', value = 'LabelValue1'
.IP "\(bu" 2m
with the label: key = 'LabelKey2', value = 'LabelValue2'
.IP "\(bu" 2m
provisioned resources parent 'folders/789'
.IP "\(bu" 2m
with custom project id 'my\-custom\-id' for consumer project
.IP "\(bu" 2m
with external identifier for the workload of 'external\-id'
.RE
.sp
.RS 2m
$ gcloud beta assured workloads create \-\-organization=123 \e
\-\-location=us\-central1 \-\-display\-name=Test\-Workload \e
\-\-compliance\-regime=FEDRAMP_MODERATE \e
\-\-billing\-account=billingAccounts/456 \e
\-\-next\-rotation\-time=2020\-12\-30T10:15:00.00Z \e
\-\-rotation\-period=172800s \e
\-\-labels=LabelKey1=LabelValue1,LabelKey2=LabelValue2 \e
\-\-provisioned\-resources\-parent=folders/789 \e
\-\-resource\-settings=consumer\-project\-id=my\-custom\-id \e
\-\-external\-identifier=external\-id
.RE
The following example command creates a new Partner Assured Workloads, with the
following properties:
.RS 2m
.IP "\(bu" 2m
belonging to an organization with ID 123
.IP "\(bu" 2m
located in the \f5me\-central2\fR region
.IP "\(bu" 2m
display name \f5Test\-Workload\fR
.IP "\(bu" 2m
partner \f5CNTXT\fR
.IP "\(bu" 2m
partner services billing account \f5billingAccounts/789\fR
.IP "\(bu" 2m
billing account \f5billingAccounts/456\fR
.IP "\(bu" 2m
data logs viewer partner permission enabled
.IP "\(bu" 2m
first key rotation set for 10:15am on the December 30, 2020
.IP "\(bu" 2m
key rotation interval set for every 48 hours
.IP "\(bu" 2m
with the label: key = 'LabelKey1', value = 'LabelValue1'
.IP "\(bu" 2m
with the label: key = 'LabelKey2', value = 'LabelValue2'
.IP "\(bu" 2m
provisioned resources parent 'folders/789'
.IP "\(bu" 2m
with custom project id 'my\-custom\-id' for consumer project
.IP "\(bu" 2m
with external identifier for the workload of 'external\-id'
.RE
.sp
.RS 2m
$ gcloud beta assured workloads create \-\-organization=123 \e
\-\-location=me\-central2 \-\-display\-name=Test\-Workload \e
\-\-compliance\-regime=ASSURED_WORKLOADS_FOR_PARTNERS \e
\-\-partner=SOVEREIGN_CONTROLS_BY_CNTXT \e
\-\-partner\-services\-billing\-account=billingAccounts/\e
01BF3F\-2C6DE5\-30C607 \-\-partner\-permissions=data\-logs\-viewer=true \e
\-\-billing\-account=billingAccounts/456 \e
\-\-next\-rotation\-time=2020\-12\-30T10:15:00.00Z \e
\-\-rotation\-period=172800s \e
\-\-labels=LabelKey1=LabelValue1,LabelKey2=LabelValue2 \e
\-\-provisioned\-resources\-parent=folders/789 \e
\-\-resource\-settings=consumer\-project\-id=my\-custom\-id \e
\-\-external\-identifier=external\-id
.RE
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-billing\-account\fR=\fIBILLING_ACCOUNT\fR
The billing account of the new Assured Workloads environment, for example,
billingAccounts/0000AA\-AAA00A\-A0A0A0
.TP 2m
\fB\-\-compliance\-regime\fR=\fICOMPLIANCE_REGIME\fR
The compliance regime of the new Assured Workloads environment.
