HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_access-context-manager_perimeters_update.1
.TH "GCLOUD_ACCESS\-CONTEXT\-MANAGER_PERIMETERS_UPDATE" 1



.SH "NAME"
.HP
gcloud access\-context\-manager perimeters update \- update the enforced configuration for an existing Service Perimeter



.SH "SYNOPSIS"
.HP
\f5gcloud access\-context\-manager perimeters update\fR (\fIPERIMETER\fR\ :\ \fB\-\-policy\fR=\fIPOLICY\fR) [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-etag\fR=\fIetag\fR] [\fB\-\-title\fR=\fITITLE\fR] [\fB\-\-type\fR=\fITYPE\fR] [\fB\-\-add\-access\-levels\fR=[\fILEVEL\fR,...]\ |\ \fB\-\-clear\-access\-levels\fR\ |\ \fB\-\-remove\-access\-levels\fR=[\fILEVEL\fR,...]\ |\ \fB\-\-set\-access\-levels\fR=[\fILEVEL\fR,...]] [\fB\-\-add\-resources\fR=[\fIRESOURCES\fR,...]\ |\ \fB\-\-clear\-resources\fR\ |\ \fB\-\-remove\-resources\fR=[\fIRESOURCES\fR,...]\ |\ \fB\-\-set\-resources\fR=[\fIRESOURCES\fR,...]] [\fB\-\-add\-restricted\-services\fR=[\fISERVICE\fR,...]\ |\ \fB\-\-clear\-restricted\-services\fR\ |\ \fB\-\-remove\-restricted\-services\fR=[\fISERVICE\fR,...]\ |\ \fB\-\-set\-restricted\-services\fR=[\fISERVICE\fR,...]] [\fB\-\-clear\-egress\-policies\fR\ |\ \fB\-\-set\-egress\-policies\fR=\fIYAML_FILE\fR] [\fB\-\-clear\-ingress\-policies\fR\ |\ \fB\-\-set\-ingress\-policies\fR=\fIYAML_FILE\fR] [\fB\-\-enable\-vpc\-accessible\-services\fR\ \fB\-\-add\-vpc\-allowed\-services\fR=[\fIVPC_SERVICE\fR,...]\ |\ \fB\-\-clear\-vpc\-allowed\-services\fR\ |\ \fB\-\-remove\-vpc\-allowed\-services\fR=[\fIVPC_SERVICE\fR,...]] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

This command updates the enforced configuration (\f5status\fR) of a Service
Perimeter.



.SH "EXAMPLES"

To update the enforced configuration for a Service Perimeter:

.RS 2m
$ gcloud access\-context\-manager perimeters update my\-perimeter \e
    \-\-add\-resources="projects/123,projects/456" \e
    \-\-remove\-restricted\-services="storage.googleapis.com" \e
    \-\-add\-access\-levels="accessPolicies/123/accessLevels/a_level" \e
    \-\-enable\-vpc\-accessible\-services \-\-clear\-vpc\-allowed\-services
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Perimeter resource \- The service perimeter to update. The arguments in this
group can be used to specify the attributes of this resource.

This must be specified.


.RS 2m
.TP 2m
\fIPERIMETER\fR

ID of the perimeter or fully qualified identifier for the perimeter.

To set the \f5perimeter\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5perimeter\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-policy\fR=\fIPOLICY\fR

The ID of the access policy.

To set the \f5policy\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5perimeter\fR on the command line with a fully specified
name;
.IP "\(bu" 2m
provide the argument \f5\-\-policy\fR on the command line;
.IP "\(bu" 2m
set the property \f5access_context_manager/policy\fR.
.RE
.sp


.RE
.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR

Long\-form description of service perimeter.

.TP 2m
\fB\-\-etag\fR=\fIetag\fR

The etag for the version of the Access Policy that this operation is to be
performed on. If, at the time of the operation, the etag for the Access Policy
stored in Access Context Manager is different from the specified etag, then the
commit operation will not be performed and the call will fail. If etag is not
provided, the operation will be performed as if a valid etag is provided.

.TP 2m
\fB\-\-title\fR=\fITITLE\fR

Short human\-readable title of the service perimeter.

.TP 2m
\fB\-\-type\fR=\fITYPE\fR

Type of the perimeter.

A \fBregular\fR perimeter allows resources within this service perimeter to
import and export data amongst themselves. A project may belong to at most one
regular service perimeter.

