VPC Service Controls can help you mitigate the risk of data exfiltration from Vertex AI. Use VPC Service Controls to create a service perimeter that protects the resources and data that you specify. For example, when you use VPC Service Controls to protect Vertex AI, the following artifacts cannot leave your service perimeter:
- Training data for an AutoML model or custom model
- Models that you created
- Requests for online predictions
- Results from a batch prediction request
Service perimeter creation
When you create a service perimeter, include Vertex AI
aiplatform.googleapis.com) as a protected service. You aren't required to
include any additional services for Vertex AI to function. However,
Vertex AI won't be able to reach resources outside the perimeter,
such as files in a Cloud Storage bucket that is outside the perimeter.
For more information about creating a service perimeter, see Creating a service perimeter in the VPC Service Controls documentation.
Enable VPC Service Controls for peerings to configure the
servicenetworking VPC network without a default route. The name is a bit misleading, because it's not explicitly a VPC-SC configuration; rather, it's commonly used when using VPC-SC. Without the default route, from the perspective of the
servicenetworking VPC network.
- Packets to
126.96.36.199/30(restricted.googleapis.com) are sent to the default internet gateway of the
servicenetworkingVPC network. This is because the command creates a custom route for this destination.
The default route (or broader routes) in the customer's VPC network can be used to route traffic from the
servicenetworkingVPC network into the customer's VPC network or into an on-premises network connected to the customer's VPC network. For this to work, the following conditions must be met.
- The routes in the customer's VPC network must use next hops different than the default internet gateway next hop. (Routes using the default internet gateway next hop are never exchanged in a VPC network peering relationship.)
- The customer's VPC network must be configured to export custom routes in the peering to the
servicenetworkingVPC network. (The
servicenetworkingnetwork is already configured to import custom routes in the peering relationship.)
For further discussion on this, see set up connectivity from Vertex AI to other networks.
The following limitations apply when you use VPC Service Controls:
- For data labeling, you must add labelers' IP addresses to an access level.
- For Google Cloud Pipeline Components, the components launch containers that
check their base image for all requirements. If requirements are missing,
download them from the Python Package Index (PyPI).
The KFP package, as well as any packages
listed in the
packages_to_installargument are the requirements for a container. If a requirement is specified that is not present in the base image (either provided or custom), the component will fail if it isn't able to download the requirement.