Supported products and limitations Stay organized with collections Save and categorize content based on your preferences.
This page contains a table of products and services that are supported by VPC Service Controls, as well as a list of known limitations with certain services and interfaces.
List all supported services
To retrieve the complete list of all VPC Service Controls supported products and services, run the following command:
gcloud access-context-manager supported-services list
You get a response with a list of products and services.
NAME TITLE SERVICE_SUPPORT_STAGE AVAILABLE_ON_RESTRICTED_VIP KNOWN_LIMITATIONS SERVICE_ADDRESSSERVICE_NAMESERVICE_STATUSRESTRICTED_VIP_STATUSLIMITATIONS_STATUS . . .
This response includes the following values:
Value
Description
SERVICE_ADDRESS
Service name of the product or service. For example, aiplatform.googleapis.com.
SERVICE_NAME
Name of the product or service. For example, Vertex AI API.
SERVICE_STATUS
The status of the service integration with VPC Service Controls. The following are the possible values:
GA: The service integration is fully supported by VPC Service Controls perimeters.
PREVIEW: The service integration is ready for a broader testing and use, but is not fully supported for production environments by VPC Service Controls perimeters.
DEPRECATED: The service integration is scheduled to be shut down and removed.
RESTRICTED_VIP_STATUS
Specifies if the service integration with VPC Service Controls is supported by the restricted VIP. The following are the possible values:
TRUE: The service integration is fully supported by the restricted VIP and can be protected by VPC Service Controls perimeters.
FALSE: The service integration is not supported by the restricted VIP.
Specifies if the service integration with VPC Service Controls has any limitations. The following are the possible values:
TRUE: The service integration with VPC Service Controls has known limitations. You can check the corresponding entry for the service in the Supported products table to know more about these limitations.
FALSE: The service integration with VPC Service Controls has no known limitations.
List supported methods for a service
To retrieve the list of methods and permissions supported by VPC Service Controls for a service, run the following command:
In this response, METHODS_LIST lists all the methods and permissions supported by VPC Service Controls for the specified service. For a complete list of all the supported service methods and permissions, see Supported service method restrictions.
For information about the service methods that VPC Service Controls can't control, see Service method exceptions.
Supported products
VPC Service Controls supports the following products:
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
workloadmanager.googleapis.com
Details
To use Workload Manager in a VPC Service Controls perimeter:
You must use a Cloud Build private worker pool for your deployment environment in Workload Manager. You cannot use the default Cloud Build worker pool.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
netapp.googleapis.com
Details
The API for Google Cloud NetApp Volumes can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Google Cloud NetApp Volumes, refer to the product documentation.
Limitations
VPC Service Controls doesn't cover dataplane paths such as Network File System (NFS) and Server Message Block (SMB) reads and writes. Additionally, if your host and service projects are configured in different perimeters, you can experience a break in the implementation of Google Cloud services.
Yes. You can configure your perimeters to protect this service.
Service name
cloudsearch.googleapis.com
Details
Google Cloud Search supports Virtual Private Cloud Security Controls (VPC Service Controls) to enhance the security of your data. VPC Service Controls allows you to define a security perimeter around Google Cloud Platform resources to constrain data and help mitigate data exfiltration risks.
Because Cloud Search resources are not stored in a Google Cloud project, you must update the Cloud Search customer settings with the VPC perimeter protected project. The VPC project acts as a virtual project container for all your Cloud Search resources. Without building this mapping, VPC Service Controls won't work for the Cloud Search API.
Batch prediction is not supported when you use AI Platform Prediction inside a service perimeter.
AI Platform Prediction and AI Platform Training both use the AI Platform Training and Prediction API, so you must configure VPC Service Controls for both products. Read more about setting up VPC Service Controls for AI Platform Training.
Training with TPUs is not supported when you use AI Platform Training inside a service perimeter.
AI Platform Training and AI Platform Prediction both use the AI Platform Training and Prediction API, so you must configure VPC Service Controls for both products. Read more about setting up VPC Service Controls for AI Platform Prediction.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
alloydb.googleapis.com
Details
VPC Service Controls perimeters protect the AlloyDB API.
For more information about AlloyDB for PostgreSQL, refer to the product documentation.
