gcloud alpha iap tcp dest-groups set-iam-policy - set the IAM policy for an IAP TCP Destination Group resource
gcloud alpha iap tcp dest-groups set-iam-policy POLICY_FILE --dest-group=DEST_GROUP --region=REGION [GCLOUD_WIDE_FLAG ...]
(ALPHA) This command replaces the existing IAM policy for an IAP TCP Destination Group resource, given a file encoded in JSON or YAML that contains the IAM policy. If the given policy file specifies an "etag" value, then the replacement will succeed only if the policy already in place matches that etag. (An etag obtained via $ gcloud alpha iap tcp dest-groups get-iam-policy will prevent the replacement if the policy for the resource has been subsequently updated.) A policy file that does not contain an etag value will replace any existing policy for the resource.
To set the IAM policy for the TCP Destination Group resource within the active project in the group 'my-group' located in the region 'us-west1', run:
$ gcloud alpha iap tcp dest-groups set-iam-policy POLICY_FILE \ --dest-group=='my-group' --region='us-west1'
To set the IAM policy for the TCP Destination Group resource within project PROJECT_ID in the group 'my-group' located in the region 'us-west1', run:
$ gcloud alpha iap tcp dest-groups set-iam-policy POLICY_FILE \ --project=PROJECT_ID --dest-group=='my-group' \ --region='us-west1'
- POLICY_FILE
JSON or YAML file containing the IAM policy.
- --dest-group=DEST_GROUP
Name of the Destination Group.
- --region=REGION
Region of the Destination Group.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud iap tcp dest-groups set-iam-policy
$ gcloud beta iap tcp dest-groups set-iam-policy