Restrict VM interaction to Confidential VM only

You can set up a security perimeter that makes sure your Confidential VM instances can only interact with other Confidential VM instances. This is achieved with the following services:

A security perimeter can be established around Confidential VM instances that reside inside the same project, or in separate projects.

Required roles

To get the permissions that you need to create a security perimeter, ask your administrator to grant you the following IAM roles on the organization:

For more information about granting roles, see Manage access.

You might also be able to get the required permissions through custom roles or other predefined roles.

To learn more about these roles, see Required administrative roles in the Shared VPC overview.

Create a Confidential VM perimeter

To create a security perimeter around your Confidential VM instances, complete the following instructions:

  1. Create a folder in your organization called confidential-perimeter.

  2. Inside the folder, create a shared VPC host project. This defines the Confidential VM perimeter.

After you've created a VPC host project, share the project by granting your networking team access.

Enforce the perimeter

To prevent service projects from allowing non-Confidential VM instances from interacting with the perimeter, apply the following organization policy constraints to your confidential-perimeter folder as indicated.

Constraint Value Description
constraints/compute.restrictNonConfidentialComputing deny compute.googleapis.com Forces all service projects to create Confidential VM instances only.
constraints/compute.restrictSharedVpcHostProjects under: FOLDER_ID Prevents projects inside the perimeter from creating another Shared VPC host project. Replace FOLDER_ID with the ID of your confidential-perimeter folder.
constraints/compute.restrictVpcPeering is: [] Prevents service projects from peering network and network connections outside of the perimeter.
constraints/compute.vmExternalIpAccess is: [] Forces all Confidential VM instances in service projects to use internal IPs.
constraints/compute.restrictLoadBalancerCreationForTypes allowedValues: ["INTERNAL_TCP_UDP", "INTERNAL_HTTP_HTTPS",] Prevents all VM instances from defining an internet-visible ingress point. You may override this for specific projects in your perimeter that should have ingress—for example, your perimeter network.

To control network data transfer outside of the perimeter, use VPC firewall rules.

What's next

You can use VPC Service Controls to extend the security perimeter to cover Google Cloud resources. To learn more, see Overview of VPC Service Controls.