Create and manage mirroring deployments

Mirroring deployment lets you expose a zonal set of load balanced appliances so that mirroring deployment can be used by the mirroring endpoint groups.

This page explains how to create and manage mirroring deployment using the Google Cloud CLI.

Before you begin

Roles

To get the permissions that you need to create, view, or delete mirroring deployments, ask your administrator to grant you the necessary Identity and Access Management (IAM) roles on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

To check the progress of the operations listed on this page, make sure that your user role has the following Mirroring Deployment Admin role (roles/networksecurity.mirroringDeploymentAdmin) permissions:

  • networksecurity.mirroringDeployments.create
  • networksecurity.mirroringDeployments.delete
  • networksecurity.mirroringDeployments.get
  • networksecurity.mirroringDeployments.list

Create a mirroring deployment

Create a mirroring deployment to represent the producer side within a zone and associate it with the mirroring deployment group.

Permissions required for this task

To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.

Permissions

  • networksecurity.mirroringDeployments.create

Roles

  • networksecurity.mirroringDeploymentAdmin

gcloud

To create a mirroring deployment, use the gcloud network-security mirroring-deployments create command:

 gcloud network-security mirroring-deployments \
 create DEPLOYMENT \
 --location ZONE \
 --forwarding-rule FWD_RULE \
 --forwarding-rule-location REGION \
 --mirroring-deployment-group DEPLOYMENT_GROUP_ID \
 --no-async

Replace the following:

  • DEPLOYMENT: the name of the mirroring deployment; you can specify the name as a string or as a unique URL identifier.

  • ZONE: the zone of the mirroring deployment

  • FWD_RULE:the forwarding rule to direct network traffic to a load balance

  • REGION: the region of the forwarding rule

  • DEPLOYMENT_GROUP_ID: the ID of the mirroring deployment group

Terraform

To create a mirroring deployment, you can use a google_network_security_mirroring_deployment resource.

resource "google_network_security_mirroring_deployment" "default" {
 mirroring_deployment_id = "mirroring-deployment"
 location = "us-central1-a"
 forwarding_rule = google_compute_forwarding_rule.default.id
 mirroring_deployment_group = google_network_security_mirroring_deployment_group.default.id
}

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.

View mirroring deployment

You can view the details of a specific mirroring deployment in a project.

Permissions required for this task

To perform this task, you must have been granted the following permissions or one of the following IAM roles on your project.

Permissions

  • networksecurity.mirroringDeployments.get

Roles

  • networksecurity.mirroringDeploymentAdmin
  • networksecurity.mirroringDeploymentViewer

gcloud

To view details of a mirroring deployment, use the gcloud network-security mirroring-deployments describe command:

gcloud network-security mirroring-deployments \
 describe DEPLOYMENT \
 --location ZONE \
 --project PROJECT

Replace the following:

  • DEPLOYMENT: the name of the mirroring deployment

  • ZONE: the zone of the mirroring deployment

  • PROJECT: the project name of the mirroring deployment

List mirroring deployments

You can list all the mirroring deployments in a project.

Permissions required for this task

To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.

Permissions

  • networksecurity.mirroringDeployments.list

Roles

  • networksecurity.mirroringDeploymentAdmin
  • networksecurity.mirroringDeploymentViewer

gcloud

To list mirroring deployments, use the gcloud network-security mirroring-deployments list command:

 gcloud network-security mirroring-deployments list \
 --location ZONE \
 --project PROJECT

Replace the following:

  • ZONE: the zone of the mirroring deployment

  • PROJECT: the name of your mirroring deployment project

Delete a mirroring deployment

You can delete a mirroring deployment by specifying its name, location, and project. However, if a mirroring deployment is referenced by a mirroring deployment group, then it cannot be deleted.

Permissions required for this task

To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.

Permissions

  • networksecurity.mirroringDeployments.delete

Roles

  • networksecurity.mirroringDeploymentAdmin

gcloud

To delete a mirroring deployment, use the gcloud network-security mirroring-deployments delete command:

 gcloud network-security mirroring-deployments \
 delete DEPLOYMENT \
 --location ZONE \
 --project PROJECT \
 --no-async

Replace the following:

  • DEPLOYMENT: the name of the mirroring deployment

  • ZONE: the zone of the mirroring deployment

  • PROJECT: the project name of the mirroring deployment

What's next

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月06日 UTC.