You can protect your Memorystore for Valkey instances using VPC Service Controls.
VPC Service Controls protect against data exfiltration and provide an extra layer of security for your instances. For more information about VPC Service Controls, see Overview of VPC Service Controls.
Once the Memorystore for Valkey API is protected by your service perimeter, Memorystore for Valkey API requests coming from clients outside of the perimeter must have the proper access level rules.
Protecting your Valkey instances using VPC Service Controls
Add the Memorystore for Valkey API to your service perimeter. For instructions on adding a service to your service perimeter, see Updating a service perimeter.
Configuration requirements
If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Valkey instance inside the same perimeter in order for Valkey requests to succeed. Otherwise, requests between the service project instance and the host project network are blocked by the VPC Service Controls service perimeter.
At any time, separating the host project and service project with a perimeter can cause a Valkey instance failure, in addition to blocked requests.
For more information about limitations when using VPC Service Controls with Memorystore for Valkey, see Memorystore for Valkey.