gcloud beta compute security-policies update - update a Compute Engine security policy
gcloud beta compute security-policies update NAME [--description=DESCRIPTION] [--enable-layer7-ddos-defense] [--json-custom-content-types=[CONTENT_TYPE,...]] [--json-parsing=JSON_PARSING] [--layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD] [--layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC] [--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD] [--layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD] [--layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE] [--log-level=LOG_LEVEL] [--network-ddos-protection=NETWORK_DDOS_PROTECTION] [--recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY] [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...]
(BETA) gcloud beta compute security-policies update is used to update security policies.
To update the description run this:
$ gcloud beta compute security-policies update SECURITY_POLICY \ --description='new description'
- NAME
Name of the security policy to update.
- --description=DESCRIPTION
An optional, textual description for the security policy.
- --enable-layer7-ddos-defense
Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.
- --json-custom-content-types=[CONTENT_TYPE,...]
A comma-separated list of custom Content-Type header values to apply JSON parsing for preconfigured WAF rules. Only applicable when JSON parsing is enabled, like --json-parsing=STANDARD. When configuring a Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded.
- --json-parsing=JSON_PARSING
The JSON parsing behavior for this rule. Must be one of the following values: [DISABLED, STANDARD]. JSON_PARSING must be one of: DISABLED, STANDARD.
- --layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD
Confidence threshold above which Adaptive Protection's auto-deploy takes actions
- --layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC
Duration over which Adaptive Protection's auto-deployed actions last
- --layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD
Impacted baseline threshold below which Adaptive Protection's auto-deploy takes actions
- --layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD
Load threshold above which Adaptive Protection's auto-deploy takes actions
- --layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE
The visibility type indicates whether the rules are opaque or transparent. VISIBILITY_TYPE must be one of: STANDARD, PREMIUM.
- --log-level=LOG_LEVEL
The level of detail to display for WAF logging. LOG_LEVEL must be one of: NORMAL, VERBOSE.
- --network-ddos-protection=NETWORK_DDOS_PROTECTION
The DDoS protection level for network load balancing and instances with external IPs. NETWORK_DDOS_PROTECTION must be one of: STANDARD, ADVANCED.
- --recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY
The reCAPTCHA site key to be used for rules using the redirect action and the google-recaptcha redirect type under the security policy.
- At most one of these can be specified:
- --global
If set, the security policy is global.
- --region=REGION
Region of the security policy to update. Overrides the default compute/region property value for this command invocation.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in beta and might change without notice. These variants are also available:
$ gcloud compute security-policies update
$ gcloud alpha compute security-policies update