\fICOMPLIANCE_REGIME\fR must be one of: \fBassured\-workloads\-for\-partners\fR,
\fBau\-regions\-and\-us\-support\fR,
\fBaustralia\-data\-boundary\-and\-support\fR, \fBca\-protected\-b\fR,
\fBca\-regions\-and\-support\fR, \fBcanada\-controlled\-goods\fR,
\fBcanada\-data\-boundary\-and\-support\fR, \fBcjis\fR,
\fBdata\-boundary\-for\-canada\-controlled\-goods\fR,
\fBdata\-boundary\-for\-canada\-protected\-b\fR,
\fBdata\-boundary\-for\-cjis\fR, \fBdata\-boundary\-for\-fedramp\-high\fR,
\fBdata\-boundary\-for\-fedramp\-moderate\fR, \fBdata\-boundary\-for\-il2\fR,
\fBdata\-boundary\-for\-il4\fR, \fBdata\-boundary\-for\-il5\fR,
\fBdata\-boundary\-for\-irs\-publication\-1075\fR,
\fBdata\-boundary\-for\-itar\fR, \fBeu\-data\-boundary\-and\-support\fR,
\fBeu\-regions\-and\-support\fR, \fBfedramp\-high\fR, \fBfedramp\-moderate\fR,
\fBhealthcare\-and\-life\-sciences\-controls\fR,
\fBhealthcare\-and\-life\-sciences\-controls\-us\-support\fR, \fBhipaa\fR,
\fBhitrust\fR, \fBil2\fR, \fBil4\fR, \fBil5\fR, \fBirs\-1075\fR,
\fBisr\-regions\fR, \fBisr\-regions\-and\-support\fR,
\fBisrael\-data\-boundary\-and\-support\fR, \fBitar\fR,
\fBjapan\-data\-boundary\fR, \fBjp\-regions\-and\-support\fR,
\fBksa\-data\-boundary\-with\-access\-justifications\fR,
\fBksa\-regions\-and\-support\-with\-sovereignty\-controls\fR,
\fBregional\-controls\fR, \fBregional\-data\-boundary\fR,
\fBus\-data\-boundary\-and\-support\fR,
\fBus\-data\-boundary\-for\-healthcare\-and\-life\-sciences\fR,
\fBus\-data\-boundary\-for\-healthcare\-and\-life\-sciences\-with\-support\fR,
\fBus\-regional\-access\fR.
.TP 2m
\fB\-\-display\-name\fR=\fIDISPLAY_NAME\fR
The display name of the new Assured Workloads environment
.TP 2m
\fB\-\-location\fR=\fILOCATION\fR
The location of the new Assured Workloads environment. For a current list of
supported LOCATION values, see Assured Workloads locations
(https://cloud.google.com/assured\-workloads/docs/locations).
.TP 2m
\fB\-\-organization\fR=\fIORGANIZATION\fR
The parent organization of the new Assured Workloads environment, provided as an
organization ID
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-enable\-sovereign\-controls\fR=\fIENABLE_SOVEREIGN_CONTROLS\fR
If true, enable sovereign controls for the new Assured Workloads environment,
currently only supported by EU_REGIONS_AND_SUPPORT
.TP 2m
\fB\-\-external\-identifier\fR=\fIEXTERNAL_IDENTIFIER\fR
The external identifier of the new Assured Workloads environment
.TP 2m
\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]
The labels of the new Assured Workloads environment, for example,
LabelKey1=LabelValue1,LabelKey2=LabelValue2
.TP 2m
\fB\-\-next\-rotation\-time\fR=\fINEXT_ROTATION_TIME\fR
The next rotation time of the KMS settings of new Assured Workloads environment,
for example, 2020\-12\-30T10:15:30.00Z
.TP 2m
\fB\-\-partner\fR=\fIPARTNER\fR
The partner choice when creating a workload managed by local trusted partners.
\fIPARTNER\fR must be one of: \fBlocal\-controls\-by\-s3ns\fR,
\fBsovereign\-controls\-by\-cntxt\fR,
\fBsovereign\-controls\-by\-cntxt\-no\-ekm\fR,
\fBsovereign\-controls\-by\-psn\fR, \fBsovereign\-controls\-by\-sia\-minsait\fR,
\fBsovereign\-controls\-by\-t\-systems\fR.
.TP 2m
\fB\-\-partner\-permissions\fR=[\fIKEY\fR=\fIVALUE\fR,...]
The partner permissions for the partner regime, for example,
data\-logs\-viewer=true/false
.TP 2m
\fB\-\-partner\-services\-billing\-account\fR=\fIPARTNER_SERVICES_BILLING_ACCOUNT\fR
Billing account necessary for purchasing services from Sovereign Partners. This
field is required for creating SIA/PSN/CNTXT partner workloads. The caller
should have 'billing.resourceAssociations.create' IAM permission on this
billing\-account. The format of this string is
billingAccounts/AAAAAA\-BBBBBB\-CCCCCC
.TP 2m
\fB\-\-provisioned\-resources\-parent\fR=\fIPROVISIONED_RESOURCES_PARENT\fR
The parent of the provisioned projects, for example, folders/{FOLDER_ID}
.TP 2m
\fB\-\-resource\-settings\fR=[\fIKEY\fR=\fIVALUE\fR,...]
A comma\-separated, key=value map of custom resource settings such as custom
project ids, for example: consumer\-project\-id={CONSUMER_PROJECT_ID} Note:
Currently only encryption\-keys\-project\-id, encryption\-keys\-project\-name
and keyring\-id are supported. The encryption\-keys\-project\-id,
encryption\-keys\-project\-name and keyring\-id settings can be specified only
if KMS settings are provided
.TP 2m
\fB\-\-rotation\-period\fR=\fIROTATION_PERIOD\fR
The rotation period of the KMS settings of the new Assured Workloads
environment, for example, 172800s
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in beta and might change without notice. These
variants are also available:
.RS 2m
$ gcloud assured workloads create
.RE
.RS 2m
$ gcloud alpha assured workloads create
.RE