Limitations
Service perimeters protect only the AlloyDB for PostgreSQL Admin API. They don't protect IP-based data access to underlying databases (such as AlloyDB for PostgreSQL instances). To restrict public IP access on AlloyDB for PostgreSQL instances, use an organization policy constraint.
Before you configure VPC Service Controls for AlloyDB for PostgreSQL, enable the Service Networking API.
When you use AlloyDB for PostgreSQL with Shared VPC and VPC Service Controls, the host project and service project must be in the same VPC Service Controls service perimeter.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
visionai.googleapis.com
Details
The API for Vertex AI Vision can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
When constraints/visionai.disablePublicEndpoint is on, we disable the cluster's public endpoint. Users must manually connect to the PSC target and access the service from the private network. You can get the PSC target from the cluster resource.
Traffic to the Vertex AI in Firebase API is intended to originate from a mobile or browser client, which will always be outside the service perimeter. So, you need to configure an explicit ingress policy.
If you need to connect to the Vertex AI API from within the service perimeter only, then consider using the Vertex AI API directly or via one of the server SDKs, Firebase Genkit, or any of the other available services for accessing the Vertex AI API server-side.
All Apigee runtime projects associated with an API hub instance must reside within the same VPC Service Controls service perimeter as the API hub host project.
The API for Cloud Service Mesh can be protected by VPC Service Controls, and the product can be used normally inside service perimeters.
You can use mesh.googleapis.com to enable the required APIs for Cloud Service Mesh. You don't need to restrict mesh.googleapis.com in your perimeter as it doesn't expose any APIs.
Because Artifact Registry uses the pkg.dev domain, you must configure DNS for *.pkg.dev to map to either private.googleapis.com or restricted.googleapis.com. For more information, see Securing repositories in a service perimeter.
In addition to the artifacts inside a perimeter that are available to Artifact Registry, the following read-only repositories in Container Registry repositories are available to all projects regardless of service perimeters:
gcr.io/anthos-baremetal-release
gcr.io/asci-toolchain
gcr.io/cloud-airflow-releaser
gcr.io/cloud-builders
gcr.io/cloud-dataflow
gcr.io/cloud-ingest
gcr.io/cloud-marketplace
gcr.io/cloud-ssa
gcr.io/cloudsql-docker
gcr.io/config-management-release
gcr.io/deeplearning-platform-release
gcr.io/foundry-dev
gcr.io/fn-img
gcr.io/gae-runtimes
gcr.io/serverless-runtimes
gcr.io/gke-node-images
gcr.io/gke-release
gcr.io/gkeconnect
gcr.io/google-containers
gcr.io/kubeflow
gcr.io/kubeflow-images-public
gcr.io/kubernetes-helm
gcr.io/istio-release
gcr.io/ml-pipeline
gcr.io/projectcalico-org
gcr.io/rbe-containers
gcr.io/rbe-windows-test-images
gcr.io/speckle-umbrella
gcr.io/stackdriver-agents
gcr.io/tensorflow
gcr.io/vertex-ai
gcr.io/vertex-ai-restricted
gke.gcr.io
k8s.gcr.io
In all cases, the regional versions of these repositories are also available.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
assuredoss.googleapis.com
Details
The API for Assured Open Source Software can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Assured Open Source Software, refer to the product documentation.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
assuredworkloads.googleapis.com
Details
The API for Assured Workloads can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
All AutoML products that are integrated with VPC Service Controls use the same service name.
You cannot add the supported regional endpoints, such as eu-automl.googleapis.com, to the list of restricted services in a perimeter. When you protect the automl.googleapis.com service, the perimeter protects the supported regional endpoints, such as eu-automl.googleapis.com, as well.
For more information, see the limitations for using AutoML products with VPC Service Controls.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
No. The API for Bare Metal Solution cannot be protected by service perimeters. However, Bare Metal Solution can be used normally in projects inside a perimeter.
Details
The Bare Metal Solution API can be added to a secure perimeter. However, the VPC Service Controls perimeters do not extend to the Bare Metal Solution environment in the regional extensions.
When you protect the BigQuery API using a service perimeter, the BigQuery Storage API (bigquerystorage.googleapis.com), BigQuery Reservation API (bigqueryreservation.googleapis.com), and BigQuery Connection API (bigqueryconnection.googleapis.com) are also protected. You do not need to separately add these APIs to your perimeter's list of protected services.
BigQuery audit log records don't always include all resources that were used when a request is made, due to the service internally processing access to multiple resources.
