Restrict VM interaction to Confidential VM only

You can set up a security perimeter that makes sure your Confidential VM instances can only interact with other Confidential VM instances. This is achieved with the following services:

• Shared Virtual Private Cloud (VPC) networks

• Organization policy constraints

• Firewall rules

A security perimeter can be established around Confidential VM instances that reside inside the same project, or in separate projects.

Required roles

To get the permissions that you need to create a security perimeter, ask your administrator to grant you the following IAM roles on the organization:

• Organization Administrator (roles/resourcemanager.organizationAdmin)
• Compute Shared VPC Admin (roles/compute.xpnAdmin)
• Project IAM Admin (roles/resourcemanager.projectIamAdmin)
• Compute Network User (roles/compute.networkUser)
• Compute Instance Admin (roles/compute.instanceAdmin)

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

To learn more about these roles, see Required administrative roles in the Shared VPC overview.

Create a Confidential VM perimeter

To create a security perimeter around your Confidential VM instances, complete the following instructions:

1. Create a folder in your organization called confidential-perimeter.

2. Inside the folder, create a shared VPC host project. This defines the Confidential VM perimeter.

After you've created a VPC host project, share the project by granting your networking team access.

Enforce the perimeter

To prevent service projects from allowing non-Confidential VM instances from interacting with the perimeter, apply the following organization policy constraints to your confidential-perimeter folder as indicated.

Constraint	Value	Description
constraints/compute.restrictNonConfidentialComputing	deny compute.googleapis.com	Forces all service projects to create Confidential VM instances only.
constraints/compute.restrictSharedVpcHostProjects	under: FOLDER_ID	Prevents projects inside the perimeter from creating another Shared VPC host project. Replace FOLDER_ID with the ID of your confidential-perimeter folder.
constraints/compute.restrictVpcPeering	is: []	Prevents service projects from peering network and network connections outside of the perimeter.
constraints/compute.vmExternalIpAccess	is: []	Forces all Confidential VM instances in service projects to use internal IPs.
constraints/compute.restrictLoadBalancerCreationForTypes	allowedValues: ["INTERNAL_TCP_UDP", "INTERNAL_HTTP_HTTPS",]	Prevents all VM instances from defining an internet-visible ingress point. You may override this for specific projects in your perimeter that should have ingress—for example, your perimeter network.

To control network data transfer outside of the perimeter, use VPC firewall rules.

What's next

You can use VPC Service Controls to extend the security perimeter to cover Google Cloud resources. To learn more, see Overview of VPC Service Controls.