Creating a perimeter bridge

This page describes how to create service perimeter bridges.

Before you begin

Create a perimeter bridge

Console

To create a perimeter bridge:

  1. In the Google Cloud console navigation menu, click Security, and then click VPC Service Controls.

    Go to the VPC Service Controls page

  2. If you are prompted, select your Organization.

  3. At the top of the VPC Service Controls page, click New Perimeter.

  4. On the New VPC Service Perimeter page, in the Perimeter Name box, type a name for the perimeter.

    You can only search for a perimeter using its name, so we recommend using a unique name for the perimeter. You can't search for a perimeter using its ID.

  5. Under Perimeter Type, select Perimeter Bridge.

  6. Select the projects that you want to secure within the perimeter:

    1. Click the Add Projects button.

    2. In the Add projects window, in each row corresponding to a project that you want add to the perimeter, select the checkbox.

    3. Click the Add n Projects button, where n is the number of projects you selected in the previous step.

  7. Click the Save button.

gcloud

To create a perimeter bridge, use the following command:

gcloud access-context-manager perimeters create BRIDGE_NAME \
  --title="BRIDGE_TITLE" --perimeter-type=bridge \
  --resources=PROJECTS \
  --policy=POLICY_NAME

Where:

  • BRIDGE_NAME is the name of the perimeter bridge you are creating.

  • BRIDGE_TITLE is the title of the bridge.

  • PROJECTS is a comma-delimited list of one or more project IDs. For example: projects/100712 or projects/100712,projects/233130. Only numeric IDs are supported. You cannot use the project name.

  • POLICY_NAME is the numeric name of your organization's access policy. For example, 330193482019.

API

To create a perimeter bridge, call accessPolicies.servicePerimeters.create.

POST https://accesscontextmanager.googleapis.com/v1/accessPolicies/POLICY_NAME/servicePerimeters

Where:

  • POLICY_NAME is the numeric name of your organization's access policy. For example, 330193482019.

Request body

The request body must include a ServicePerimeter resource that defines the perimeter bridge.

For the ServicePerimeter resource, specify PERIMETER_TYPE_BRIDGE for perimeterType.

Response body

If successful, the response body for the call contains an Operation resource that provides details about the POST operation.