When accessing a BigQuery instance protected by a service perimeter, the BigQuery job must be run within a project inside the perimeter, or in a project allowed by an egress rule of the perimeter. By default, the BigQuery client libraries run jobs within the service account or user's project, causing the query to be rejected by VPC Service Controls.
BigQuery blocks saving query results to Google Drive from the VPC Service Controls protected perimeter.
If you grant access using an ingress rule with user accounts as the identity type, you can't view BigQuery resource utilization or administrative jobs explorer on the Monitoring page. To use these features, configure an ingress rule that uses ANY_IDENTITY as the identity type.
If you grant BigQuery users access to data using an ingress rule, then users can use the Google Cloud console to query and save the results to a local file.
Accessing resources in VPC Service Controls perimeters is disallowed in BigQuery Standard edition. VPC Service Controls is only supported when performing analysis through BigQuery Enterprise, Enterprise Plus, or On-Demand.
The BigQuery Reservation API is partially supported. The BigQuery Reservation API, which creates the assignment resource, doesn't enforce service perimeter restrictions on the assignment assignees.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
bigquerydatatransfer.googleapis.com
Details
Service perimeter only protects BigQuery Data Transfer Service API. The actual data protection is enforced by BigQuery. It is by design to allow importing data from various external sources outside of Google Cloud, such as Amazon S3, Redshift, Teradata, YouTube, Google Play and Google Ads, into BigQuery datasets. For information about VPC Service Controls requirements to migrate data from Teradata, see VPC Service controls requirements.
For more information about BigQuery Data Transfer Service, refer to the product documentation.
Limitations
The BigQuery Data Transfer Service doesn't support exporting data out of a BigQuery dataset. For more information, see Exporting table data.
To transfer data between projects, the destination project must either be inside the same perimeter as the source project, or else an egress rule must permit the transfer of data out of the perimeter. For information about setting the egress rules, see Limitations in Manage BigQuery datasets.
Ingress and egress violations for BigQuery jobs initiated by BigQuery Data Transfer Service recurring offline transfer runs don't contain user context information such as caller IP address and device.
The BigQuery Data Transfer Service only supports transferring data into projects protected by a service perimeter using one of the connectors listed in Supported data sources. The BigQuery Data Transfer Service doesn't support transferring data into projects protected by a service perimeter using a connector provided by other third-party partners.
The bigtable.googleapis.com and bigtableadmin.googleapis.com services are bundled together. When you restrict the bigtable.googleapis.com service in a perimeter, the perimeter restricts the bigtableadmin.googleapis.com service by default. You cannot add the bigtableadmin.googleapis.com service to the list of restricted services in a perimeter because it is bundled with bigtable.googleapis.com.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
binaryauthorization.googleapis.com
Details
When using multiple projects with Binary Authorization, each project must be included in the VPC Service Controls perimeter. For more information about this use case, see Multi-project setup.
With Binary Authorization, you may use Artifact Analysis to store attestors and attestations as notes and occurrences, respectively. In this case, you must also include Artifact Analysis in the VPC Service Controls perimeter. See VPC Service Controls guidance for Artifact Analysis for additional details.
For more information about Binary Authorization, refer to the product documentation.
Limitations
The Binary Authorization integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
blockchainnodeengine.googleapis.com
Details
The API for Blockchain Node Engine can be protected by VPC Service Controls and used normally inside service perimeters.
For more information about Blockchain Node Engine, refer to the product documentation.
Limitations
Blockchain Node Engine integrations with VPC Service Controls have the following limitations:
VPC Service Controls only protects the Blockchain Node Engine API. When a node is created, you must still indicate that it is meant for a user-configured private network with Private Service Connect.
The peer-to-peer traffic is not affected by VPC Service Controls or Private Service Connect and will continue to use the public internet.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
privateca.googleapis.com
Details
The API for Certificate Authority Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Certificate Authority Service, refer to the product documentation.
Limitations
To use Certificate Authority Service in a protected environment, you must also add the Cloud KMS API (cloudkms.googleapis.com) and the Cloud Storage API (storage.googleapis.com) to your service perimeter.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
krmapihosting.googleapis.com
Details
To use Config Controller with VPC Service Controls, you must enable the following APIs inside your perimeter:
Cloud Monitoring API (monitoring.googleapis.com)
Container Registry API (containerregistry.googleapis.com)
Google Cloud Observability API (logging.googleapis.com)
Security Token Service API (sts.googleapis.com)
Cloud Storage API (storage.googleapis.com)
If you provision resources with Config Controller, you must enable the API for those resources in your service perimeter. For example, if you want to add an IAM service account, you must add the IAM API (iam.googleapis.com).
