VPC Service Controls
Definition
VPC Service Controls is a security feature provided by Google Cloud Platform (GCP) that allows organizations to define a security perimeter around their GCP resources. This feature helps prevent data exfiltration by restricting access to resources from outside the defined perimeter and controlling the movement of data across different services. It enhances the security of cloud environments by enabling administrators to enforce granular access policies and monitor access attempts.
Secure Settings Example
# Example of a secure VPC Service Controls perimeter configuration
gcloud access-context-manager perimeters create secure-perimeter \
--title="Secure Perimeter" \
--resources=projects/123456789012,projects/987654321098 \
--restricted-services=bigquery.googleapis.com,storage.googleapis.com \
--access-levels=accessPolicies/123456789012/accessLevels/secure-access-level
Insecure Settings Example
# Example of an insecure VPC Service Controls perimeter configuration
gcloud access-context-manager perimeters create insecure-perimeter \
--title="Insecure Perimeter" \
--resources=projects/123456789012 \
--restricted-services=bigquery.googleapis.com \
# Missing access levels, allowing broader access than intended