NAME

gcloud beta assured workloads create - create a new Assured Workloads environment

SYNOPSIS

gcloud beta assured workloads create --billing-account=BILLING_ACCOUNT --compliance-regime=COMPLIANCE_REGIME --display-name=DISPLAY_NAME --location=LOCATION --organization=ORGANIZATION [--enable-sovereign-controls=ENABLE_SOVEREIGN_CONTROLS] [--external-identifier=EXTERNAL_IDENTIFIER] [--labels=[KEY=VALUE,...]] [--next-rotation-time=NEXT_ROTATION_TIME] [--partner=PARTNER] [--provisioned-resources-parent=PROVISIONED_RESOURCES_PARENT] [--resource-settings=[KEY=VALUE,...]] [--rotation-period=ROTATION_PERIOD] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(BETA) Create a new Assured Workloads environment

EXAMPLES

The following example command creates a new Assured Workloads environment with these properties:

$ gcloud beta assured workloads create --organization=123 \ --location=us-central1 --display-name=Test-Workload \ --compliance-regime=FEDRAMP_MODERATE \ --billing-account=billingAccounts/456 \ --next-rotation-time=2020-12-30T10:15:00.00Z \ --rotation-period=172800s \ --labels=LabelKey1=LabelValue1,LabelKey2=LabelValue2 \ --provisioned-resources-parent=folders/789 \ --resource-settings=consumer-project-id=my-custom-id

REQUIRED FLAGS

--billing-account=BILLING_ACCOUNT

The billing account of the new Assured Workloads environment, for example, billingAccounts/0000AA-AAA00A-A0A0A0

--compliance-regime=COMPLIANCE_REGIME

The compliance regime of the new Assured Workloads environment. COMPLIANCE_REGIME must be one of: CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, IL4, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, ASSURED_WORKLOADS_FOR_PARTNERS.

--display-name=DISPLAY_NAME

The display name of the new Assured Workloads environment

--location=LOCATION

The location of the new Assured Workloads environment. For a current list of supported LOCATION values, see Assured Workloads locations http://cloud/assured-workloads/docs/locations.

--organization=ORGANIZATION

The parent organization of the new Assured Workloads environment, provided as an organization ID

OPTIONAL FLAGS

--enable-sovereign-controls=ENABLE_SOVEREIGN_CONTROLS

If true, enable sovereign controls for the new Assured Workloads environment, currently only supported by EU_REGIONS_AND_SUPPORT

--external-identifier=EXTERNAL_IDENTIFIER

The external identifier of the new Assured Workloads environment

--labels=[KEY=VALUE,...]

The labels of the new Assured Workloads environment, for example, LabelKey1=LabelValue1,LabelKey2=LabelValue2

--next-rotation-time=NEXT_ROTATION_TIME

The next rotation time of the KMS settings of new Assured Workloads environment, for example, 2020-12-30T10:15:30.00Z

--partner=PARTNER

The partner choice when creating a workload managed by local trusted partners. PARTNER must be one of: LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS.

--provisioned-resources-parent=PROVISIONED_RESOURCES_PARENT

The parent of the provisioned projects, for example, folders/{FOLDER_ID}

--resource-settings=[KEY=VALUE,...]

A comma-separated, key=value map of custom resource settings such as custom project ids, for example: consumer-project-id={CONSUMER_PROJECT_ID} Note: Currently only encryption-keys-project-id, encryption-keys-project-name and keyring-id are supported. The encryption-keys-project-id, encryption-keys-project-name and keyring-id settings can be specified only if KMS settings are provided

--rotation-period=ROTATION_PERIOD

The rotation period of the KMS settings of the new Assured Workloads environment, for example, 172800s

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in beta and might change without notice. These variants are also available:

$ gcloud assured workloads create

$ gcloud alpha assured workloads create