Establish the VPC Service Controls security perimeter before creating your Cloud Data Fusion private instance. Perimeter protection for instances created prior to setting up VPC Service Controls is not supported.
Currently, the Cloud Data Fusion data plane UI does not support identity based access using ingress rules or access levels.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
compute.googleapis.com
Details
VPC Service Controls support for Compute Engine offers the following security benefits:
Restricts access to sensitive API operations
Restricts persistent disk snapshots and custom images to a perimeter
Restricts access to instance metadata
VPC Service Controls support for Compute Engine also enables you to utilize Virtual Private Cloud networks and Google Kubernetes Engine private clusters inside service perimeters.
VPC Peering operations do not enforce VPC service perimeter restrictions.
The projects.ListXpnHosts API method for Shared VPC does not enforce service perimeter restrictions on returned projects.
To enable creating a Compute Engine image from a Cloud Storage in a project protected by a service perimeter, the user that is creating the image should be added temporarily to an ingress rule of the perimeter.
VPC Service Controls does not support using the open-source version of Kubernetes on Compute Engine VMs inside a service perimeter.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
contactcenterinsights.googleapis.com
Details
To use Conversational Insights with VPC Service Controls you must have the following additional APIs inside your perimeter, depending on your integration.
To load data into Conversational Insights, add the Cloud Storage API to your service perimeter.
To use export, add the BigQuery API to your service perimeter.
To integrate multiple CCAI products, add the Vertex AI API to your service perimeter.
For more information about Conversational Insights, refer to the product documentation.
Limitations
The Conversational Insights integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
dataflow.googleapis.com
Details
Dataflow supports a number of storage service connectors. The following connectors have been verified to work with Dataflow inside a service perimeter:
Custom BIND is not supported when using Dataflow. To customize DNS resolution when using Dataflow with VPC Service Controls, use Cloud DNS private zones instead of using custom BIND servers. To use your own on-premises DNS resolution, consider using a Google Cloud DNS forwarding method.
Not all storage service connectors have been verified to work when used with Dataflow inside a service perimeter. For a list of verified connectors, see "Details" in the previous section.
When using Python 3.5 with Apache Beam SDK 2.20.0‑2.22.0, Dataflow jobs will fail at startup if the workers have private IP addresses only, such as when using VPC Service Controls to protect resources. If Dataflow workers can only have private IP addresses, such as when using VPC Service Controls to protect resources, do not use Python 3.5 with Apache Beam SDK 2.20.0‑2.22.0. This combination causes jobs to fail at startup.
Yes. You can configure your perimeters to protect this service.
Service name
dataplex.googleapis.com
Details
The API for Dataplex Universal Catalog can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Dataplex Universal Catalog, refer to the product documentation.
Limitations
Before creating your Dataplex Universal Catalog resources, set up the VPC Service Controls security perimeter. Otherwise, your resources don't have perimeter protection. Dataplex Universal Catalog supports the following resource types:
VPC Service Controls doesn't support access to folder-level or organization-level Cloud Asset API resources from resources and clients inside a service perimeter. VPC Service Controls protects project-level Cloud Asset API resources. You can specify an egress policy to allow access to project-level Cloud Asset API resources from projects inside the perimeter. To manage Database Center permissions at the folder level or organizational level, we recommend using IAM.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
datamigration.googleapis.com
Details
The API for Database Migration Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Database Migration Service, refer to the product documentation.
Limitations
Service perimeters protect only the Database Migration Service Admin API. They don't protect IP-based data access to underlying databases (such as Cloud SQL instances). To restrict public IP access on Cloud SQL instances, use an organization policy constraint.
When you use a Cloud Storage file in the initial dump phase of the migration, add the Cloud Storage bucket to the same service perimeter.
When you use a customer-managed encryption key (CMEK) in the destination database, make sure that the CMEK resides in the same service perimeter as the connection profile that contains the key.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
dlp.googleapis.com
Details
The API for Sensitive Data Protection can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Sensitive Data Protection, refer to the product documentation.
