gcloud alpha compute org-security-policies rules update - update a Compute Engine security policy rule
gcloud alpha compute org-security-policies rules update PRIORITY --security-policy=SECURITY_POLICY [--action=ACTION] [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]] [--dest-ports=[DEST_PORTS,...]] [--direction=DIRECTION] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY] [--organization=ORGANIZATION] [--src-ip-ranges=[SRC_IP_RANGE,...]] [--target-resources=[TARGET_RESOURCES,...]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] [GCLOUD_WIDE_FLAG ...]
(ALPHA) gcloud alpha compute org-security-policies rules update is used to update organization security policy rules.
To update a rule with priority ``10" in an organization security policy with ID ``123456789" to change the action to ``allow" and description to ``new-example-rule", run:
$ gcloud alpha compute org-security-policies rules update create \ 10 --security-policy=123456789 --action=allow \ --description=new-example-rule
- PRIORITY
Priority of the security policy rule to update.
- --security-policy=SECURITY_POLICY
Display name of the security policy into which the rule should be updated.
- --action=ACTION
Action to take if the request matches the match condition. ACTION must be one of: allow, deny, goto_next.
- --description=DESCRIPTION
An optional, textual description for the rule.
- --dest-ip-ranges=[DEST_IP_RANGE,...]
Destination IP ranges to match for this rule. Can only be specified if DIRECTION is egress.
- --dest-ports=[DEST_PORTS,...]
A list of destination protocols and ports to which the firewall rule will apply.
- --direction=DIRECTION
Direction of the traffic the rule is applied. The default is to apply on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.
- --[no-]enable-logging
Use this flag to enable logging of connections that allowed or denied by this rule. Use --enable-logging to enable and --no-enable-logging to disable.
- --layer4-configs=[LAYER4_CONFIG,...]
A list of destination protocols and ports to which the firewall rule will apply.
- --new-priority=NEW_PRIORITY
New priority for the rule to update. Valid in [0, 65535].
- --organization=ORGANIZATION
Organization which the organization security policy belongs to. Must be set if SECURITY_POLICY is display name.
- --src-ip-ranges=[SRC_IP_RANGE,...]
Source IP ranges to match for this rule. Can only be specified if DIRECTION is ingress.
- --target-resources=[TARGET_RESOURCES,...]
List of URLs of target resources to which the rule is applied.
- --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
List of target service accounts for the rule.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:
$ gcloud beta compute org-security-policies rules update