File: //snap/google-cloud-cli/396/help/man/man1/gcloud_access-context-manager_perimeters_create.1
.TH "GCLOUD_ACCESS\-CONTEXT\-MANAGER_PERIMETERS_CREATE" 1
.SH "NAME"
.HP
gcloud access\-context\-manager perimeters create \- create a new service perimeter
.SH "SYNOPSIS"
.HP
\f5gcloud access\-context\-manager perimeters create\fR (\fIPERIMETER\fR\ :\ \fB\-\-policy\fR=\fIPOLICY\fR) \fB\-\-title\fR=\fITITLE\fR [\fB\-\-access\-levels\fR=[\fILEVEL\fR,...]] [\fB\-\-async\fR] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-egress\-policies\fR=\fIYAML_FILE\fR] [\fB\-\-ingress\-policies\fR=\fIYAML_FILE\fR] [\fB\-\-perimeter\-type\fR=\fIPERIMETER_TYPE\fR;\ default="regular"] [\fB\-\-resources\fR=[\fIRESOURCES\fR,...]] [\fB\-\-restricted\-services\fR=[\fISERVICE\fR,...]] [\fB\-\-enable\-vpc\-accessible\-services\fR\ \fB\-\-vpc\-allowed\-services\fR=[\fIVPC_SERVICE\fR,...]] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
Create a new service perimeter in a given access policy.
.SH "EXAMPLES"
To create a new basic Service Perimeter:
.RS 2m
$ gcloud access\-context\-manager perimeters create \e
\-\-title=my_perimeter_title \-\-resources=projects/12345 \e
\-\-restricted\-services="storage.googleapis.com" \-\-policy=9876543
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
Perimeter resource \- The service perimeter to create. The arguments in this
group can be used to specify the attributes of this resource.
This must be specified.
.RS 2m
.TP 2m
\fIPERIMETER\fR
ID of the perimeter or fully qualified identifier for the perimeter.
To set the \f5perimeter\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5perimeter\fR on the command line.
.RE
.sp
This positional argument must be specified if any of the other arguments in this
group are specified.
.TP 2m
\fB\-\-policy\fR=\fIPOLICY\fR
The ID of the access policy.
To set the \f5policy\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5perimeter\fR on the command line with a fully specified
name;
.IP "\(bu" 2m
provide the argument \f5\-\-policy\fR on the command line;
.IP "\(bu" 2m
set the property \f5access_context_manager/policy\fR;
.IP "\(bu" 2m
automatically, if the current account belongs to an organization with exactly
one access policy..
.RE
.sp
.RE
.RE
.sp
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-title\fR=\fITITLE\fR
Short human\-readable title for the service perimeter.
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-access\-levels\fR=[\fILEVEL\fR,...]
Comma\-separated list of IDs for access levels (in the same policy) that an
intra\-perimeter request must satisfy to be allowed.
.TP 2m
\fB\-\-async\fR
Return immediately, without waiting for the operation in progress to complete.
.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR
Long\-form description of service perimeter.
.TP 2m
\fB\-\-egress\-policies\fR=\fIYAML_FILE\fR
Path to a file containing a list of Engress Policies.
This file contains a list of YAML\-compliant objects representing Engress
Policies described in the API reference.
For more information about the alpha version, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters
For more information about non\-alpha versions, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters
.TP 2m
\fB\-\-ingress\-policies\fR=\fIYAML_FILE\fR
Path to a file containing a list of Ingress Policies.
This file contains a list of YAML\-compliant objects representing Ingress
Policies described in the API reference.
For more information about the alpha version, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters
For more information about non\-alpha versions, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters
.TP 2m
\fB\-\-perimeter\-type\fR=\fIPERIMETER_TYPE\fR; default="regular"
Type of the perimeter. \fIPERIMETER_TYPE\fR must be one of:
.RS 2m
.TP 2m
\fBbridge\fR
Allows resources in different regular service perimeters to import and export
data between each other.
A project may belong to multiple bridge service perimeters (only if it also
belongs to a regular service perimeter). Both restricted and unrestricted
service lists, as well as access level lists, must be empty.
.TP 2m
\fBregular\fR
Allows resources within this service perimeter to import and export data amongst
themselves.
A project may belong to at most one regular service perimeter.
.RE
.sp
.TP 2m
\fB\-\-resources\fR=[\fIRESOURCES\fR,...]
Comma\-separated list of resources (currently only projects, in the form
\f5projects/<projectnumber>\fR) in this perimeter.
.TP 2m
\fB\-\-restricted\-services\fR=[\fISERVICE\fR,...]
Comma\-separated list of services to which the perimeter boundary \fBdoes\fR
apply (for example, \f5storage.googleapis.com\fR).
.TP 2m
\fB\-\-enable\-vpc\-accessible\-services\fR
Whether to restrict API calls within the perimeter to those in the
vpc\-allowed\-services list.
.TP 2m
\fB\-\-vpc\-allowed\-services\fR=[\fIVPC_SERVICE\fR,...]
Comma\-separated list of APIs accessible from within the Service Perimeter. In
order to include all restricted services, use reference "RESTRICTED\-SERVICES".
Requires vpc\-accessible\-services be enabled.
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "API REFERENCE"
This command uses the \fBaccesscontextmanager/v1\fR API. The full documentation
for this API can be found at:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/
.SH "NOTES"
These variants are also available:
.RS 2m
$ gcloud alpha access\-context\-manager perimeters create
.RE
.RS 2m
$ gcloud beta access\-context\-manager perimeters create
.RE