Limitations
Because VPC Service Controls does not currently support folder and organization resources, Sensitive Data Protection calls may return a 403 response when attempting to access organization-level resources. We recommend that IAM is used to manage Sensitive Data Protection permissions at the folder and organization level.
You can access Cloud DNS through the restricted VIP. However you cannot create or update public DNS zones within projects inside the VPC Service Controls perimeter.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
domains.googleapis.com
Details
The API for Cloud Domains can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
The DNS configuration data used in Cloud Domains—name servers and DNSSEC settings—is public. If your domain delegates to a public DNS zone, which is the default, then that zone's DNS configuration data is public too.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
eventarc.googleapis.com
Details
Eventarc Advanced APIs can be protected with VPC Service Controls, and features can be used normally inside service perimeters.
An Eventarc Advanced bus outside of a service perimeter can't receive events from Google Cloud Platform projects inside the perimeter. An Eventarc Advanced bus inside of a perimeter can't route events to a consumer outside of the perimeter.
To publish to an Eventarc Advanced bus, the source of an event must be inside the same service perimeter as the bus.
To consume a message, an event consumer must be inside the same service perimeter as the bus.
You can verify VPC Service Controls support for the Enrollment, GoogleApiSource, MessageBus, and Pipeline resources by viewing platform logs on ingress.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
eventarc.googleapis.com
Details
Eventarc Standard handles event delivery using Pub/Sub topics and push subscriptions. To access the Pub/Sub API and manage event triggers, the Eventarc API must be protected within the same VPC Service Controls service perimeter as the Pub/Sub API.
In projects protected by a service perimeter, the following limitations apply:
Eventarc Standard is bound by the same limitations as Pub/Sub:
When routing events to Cloud Run targets, new Pub/Sub push subscriptions can't be created unless the push endpoints are set to Cloud Run services with default run.app URLs (custom domains don't work).
When routing events to Workflows targets for which the Pub/Sub push endpoint is set to a Workflows execution, you can only create new Pub/Sub push subscriptions through Eventarc Standard.
VPC Service Controls blocks the creation of Eventarc Standard triggers for internal HTTP endpoints. VPC Service Controls protection does not apply when routing events to such destinations.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
edgenetwork.googleapis.com
Details
The API for Distributed Cloud Edge Network API can be protected by VPC Service Controls and used normally inside service perimeters.
For more information about Distributed Cloud Edge Network API, refer to the product documentation.
Limitations
The Distributed Cloud Edge Network API integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
firebaseappcheck.googleapis.com
Details
When you configure and exchange Firebase App Check tokens, VPC Service Controls protects only the Firebase App Check service. To protect services that rely on Firebase App Check, you must set up service perimeters for those services.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
firebasedataconnect.googleapis.com
Details
Service perimeters protect only the Firebase Data Connect API. They don't protect access to the underlying data sources (such as Cloud SQL instances). Restricting access on database instances must be configured separately.
For more information about Firebase Data Connect, refer to the product documentation.
Limitations
The Firebase Data Connect integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
firebaserules.googleapis.com
Details
When you manage Firebase Security Rules policies VPC Service Controls protects only the Firebase Security Rules service. To protect services that rely on Firebase Security Rules, you must set up service permiters for those services.
For more information about Firebase Security Rules, refer to the product documentation.
Limitations
The Firebase Security Rules integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudfunctions.googleapis.com
Details
See the Cloud Run functions documentation for setup steps. VPC Service Controls protection does not apply to the build phase when Cloud Run functions are built using Cloud Build. For more details, see the known limitations.
Cloud Run functions uses Cloud Build, Container Registry, and Cloud Storage to build and manage your source code in a runnable container. If any of these services are restricted by the service perimeter, VPC Service Controls blocks the Cloud Run functions build, even if Cloud Run functions is not added as a restricted service to the perimeter. To use Cloud Run functions inside a service perimeter, you must configure an ingress rule for the Cloud Build service account in your service perimeter.
To allow your functions to use external dependencies such as npm packages, Cloud Build has unlimited internet access. This internet access could be used to exfiltrate data that is available at build time, such as your uploaded source code. If you want to mitigate this exfiltration vector, we recommend that you only allow trusted developers to deploy functions. Do not grant Cloud Run functions Owner, Editor, or Developer IAM roles to untrusted developers.
