VPC Service Controls is a Google Cloud feature that allows you to set up a service perimeter and create a data transfer boundary. You can use VPC Service Controls with Cloud Tasks to help protect your services.
Supported targets
Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are allowed for:
- Authenticated requests to VPC Service Controls-compliant
Cloud Run functions targets at
functions.net
endpoints - Authenticated requests to VPC Service Controls-compliant
Cloud Run targets at
run.app
endpoints
Examples of unsupported targets
Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are blocked for non-compliant requests. For example, requests to all of the following are blocked:
- Non-VPC Service Controls-compliant Cloud Run functions
targets at
functions.net
endpoints - Non-VPC Service Controls-compliant Cloud Run targets at
run.app
endpoints - Cloud Run functions targets at non-
functions.net
endpoints - Cloud Run targets at non-
run.app
endpoints - Non-Cloud Run functions endpoints
- Non-Cloud Run endpoints
What's next
To set up a service perimeter, see Create a service perimeter.
To adjust the ingress settings of your Cloud Run function, see Configuring network settings.
To adjust the ingress settings of your Cloud Run service, see Restricting ingress for Cloud Run.
To learn more about VPC Service Controls, see the overview and supported products and limitations.