Set up a service perimeter using VPC Service Controls

VPC Service Controls is a Google Cloud feature that allows you to set up a service perimeter and create a data transfer boundary. You can use VPC Service Controls with Cloud Tasks to help protect your services.

Supported targets

Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are allowed for:

• Authenticated requests to VPC Service Controls-compliant Cloud Run functions targets at functions.net endpoints
• Authenticated requests to VPC Service Controls-compliant Cloud Run targets at run.app endpoints

Examples of unsupported targets

Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are blocked for non-compliant requests. For example, requests to all of the following are blocked:

• Non-VPC Service Controls-compliant Cloud Run functions targets at functions.net endpoints
• Non-VPC Service Controls-compliant Cloud Run targets at run.app endpoints
• Cloud Run functions targets at non-functions.net endpoints
• Cloud Run targets at non-run.app endpoints
• Non-Cloud Run functions endpoints
• Non-Cloud Run endpoints

What's next

• To set up a service perimeter, see Create a service perimeter.

• To adjust the ingress settings of your Cloud Run function, see Configuring network settings.

• To adjust the ingress settings of your Cloud Run service, see Restricting ingress for Cloud Run.

• To learn more about VPC Service Controls, see the overview and supported products and limitations.