Configure VPC Service Controls for Secure Web Proxy

You can use VPC Service Controls to improve the security of your Secure Web Proxy instance.

VPC Service Controls provides additional security for Secure Web Proxy to help mitigate the risk of data exfiltration. By using VPC Service Controls, you can add projects to service perimeters that protect resources and services from requests that originate outside the perimeter.

To learn how to create a service perimeter, see Create a service perimeter in the VPC Service Controls documentation.

You can include the following APIs in your service perimeter:

API name API identifier Requirement
Network Services API networkservices.googleapis.com Required
Network Security API networksecurity.googleapis.com Required
Certificate Manager API certificatemanager.googleapis.com Optional

If you provision your proxy with a certificate, then you must also include this API in your service perimeter.

Certificate Authority Service API privateca.googleapis.com Optional

If you enable TLS inspection for your proxy, then you must also include this API in your service perimeter.

What's next