Configuring ingress and egress policies

This page explains how to configure ingress and egress policies for your VPC Service Controls perimeter.

Ingress and egress policies can be configured for existing perimeters or included when a perimeter is created.

Updating ingress and egress policies for a service perimeter

Console

In the Google Cloud console navigation menu, click Security, and then click VPC Service Controls.

Go to the VPC Service Controls page
Select an existing service perimeter.
Click Edit.
On the Edit service perimeter page, click Ingress policy or Egress policy.
Expand the ingress or egress rule that you want to edit.
In the From and To sections, edit the ingress or egress rule attributes that you want to change.
- For the list of ingress rule attributes, see Ingress rules reference.
Note: If you select All sources in the Sources list of the ingress rule, the ingress policy allows access from any network origin.
- For the list of egress rule attributes, see Egress rules reference.
The YAML attribute reference describes the same attributes that are found in the Google Cloud console, however the Google Cloud console uses slightly different names.
Click Save.

gcloud

To update a perimeter policy, run one of the following commands replacing variables with appropriate values:

gcloud access-context-manager perimeters update PERIMETER_NAME --set-ingress-policies=INGRESS-FILENAME.yaml

gcloud access-context-manager perimeters update PERIMETER_NAME --set-egress-policies=EGRESS-FILENAME.yaml

For example:

gcloud access-context-manager perimeters update my-perimeter --set-ingress-policies=my-ingress-rule.yaml

For information about configuring ingress and egress rules as YAML files, see Ingress rules reference and Egress rules reference.

Setting ingress and egress policies during perimeter creation