This page describes how to create and manage intercept deployment groups.
Before you begin
- Enable the Network Security API in your project.
- Install the gcloud CLI.
Roles
To create, view, or delete intercept deployment groups, your Identity and Access Management (IAM) principal must have the necessary Identity and Access Management (IAM) roles on your project. For more information, see Manage access to projects, folders, and organizations.
To check the progress of the operations listed on this page, your
Identity and Access Management (IAM) principal must have the following Intercept Deployment Admin
role
(roles/networksecurity.interceptDeploymentAdmin) permissions:
networksecurity.interceptDeploymentGroups.createnetworksecurity.interceptDeploymentGroups.deletenetworksecurity.interceptDeploymentGroups.getnetworksecurity.interceptDeploymentGroups.list
Create an intercept deployment group
An intercept deployment group is a global resource that holds a collection of zonal intercept deployments.
Console
In the Google Cloud console, go to the Deployment groups page.
Click Create deployment group.
For Name, enter a unique name of the deployment group.
For Network, select a VPC network. All intercept deployments must reference internal passthrough Network Load Balancers that use this network.
Click Create.
gcloud
To create an intercept deployment group, use the gcloud
network-security intercept-deployment-groups create
command:
gcloud network-security intercept-deployment-groups create DEPLOYMENT_GROUP_ID \
--location global \
--no-async \
--network NETWORK
Replace the following:
DEPLOYMENT_GROUP_ID: the ID of the intercept deployment group.NETWORK: the name of a VPC network. All intercept deployments must reference internal passthrough Network Load Balancers that use this network.
Terraform
To create an intercept deployment group, you can use a google_network_security_intercept_deployment_group resource.
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
View details of an intercept deployment group
You can view the details of an intercept deployment group, such as its name and the network.
Console
In the Google Cloud console, go to the Deployment groups page.
Click the deployment group.
gcloud
To view the details of an intercept deployment group, use the gcloud
network-security intercept-deployment-groups describe
command:
gcloud network-security intercept-deployment-groups describe DEPLOYMENT_GROUP_ID \
--location global
Replace DEPLOYMENT_GROUP_ID with the ID of the intercept deployment group.
In the output, the name of the intercept deployment group is displayed in
the projects/PROJECT_ID/locations/global/interceptDeploymentGroups/DEPLOYMENT_GROUP_ID
format.
List intercept deployment groups
You can list all intercept deployment groups in a project, including their IDs.
Console
To see all the intercept deployment groups of the project, complete the following step:
In the Google Cloud console, go to the Deployment groups page.
To list the intercept deployment groups, click filter_list Filter.
From the Properties list, select Purpose and then for Value, select NSI In-band.
gcloud
To list all intercept deployment groups of the project,
use the gcloud network-security intercept-deployment-groups list
command:
gcloud network-security intercept-deployment-groups list
Delete an intercept deployment group
Before you delete an intercept deployment group, delete intercept deployments that reference the intercept deployment group.
Console
In the Google Cloud console, go to the Deployment groups page.
Select the checkbox of the deployment group and click Delete.
Click Delete again to confirm.
gcloud
To delete an intercept deployment group, use the gcloud
network-security intercept-deployment-groups delete
command:
gcloud network-security intercept-deployment-groups delete DEPLOYMENT_GROUP_ID \
--no-async \
--location global
Replace DEPLOYMENT_GROUP_ID with the ID of the intercept deployment group.