VPC Service Controls is a Google Cloud feature that allows you to set up a service perimeter and create a data transfer boundary. You can use VPC Service Controls with Cloud Tasks to help protect your services.
Supported targets
Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are allowed for:
- Authenticated requests to VPC Service Controls-compliant Cloud Run functions targets at
functions.netendpoints - Authenticated requests to VPC Service Controls-compliant Cloud Run targets at
run.appendpoints
Examples of unsupported targets
Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are blocked for non-compliant requests. For example, requests to all of the following are blocked:
- Non-VPC Service Controls-compliant Cloud Run functions targets at
functions.netendpoints - Non-VPC Service Controls-compliant Cloud Run targets at
run.appendpoints - Cloud Run functions targets at non-
functions.netendpoints - Cloud Run targets at non-
run.appendpoints - Non-Cloud Run functions endpoints
- Non-Cloud Run endpoints
What's next
To set up a service perimeter, see Create a service perimeter.
To adjust the ingress settings of your Cloud Run function, see Configuring network settings.
To adjust the ingress settings of your Cloud Run service, see Restricting ingress for Cloud Run.
To learn more about VPC Service Controls, see the overview and supported products and limitations.