A \fBbridge\fR perimeter allows resources in different regular service
perimeters to import and export data between each other. A project may belong to
multiple bridge service perimeters (only if it also belongs to a regular service
perimeter). Both restricted and unrestricted service lists, as well as access
level lists, must be empty.

\fITYPE\fR must be one of: \fBbridge\fR, \fBregular\fR.

.TP 2m

These flags modify the member access levels of this perimeter. An
intra\-perimeter request must satisfy these access levels (for example,
\f5MY_LEVEL\fR; must be in the same access policy as this perimeter) to be
allowed.

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-add\-access\-levels\fR=[\fILEVEL\fR,...]

Append the given values to the current access levels.

.TP 2m
\fB\-\-clear\-access\-levels\fR

Empty the current access levels.

.TP 2m
\fB\-\-remove\-access\-levels\fR=[\fILEVEL\fR,...]

Remove the given values from the current access levels.

.TP 2m
\fB\-\-set\-access\-levels\fR=[\fILEVEL\fR,...]

Completely replace the current access levels with the given values.

.RE
.sp
.TP 2m

These flags modify the member resources of this perimeter. Resources must be
projects, in the form \f5projects/<projectnumber>\fR.

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-add\-resources\fR=[\fIRESOURCES\fR,...]

Append the given values to the current resources.

.TP 2m
\fB\-\-clear\-resources\fR

Empty the current resources.

.TP 2m
\fB\-\-remove\-resources\fR=[\fIRESOURCES\fR,...]

Remove the given values from the current resources.

.TP 2m
\fB\-\-set\-resources\fR=[\fIRESOURCES\fR,...]

Completely replace the current resources with the given values.

.RE
.sp
.TP 2m

These flags modify the member restricted services of this perimeter. The
perimeter boundary DOES apply to these services (for example,
\f5storage.googleapis.com\fR).

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-add\-restricted\-services\fR=[\fISERVICE\fR,...]

Append the given values to the current restricted services.

.TP 2m
\fB\-\-clear\-restricted\-services\fR

Empty the current restricted services.

.TP 2m
\fB\-\-remove\-restricted\-services\fR=[\fISERVICE\fR,...]

Remove the given values from the current restricted services.

.TP 2m
\fB\-\-set\-restricted\-services\fR=[\fISERVICE\fR,...]

Completely replace the current restricted services with the given values.

.RE
.sp
.TP 2m

These flags modify the enforced EgressPolicies of this ServicePerimeter.

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-egress\-policies\fR

Empties existing enforced Egress Policies.

.TP 2m
\fB\-\-set\-egress\-policies\fR=\fIYAML_FILE\fR

Path to a file containing a list of Egress Policies.

This file contains a list of YAML\-compliant objects representing Egress
Policies described in the API reference.

For more information about the alpha version, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters
For more information about non\-alpha versions, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters

.RE
.sp
.TP 2m

These flags modify the enforced IngressPolicies of this ServicePerimeter.

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-ingress\-policies\fR

Empties existing enforced Ingress Policies.

.TP 2m
\fB\-\-set\-ingress\-policies\fR=\fIYAML_FILE\fR

Path to a file containing a list of Ingress Policies.

This file contains a list of YAML\-compliant objects representing Ingress
Policies described in the API reference.

For more information about the alpha version, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters
For more information about non\-alpha versions, see:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters

.RE
.sp
.TP 2m
\fB\-\-enable\-vpc\-accessible\-services\fR

When specified restrict API calls within the Service Perimeter to the set of vpc
allowed services. To disable use '\-\-no\-enable\-vpc\-accessible\-services'.

.TP 2m

These flags modify the member vpc allowed services of this perimeter. Services
allowed to be called within the Perimeter when VPC Accessible Services is
enabled

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-add\-vpc\-allowed\-services\fR=[\fIVPC_SERVICE\fR,...]

Append the given values to the current vpc allowed services.

.TP 2m
\fB\-\-clear\-vpc\-allowed\-services\fR

Empty the current vpc allowed services.

.TP 2m
\fB\-\-remove\-vpc\-allowed\-services\fR=[\fIVPC_SERVICE\fR,...]

Remove the given values from the current vpc allowed services.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha access\-context\-manager perimeters update
.RE

.RS 2m
$ gcloud beta access\-context\-manager perimeters update
.RE
@ Telegram