Bucket IP filtering

This page provides an overview of bucket IP filtering including its benefits, how it works, supported locations, and limitations to consider.

Overview

Cloud Storage offers bucket IP filtering to manage access to your data stored in buckets.

Bucket IP filtering is a network security mechanism that restricts access to a bucket based on the source IP address of the request and secures your data from from unauthorized access.

The bucket IP filtering feature for Cloud Storage enables fine-grained access control based on IPv4 or IPv6 address ranges or the Google Cloud Virtual Private Cloud. You can configure a list of IP ranges at the bucket level and all incoming requests to the bucket are restricted to the configured IP ranges and VPCs. This feature provides a way to secure sensitive data in Cloud Storage buckets and prevent unauthorized access from specific IP addresses or VPCs.

Benefits

Bucket IP filtering for Cloud Storage offers the following benefits:

  • Fine-grained access control: Restrict access to your Cloud Storage buckets based on the specific IP address (IPv4 or IPv6) or Google Cloud Virtual Private Cloud of the requester. Bucket IP filtering acts as a strong network-level security layer, preventing unauthorized access from unknown or untrusted sources.

  • Enhanced security: By limiting access to authorized IP addresses or VPCs, you can reduce the risk of unauthorized access, data breaches, and malicious activity.

  • Flexible configuration: You can configure and manage lists of IP ranges at the bucket level, tailoring the access control to your specific requirements.

How does it work?

Bucket IP filtering helps you control access to your buckets by defining rules that permit requests from specific IPv4 and IPv6 addresses. Incoming requests are evaluated against these rules to determine access permissions.

A bucket IP filtering rule includes the following configurations:

  • Public internet access: You can define rules to manage requests originating from the public internet (outside any configured Virtual Private Cloud). These rules specify allowed IPv4 or IPv6 addresses using CIDR ranges, authorizing inbound traffic from those sources.

  • Virtual private cloud (VPC) access: For granular control over access from specific VPC networks, you can define rules for each network. These rules include allowed IP ranges, enabling precise management of access from your virtual network infrastructure.

Supported locations

Bucket IP filtering is available in the following locations:

  • asia-south1
  • asia-south2
  • asia-southeast1
  • asia-southeast2
  • asia-east1
  • asia-east2
  • europe-west1
  • europe-west2
  • us-central1
  • us-east1
  • us-east4
  • us-west1

Limitations

Bucket IP filtering has the following limitations:

What's next

Try it for yourself

If you're new to Google Cloud, create an account to evaluate how Cloud Storage performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

Try Cloud Storage free