Stay organized with collections
Save and categorize content based on your preferences.
To validate its attestation token, Confidential Space needs to download
certificates from Cloud Storage buckets. If these buckets reside outside
your perimeter, you must configure the following egress rule:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["Confidential Space requires downloading certificates from Cloud Storage buckets, necessitating an egress rule for `storage.googleapis.com` with `google.storage.objects.get` method access to projects `870449385679` and `180376494128`."],["The `cloud-shielded-ca-prod` (project `870449385679`) project contains attestation certificates, while `cloud-shielded-ca-prod-root` (project `180376494128`) contains root certificates."],["If the Compute Engine API is within a restricted perimeter, an egress rule must be created for `compute.googleapis.com`, specifically allowing the `InstancesService.Insert` method to project `30229352718`."],["The project `confidential-space-images` (project `30229352718`) houses the Confidential Space VM images."]]],[]]
