Cloud Life Sciences is deprecated and will no longer be available on Google Cloud after July 8, 2025. Use cases for Cloud Life Sciences are now supported by Batch. To learn how to migrate your workload, see Migrate to Batch.

Set up trusted image policies

You can use a trusted image policy to define an organization policy that allows principals to create Compute Engine persistent disks only from images in specific projects.

For instructions on how to use a trusted image policy, see Set image access constraints. The following steps show how to set image access constraints for Cloud Life Sciences at the project level using the Google Cloud console and Google Cloud CLI:

Console

Go to the Organization policies page.
Go to Organization policies
In the policies list, click Define trusted image projects.
Click Edit to customize your existing trusted image constraints.
On the Edit page, select Customize.
In the Policy values drop-down list, select Custom to set the constraint on specific image projects.
In the Policy type drop-down list, specify the Allow value.
In the Custom values field, enter projects/life-sciences.

If you are setting project-level constraints, then they might conflict with the existing constraints set on your organization or folder.
Click New policy value to add multiple image projects.
Click Save to apply the constraint.

For more information about creating organization policies, see Creating and managing organization policies.

gcloud

Get the existing policy settings for your project by running the resource-manager org-policies describe command:
```
gcloud resource-manager org-policies describe \
   compute.trustedImageProjects --project=PROJECT_ID \
   --effective > policy.yaml
```
Replace PROJECT_ID with your project ID.
Open the policy.yaml file in a text editor and modify the compute.trustedImageProjects constraint by adding projects/life-sciences to the allowedValues field. When you have finished editing the file, save your changes.
```
constraint: constraints/compute.trustedImageProjects
listPolicy:
 allowedValues:
    - projects/life-sciences
```
Apply the policy.yaml file to your project. If your organization or folder has existing constraints, those constraints might conflict with project-level constraints that you set. To apply the constraint, use the resource-manager org-policies set-policy command.
```
gcloud resource-manager org-policies set-policy \
   policy.yaml --project=PROJECT_ID
```
Replace PROJECT_ID with your project ID.

When you have finished configuring the constraints, test those constraints to ensure that they create the restrictions that you need.