Set up a service perimeter using VPC Service Controls

VPC Service Controls is a Google Cloud feature that allows you to set up a service perimeter and create a data transfer boundary. You can use VPC Service Controls with Cloud Tasks to help protect your services.

Supported targets

Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are allowed for:

  • Authenticated requests to VPC Service Controls-compliant Cloud Run functions targets at functions.net endpoints
  • Authenticated requests to VPC Service Controls-compliant Cloud Run targets at run.app endpoints

Examples of unsupported targets

Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are blocked for non-compliant requests. For example, requests to all of the following are blocked:

  • Non-VPC Service Controls-compliant Cloud Run functions targets at functions.net endpoints
  • Non-VPC Service Controls-compliant Cloud Run targets at run.app endpoints
  • Cloud Run functions targets at non-functions.net endpoints
  • Cloud Run targets at non-run.app endpoints
  • Non-Cloud Run functions endpoints
  • Non-Cloud Run endpoints

What's next