Set up a service perimeter using VPC Service Controls

Stay organized with collections Save and categorize content based on your preferences.

VPC Service Controls is a Google Cloud feature that allows you to set up a service perimeter and create a data transfer boundary. You can use VPC Service Controls with Eventarc to help protect your services.

We recommend that you protect all services when creating a service perimeter.

In projects protected by a service perimeter, Eventarc is bound by the same limitations as Pub/Sub:

  • When routing events to Cloud Run destinations, you can only create new Pub/Sub push subscriptions when the push endpoints are set to Cloud Run services with default URLs (custom domains don't work).

  • When routing events to Workflows destinations for which the Pub/Sub push endpoint is set to a Workflows execution, you can only create new Pub/Sub push subscriptions through Eventarc. Note that the service account used for push authentication for the Workflows endpoint must be included in the service perimeter.

What's next