gcloud network-security firewall-endpoint-associations create

NAME
gcloud network-security firewall-endpoint-associations create - create a Firewall Plus endpoint association
SYNOPSIS
gcloud network-security firewall-endpoint-associations create [ASSOCIATION_ID] --network=NETWORK --zone=ZONE (--endpoint=ENDPOINT : --endpoint-zone=ENDPOINT_ZONE --organization=ORGANIZATION) [--async] [--labels=[KEY=VALUE,…]] [--max-wait=MAX_WAIT; default="60m"] [--tls-inspection-policy=TLS_INSPECTION_POLICY : --tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT --tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION] [GCLOUD_WIDE_FLAG]
DESCRIPTION
Associate the specified network with the firewall endpoint. Successful creation of a firewall endpoint association results in an association in READY state. Check the progress of association creation by using gcloud network-security firewall-endpoint-associations list.

For more examples, refer to the EXAMPLES section below.

EXAMPLES
To associate a network with a firewall endpoint, run: 
gcloud network-security firewall-endpoint-associations create --network=projects/my-project/networks/global/myNetwork --endpoint=organizations/1234/locations/us-central1-a/firewallEndpoints/my-endpoint --zone=us-central1-a --project=my-project
POSITIONAL ARGUMENTS
[ASSOCIATION_ID]
Name to give the association. If not specified, an auto-generated UUID will be used.
REQUIRED FLAGS
Network resource - Firewall Plus. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument --network on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.

This must be specified.

--network=NETWORK
ID of the network or fully qualified identifier for the network.

To set the network-name attribute:

  • provide the argument --network on the command line.
--zone=ZONE
Zone of a firewall endpoint association
Firewall endpoint resource - Firewall Plus. The arguments in this group can be used to specify the attributes of this resource.

This must be specified.

--endpoint=ENDPOINT
ID of the firewall endpoint or fully qualified identifier for the firewall endpoint.

To set the endpoint-name attribute:

  • provide the argument --endpoint on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--endpoint-zone=ENDPOINT_ZONE
Zone of the firewall endpoint.

To set the endpoint-zone attribute:

  • provide the argument --endpoint on the command line with a fully specified name;
  • provide the argument --endpoint-zone on the command line;
  • provide the argument --zone on the command line;
  • provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command line with a fully specified name.
--organization=ORGANIZATION
Organization ID to which the changes should apply.

To set the organization attribute:

  • provide the argument --endpoint on the command line with a fully specified name;
  • provide the argument --organization on the command line.
OPTIONAL FLAGS
--async
Return immediately, without waiting for the operation in progress to complete. The default is True. Enabled by default, use --no-async to disable.
--labels=[KEY=VALUE,…]
List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--max-wait=MAX_WAIT; default="60m"
Time to synchronously wait for the operation to complete, after which the operation continues asynchronously. Ignored if --no-async isn't specified. See $ gcloud topic datetimes for information on time formats.
TLS Inspection Policy resource - Path to TLS Inspection Policy configuration to use for intercepting TLS-encrypted traffic in this network. The arguments in this group can be used to specify the attributes of this resource.
--tls-inspection-policy=TLS_INSPECTION_POLICY
ID of the TLS Inspection Policy or fully qualified identifier for the TLS Inspection Policy.

To set the tls_inspection_policy attribute:

  • provide the argument --tls-inspection-policy on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--tls-inspection-policy-project=TLS_INSPECTION_POLICY_PROJECT
Project of the TLS Inspection Policy.

To set the tls-inspection-policy-project attribute:

  • provide the argument --tls-inspection-policy on the command line with a fully specified name;
  • provide the argument --tls-inspection-policy-project on the command line;
  • provide the argument --project on the command line;
  • provide the argument FIREWALL_ENDPOINT_ASSOCIATION on the command line with a fully specified name.
--tls-inspection-policy-region=TLS_INSPECTION_POLICY_REGION
Region of the TLS Inspection Policy. NOTE: TLS Inspection Policy needs to be in the same region as Firewall Plus endpoint resource. To set the tls-inspection-policy-region attribute:
  • provide the argument --tls-inspection-policy on the command line with a fully specified name;
  • provide the argument --tls-inspection-policy-region on the command line.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
These variants are also available: 
gcloud alpha network-security firewall-endpoint-associations create
 
gcloud beta network-security firewall-endpoint-associations create