gcloud alpha compute security-policies update - update a Compute Engine security policy
gcloud alpha compute security-policies update NAME [--ddos-protection=DDOS_PROTECTION] [--description=DESCRIPTION] [--enable-layer7-ddos-defense] [--enable-ml] [--json-custom-content-types=[CONTENT_TYPE,...]] [--json-parsing=JSON_PARSING] [--layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD] [--layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC] [--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD] [--layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD] [--layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE] [--log-level=LOG_LEVEL] [--network-ddos-protection=NETWORK_DDOS_PROTECTION] [--recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY] [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...]
(ALPHA) gcloud alpha compute security-policies update is used to update security policies.
To update the description run this:
$ gcloud alpha compute security-policies update SECURITY_POLICY \ --description='new description'
- NAME
Name of the security policy to update.
- --ddos-protection=DDOS_PROTECTION
The DDoS protection level for network load balancing and instances with external IPs. DDOS_PROTECTION must be one of: STANDARD, ADVANCED.
- --description=DESCRIPTION
An optional, textual description for the security policy.
- --enable-layer7-ddos-defense
Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.
- --enable-ml
Whether to enable Cloud Armor Adaptive Protection
- --json-custom-content-types=[CONTENT_TYPE,...]
A comma-separated list of custom Content-Type header values to apply JSON parsing for preconfigured WAF rules. Only applicable when JSON parsing is enabled, like --json-parsing=STANDARD. When configuring a Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded.
- --json-parsing=JSON_PARSING
The JSON parsing behavior for this rule. Must be one of the following values: [DISABLED, STANDARD]. JSON_PARSING must be one of: DISABLED, STANDARD.
- --layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD
Confidence threshold above which Adaptive Protection's auto-deploy takes actions
- --layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC
Duration over which Adaptive Protection's auto-deployed actions last
- --layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD
Impacted baseline threshold below which Adaptive Protection's auto-deploy takes actions
- --layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD
Load threshold above which Adaptive Protection's auto-deploy takes actions
- --layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE
The visibility type indicates whether the rules are opaque or transparent. VISIBILITY_TYPE must be one of: STANDARD, PREMIUM.
- --log-level=LOG_LEVEL
The level of detail to display for WAF logging. LOG_LEVEL must be one of: NORMAL, VERBOSE.
- --network-ddos-protection=NETWORK_DDOS_PROTECTION
The DDoS protection level for network load balancing and instances with external IPs. NETWORK_DDOS_PROTECTION must be one of: STANDARD, ADVANCED.
- --recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY
The reCAPTCHA site key to be used for rules using the redirect action and the google-recaptcha redirect type under the security policy.
- At most one of these can be specified:
- --global
If set, the security policy is global.
- --region=REGION
Region of the security policy to update. Overrides the default compute/region property value for this command invocation.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud compute security-policies update
$ gcloud beta compute security-policies update