When you specify an ingress or egress policy for a service perimeter, you cannot use ANY_SERVICE_ACCOUNT and ANY_USER_ACCOUNT as an identity type to deploy Cloud Run functions from a local machine.
As a workaround, use ANY_IDENTITY as the identity type.
When Cloud Run functions services are invoked by HTTP triggers, VPC Service Controls policy enforcement does not use the client's IAM authentication information. VPC Service Controls ingress policy rules that use IAM principals are not supported. Access levels for VPC Service Controls perimeters that use IAM principals are not supported.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
iam.googleapis.com
Details
When you restrict IAM with a perimeter, only actions that use the Identity and Access Management API are restricted. These actions include the following:
Managing custom IAM roles
Managing workload identity pools
Managing service accounts and keys
Managing deny policies
Managing policy bindings for principal access boundary policies
The perimeter doesn't restrict actions related to workforce pools and principal access boundary policies because those resources are created at the organization level.
The perimeter also doesn't restrict allow policy management for resources owned by other services, like Resource Manager projects, folders, and organizations or Compute Engine virtual machine instances. To restrict allow policy management for these resources, create a perimeter that restricts the service that owns the resources. For a list of resources that accept allow policies and the services that own them, see Resource types that accept allow policies.
Additionaly, the perimeter around IAM doesn't restrict actions that use other APIs, including the following:
IAM Policy Simulator API
IAM Policy Troubleshooter API
Security Token Service API
Service Account Credentials API (including the legacy signBlob and signJwt methods in the IAM API)
For more information about Identity and Access Management, refer to the product documentation.
Limitations
If you are inside the perimeter, you cannot call the roles.list method with an empty string to list IAM predefined roles. If you need to view predefined roles, see IAM role documentation.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
No. The API for Service Networking cannot be protected by service perimeters. However, Service Networking can be used normally in projects inside a perimeter.
Details
If you're using private service access, we recommend enabling VPC Service Controls for the Service Networking connection.When you enable VPC Service Controls, service producers are restricted to access only the APIs supported by VPC Service Controls over the Service Networking connection.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudkms.googleapis.com
Details
The Cloud KMS API can be protected by VPC Service Controls and the product can be used inside service perimeters. The access to Cloud HSM services is also protected by VPC Service Controls and can be used inside service perimeters.
For more information about Cloud Key Management Service, refer to the product documentation.
Limitations
The Cloud Key Management Service integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudaicompanion.googleapis.com
Details
The API for Gemini Code Assist can be protected by VPC Service Controls and the product can be used normally inside service perimeters. This includes code customization.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
iaptunnel.googleapis.com
Details
The API for Identity-Aware Proxy for TCP can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Identity-Aware Proxy for TCP, refer to the product documentation.
Limitations
Only the usage API of IAP for TCP can be protected by a perimeter. The administrative API cannot be protected by a perimeter.
To use IAP for TCP within a VPC Service Controls service perimeter, you must add or configure some DNS entries to point the following domains to the restricted VIP:
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
lifesciences.googleapis.com
Details
The API for Cloud Life Sciences can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
pubsub.googleapis.com
Details
VPC Service Controls protection applies to all administrator operations, publisher operations, and subscriber operations (except for existing push subscriptions).
In projects protected by a service perimeter, the following limitations apply:
New push subscriptions can't be created unless the push endpoints are set to Cloud Run services with default run.app URLs or a Workflows execution (custom domains don't work). For more information about integrating with Cloud Run, see Using VPC Service Controls.
For non-push subscriptions, you must create a subscription in the same perimeter as the topic or enable egress rules to allow access from the topic to the subscription.
When routing events through Eventarc to Workflows targets for which the push endpoint is set to a Workflows execution, you can only create new push subscriptions through Eventarc.
Pub/Sub subscriptions created prior to the service perimeter are not blocked.
To use Cloud Deploy in a perimeter, you must use a Cloud Build private pool for the target's execution environments. Don't use the default (Cloud Build) worker pool, and don't use a hybrid pool.
Enabling DAG serialization prevents Airflow from displaying a rendered template with functions in the web UI.
Setting the async_dagbag_loader flag to True is not supported while DAG serialization is enabled.
