Set up a service perimeter using VPC Service Controls
Stay organized with collections
Save and categorize content based on your preferences.
VPC Service Controls is a Google Cloud feature that allows you to set
up a service perimeter and create a data transfer boundary. You can use
VPC Service Controls with Cloud Tasks to help protect your
services.
Supported targets
Once you set up a service perimeter, HTTP requests from a
Cloud Tasks execution are allowed for:
Authenticated requests to VPC Service Controls-compliant
Cloud Run functions targets at functions.net endpoints
Authenticated requests to VPC Service Controls-compliant
Cloud Run targets at run.app endpoints
Examples of unsupported targets
Once you set up a service perimeter, HTTP requests from a
Cloud Tasks execution are blocked for non-compliant requests.
For example, requests to all of the following are blocked:
Non-VPC Service Controls-compliant Cloud Run functions
targets at functions.net endpoints
Non-VPC Service Controls-compliant Cloud Run targets at
run.app endpoints
Cloud Run functions targets at non-functions.net endpoints
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Set up a service perimeter using VPC Service Controls\n\nVPC Service Controls is a Google Cloud feature that allows you to set\nup a service perimeter and create a data transfer boundary. You can use\nVPC Service Controls with Cloud Tasks to help protect your\nservices.\n\nSupported targets\n-----------------\n\nOnce you set up a service perimeter, HTTP requests from a\nCloud Tasks execution are allowed for:\n\n- Authenticated requests to VPC Service Controls-compliant Cloud Run functions targets at `functions.net` endpoints\n- Authenticated requests to VPC Service Controls-compliant Cloud Run targets at `run.app` endpoints\n\nExamples of unsupported targets\n-------------------------------\n\nOnce you set up a service perimeter, HTTP requests from a\nCloud Tasks execution are blocked for non-compliant requests.\nFor example, requests to all of the following are blocked:\n\n- Non-VPC Service Controls-compliant Cloud Run functions targets at `functions.net` endpoints\n- Non-VPC Service Controls-compliant Cloud Run targets at `run.app` endpoints\n- Cloud Run functions targets at non-`functions.net` endpoints\n- Cloud Run targets at non-`run.app` endpoints\n- Non-Cloud Run functions endpoints\n- Non-Cloud Run endpoints\n\nWhat's next\n-----------\n\n- To set up a service perimeter, see\n [Create a service perimeter](/vpc-service-controls/docs/create-service-perimeters).\n\n- To adjust the ingress settings of your Cloud Run function, see\n [Configuring network settings](/functions/docs/networking/network-settings).\n\n- To adjust the ingress settings of your Cloud Run service, see\n [Restricting ingress for Cloud Run](/run/docs/securing/ingress).\n\n- To learn more about VPC Service Controls, see the\n [overview](/vpc-service-controls/docs/overview) and\n [supported products and limitations](/vpc-service-controls/docs/supported-products)."]]
