To properly secure an Agentspace app and mitigate the risk of data exfiltration, you must configure a VPC Service Controls perimeter. Using VPC Service Controls and Access Context Manager, you can protect and control access to your Agentspace app and connected enterprise data.
Set up VPC Service Controls with Agentspace
To protect your Google Agentspace resources using VPC Service Controls, do the following:
Ensure that you have a VPC Service Controls perimeter configured. You can create a new perimeter specifically for your Agentspace app, or use an existing perimeter that houses related resources.
For information about service perimeters, see Service perimeter details and configuration.
Add the Google Cloud project that contains your Agentspace app to the list of protected resources within the service perimeter.
Add the following APIs to the list of restricted services for the perimeter:
- Discovery Engine API:
discoveryengine.googleapis.com
- Discovery Engine API:
Once the service perimeter is enabled and the DiscoveryEngine API is listed as a restricted service, VPC Service Controls enacts the following security measures:
The
discoveryengine.googleapis.comAPI can no longer be accessed from the public internet.Access to the Agentspace user interface is blocked, except where allowed by ingress rules.
Agentspace actions are blocked and can't be created or used until you contact your Google representative and ask for each service to be added to the allowlist. For more information, see Use actions after enabling VPC Service Controls.
Restrict public access using Access Context Manager
Google Agentspace applications are made publicly accessible to the public internet. By default, Agentspace requires users to authenticate and requires authorization for access. VPC Service Controls and Access Context Manager provide additional controls that you can use to gate access.
Using Access Context Manager, you can define fine-grained, attribute-based access control for projects and resources in Google Cloud. To do this, you must define an access policy, which is an organization-wide container for access levels and service perimeters.
Access levels describe the requirements that must be met in order for a request to be honored. For example, you can restrict requests based on the following:
- Device type and operating system (requires a Chrome Enterprise Premium license)
- IP address
- User identity
In this reference architecture, a public IP subnetwork access level is used to build the VPC Service Controls access policy.
To gate access to Agentspace using Access Context Manager, follow the instructions in Creating a basic access level to create a basic access level. Specify the following options:
For Create conditions in, choose Basic mode.
In the Access level title field, enter
corp-public-block.In the Conditions section, for When condition is met, return, select TRUE.
For IP Subnetworks, select Public IP.
For the IP address range, specify your external IP address.
Use actions after enabling VPC Service Controls
VPC Service Controls primarily aims to prevent data exfiltration by creating a secure service perimeter around your projects and resources. Agentspace actions, such as sending an email or creating a Jira ticket, are considered potential paths for data to leave this secure perimeter. Because these actions can interact with external services or access sensitive data, VPC Service Controls blocks these actions to ensure the integrity of your security boundary.
Accordingly, when you enable VPC Service Controls on a Google Cloud project containing an Agentspace app, the ability to create and use Agentspace assistant actions is blocked by default, and the UI prevents you from creating a new action. If you would like to enable assistant actions for a particular service in your Google Agentspace app that's protected by VPC Service Controls, contact your Google representative and request that the service be added to an allowlist and enabled for use within your service perimeter.