gcloud alpha access-context-manager cloud-bindings create - create cloud access bindings for a specific group
gcloud alpha access-context-manager cloud-bindings create --group-key=GROUP_KEY [--dry-run-level=[DRY_RUN_LEVEL,...]] [--level=[LEVEL,...]] [--organization=ORGANIZATION] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Create a new cloud access binding. The access level will be bound with the group. The access level will be enforced when any user in the group tries to access the Google cloud console or API.
To create a new cloud access binding including the dry run access level, run:
$ gcloud alpha access-context-manager cloud-bindings create \ --group-key=my-group-key \ --level=accessPolicies/123/accessLevels/abc \ --dry-run-level=accessPolicies/123/accessLevels/def
- --group-key=GROUP_KEY
Google Group id whose members are subject to the restrictions of this binding.
- --dry-run-level=[DRY_RUN_LEVEL,...]
The dry run access level that will bind to the given group. The dry run access level will be evaluated but won't be enforced. Denial on dry run access level will be logged. The input must be the full identifier for access level, such as accessPolicies/123/accessLevels/new-def.
- --level=[LEVEL,...]
The access level that will bind to the given group. The input must be the full identifier for the access level, such as accessPolicies/123/accessLevels/abc.
- --organization=ORGANIZATION
Parent organization for this binding.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command uses the accesscontextmanager/v1alpha API. The full documentation for this API can be found at: https://cloud.google.com/access-context-manager/docs/reference/rest/
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:
$ gcloud access-context-manager cloud-bindings create