gcloud alpha iap web enable - enable Cloud Identity-Aware Proxy (Cloud IAP) on an IAP resource
gcloud alpha iap web enable [--oauth2-client-id=OAUTH2_CLIENT_ID --oauth2-client-secret=OAUTH2_CLIENT_SECRET] [--resource-type=RESOURCE_TYPE : --service=SERVICE] [GCLOUD_WIDE_FLAG ...]
(ALPHA) This command enables Cloud Identity-Aware Proxy on an IAP resource. OAuth 2.0 credentials must be set, or must have been previously set, to enable IAP.
To enable IAP on an App Engine application, run:
$ gcloud alpha iap web enable --resource-type=app-engine \ --oauth2-client-id=CLIENT_ID --oauth2-client-secret=SECRET
To enable IAP on a backend service, run:
$ gcloud alpha iap web enable --resource-type=backend-services \ --oauth2-client-id=CLIENT_ID --oauth2-client-secret=SECRET \ --service=SERVICE_ID
- --oauth2-client-id=OAUTH2_CLIENT_ID
OAuth 2.0 client ID to use.
- --oauth2-client-secret=OAUTH2_CLIENT_SECRET
OAuth 2.0 client secret to use.
- --resource-type=RESOURCE_TYPE
Resource type of the IAP resource. RESOURCE_TYPE must be one of: app-engine, backend-services.
- --service=SERVICE
Service name. Required with --resource-type=backend-services.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud iap web enable
$ gcloud beta iap web enable