Quickstart

This page shows you how to set up a service perimeter using VPC Service Controls in the Google Cloud Console. For more information about VPC Service Controls, read the Overview of VPC Service Controls.

Before you begin

Create a service perimeter

  1. In the Google Cloud Console, go to the VPC Service Controls page.

    Go to the VPC Service Controls page

  2. If you are prompted, select your Organization.

  3. At the top of the VPC Service Controls page, click New Perimeter.

  4. On the New VPC Service Perimeter page, in the Perimeter Name box, type a name for the perimeter.

  5. Select the projects that you want to secure within the perimeter:

    1. Click the Add Projects button.

    2. To add a project to the perimeter, in the Add Projects window, select that project's checkbox.

    3. Click the Add n Projects button, where n is the number of projects you selected in the previous step.

      Add projects UI

  6. Select the services that you want to secure within the perimeter:

    1. Click the Add Services button.

    2. To secure services within the perimeter, in the Specify services to restrict window, select that service's checkbox.

    3. Click the Add n Services button, where n is the number of services you selected in the previous step.

      Restrict services UI

  7. Click the Save button.

You just created a service perimeter! The service perimeter may take up to 30 minutes to propagate and take effect. When the changes have propagated, access to the services you selected will be limited to the projects you added to the perimeter.

Additionally, the Cloud Console interface for the services that you protected with the perimeter may become partially or fully inaccessible. For example, if you protected Logging with the perimeter, you will not be able to access the Logging interface in the Cloud Console.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used in this quickstart, follow these steps.

To remove the perimeter you created using this quickstart:

  1. In the Google Cloud Console, go to the VPC Service Controls page.

    Go to the VPC Service Controls page

  2. If you are prompted, select your organization.

  3. On the VPC Service Controls page, in the row corresponding to the perimeter that you created, click the button.

  4. In the dialog box, click the Delete button to confirm that you want to delete the perimeter.

What's next