gcloud alpha compute routers nats rules update - update a Rule in a Compute Engine NAT
gcloud alpha compute routers nats rules update RULE_NUMBER --nat=NAT --router=ROUTER [--async] [--match=MATCH] [--region=REGION] [--source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...]] [--source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...]] [--clear-source-nat-drain-ips | --source-nat-drain-ips=IP_ADDRESS,[IP_ADDRESS,...]] [--clear-source-nat-drain-ranges | --source-nat-drain-ranges=SUBNETWORK,[SUBNETWORK,...]] [GCLOUD_WIDE_FLAG ...]
(ALPHA) gcloud alpha compute routers nats rules update is used to update a Rule in a Compute Engine NAT.
To drain connections established using address-1 and use address-2 for all new connections matching Rule 1 in NAT nat-1, run:
$ gcloud alpha compute routers nats rules update 1 --nat=nat1 \ --router=my-router --region=us-central1 \ --source-nat-drain-ips=address-1 \ --source-nat-active-ips=address-2
- RULE_NUMBER
Number that uniquely identifies the Rule to update
- --nat=NAT
Name of the NAT that contains the Rule
- --router=ROUTER
The Router to use for NAT.
- --async
Return immediately, without waiting for the operation in progress to complete.
- --match=MATCH
CEL Expression used to identify traffic to which this rule applies.
- —
Supported attributes (Public NAT): destination.ip
- —
Supported attributes (Private NAT): nexthop.hub
- —
Supported methods (Public Nat): inIpRange
- —
Supported operators (Public NAT): ||, ==
- —
Supported operators (Private NAT): ==
Examples of allowed Match expressions (Public NAT):
- —
'inIpRange(destination.ip, "203.0.113.0/24")''
- —
'destination.ip == "203.0.113.7"'
- —
'destination.ip == "203.0.113.7" || inIpRange(destination.ip, "203.0.113.16/25")'
Example of allowed Match expression (Private NAT):
- —
nexthop.hub == "//networkconnectivity.googleapis.com/projects/p1/locations/global/hubs/h1"
- --region=REGION
Region of the NAT containing the Rule to update. If not specified, you might be prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the compute/region property:
$ gcloud config set compute/region REGION
A list of regions can be fetched by running:
$ gcloud compute regions list
To unset the property, run:
$ gcloud config unset compute/region
Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.
- --source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...]
External IP Addresses to use for connections matching this rule.
These must be valid reserved external IPs in the same region.
- --source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...]
Subnetworks from which addresses are used for connections matching this rule. This is only supported for Private NAT, and is required when creating a Private NAT gateway..
These must be Subnetwork resources in the same region, with purpose set to PRIVATE_NAT.
- At most one of these can be specified:
- --clear-source-nat-drain-ips
Clear drained IPs from the Rule
- --source-nat-drain-ips=IP_ADDRESS,[IP_ADDRESS,...]
External IP Addresses to drain connections on.
These must be external IPs previously used as active IPs on this rule. No new connections will be established using these IPs.
- At most one of these can be specified:
- --clear-source-nat-drain-ranges
Clear drained ranges from the Rule
- --source-nat-drain-ranges=SUBNETWORK,[SUBNETWORK,...]
Subnetwork ranges to drain connections on.
These must be subnetworks previously used as active ranges on this rule. No new connections will be established using these ranges.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud compute routers nats rules update
$ gcloud beta compute routers nats rules update