Enabling DAG serialization disables all Airflow web server plugins, as they could risk the security of the VPC network where Cloud Composer is deployed. This doesn't impact the behaviour of scheduler or worker plugins, including Airflow operators and sensors.
When Cloud Composer is running inside a perimeter, access to public PyPI repositories is restricted. In the Cloud Composer documentation, see Installing Python dependencies to learn how to install PyPi modules in Private IP mode.
Cloud Composer doesn't support using third-party identities in ingress and egress rules for Apache Airflow web interface operations. However, you can use the ANY_IDENTITY identity type in ingress and egress rules to allow access to all identities, including third-party identities. For more information about the ANY_IDENTITY identity type, see Ingress and egress rules.
Because VPC Service Controls enforces boundaries at the project level, Cloud Quotas requests that originate from clients within the perimeter can only access organization resources if the organization sets up an egress rule.
When requesting a quota decrease , Cloud Quotas executes a service to service (S2S) call to Monitoring.
This S2S call does not originate from within the perimeter even if the decrease request does, therefore, it will be blocked by VPC Service Controls.
For Artifact Registry and Container Registry, the registry where you store your container must be in the same VPC Service Controls perimeter as the project that you are deploying to. The code being built must be in the same VPC Service Controls perimeter as the registry that the container is being pushed to.
The Cloud Run continuous deployment feature is not available for projects inside a VPC Service Controls perimeter.
When Cloud Run services are invoked, VPC Service Controls policy enforcement does not use the client's IAM authentication information. Such requests have the following limitations:
VPC Service Controls ingress policy rules that use IAM principals are not supported.
Access levels for VPC Service Controls perimeters that use IAM principals are not supported.
VPC Service Controls supports Cloud Scheduler jobs only with the following targets:
Cloud Run run.app endpoints
Cloud Run functions functions.net endpoints
Google Cloud APIs that are VPC Service Controls-compliant (either in Preview or GA)—can be in a different Google Cloud project from your Cloud Scheduler job. However, both the Cloud Scheduler job and target Google Cloud project must be in the same VPC Service Controls perimeter.
When using the Requester Pays feature with a storage bucket inside a service perimeter that protects the Cloud Storage service, you cannot identify a project to pay that is outside the perimeter. The target project must be in the same perimeter as the storage bucket or in a perimeter bridge with the bucket's project.
For projects in a service perimeter, the Cloud Storage page in the Google Cloud console is not accessible if the Cloud Storage API is protected by that perimeter. If you want to grant access to the page, you must create an ingress rule and/or access level that includes the user accounts and/or public IP range that you want to allow to access the Cloud Storage API.
In audit log records, the value for methodName is not always correct. We recommend that you do not filter Cloud Storage audit log records by methodName.
In certain cases, Cloud Storage legacy bucket logs can be written to destinations outside of a service perimeter even when access is denied.
In certain cases, Cloud Storage objects that were public are accessible even after you enable VPC Service Controls on the objects. The objects are accessible until they expire from the built-in caches and any other upstream caches on the network between the end user and Cloud Storage. Cloud Storage caches publicly accessible data by default in the Cloud Storage network. For more information about how Cloud Storage objects are cached, see Cloud Storage For information about the length of time an object may be cached, see Cache-control metadata.
When you specify an ingress or egress policy for a service perimeter, you cannot use ANY_SERVICE_ACCOUNT and ANY_USER_ACCOUNT as an identity type for all Cloud Storage operations using signed URLs.
As a workaround, use ANY_IDENTITY as the identity type.
VPC Service Controls uses the signing credentials of the user or service account that signed the Signed URL to evaluate VPC Service Controls checks, not the caller or user credential initiating the connection.
VPC Service Controls does not support adding folder-level or organization-level resources to service perimeters. Therefore, while you can enable Storage Intelligence at the folder, organization, or project level, VPC Service Controls only protects project-level resources. To manage Storage Intelligence at the folder-level or organization-level, we recommend using IAM.
Service perimeters protect only the Cloud SQL Admin API. They do not protect IP-based data access to Cloud SQL instances. You need to use an organization policy constraint to restrict public IP access on Cloud SQL instances.
Before you configure VPC Service Controls for Cloud SQL, enable the Service Networking API.
Cloud SQL imports and exports can only perform reads and writes from a Cloud Storage bucket within the same service perimeter as the Cloud SQL replica instance.
Even if you create an egress rule to allow calls to public URLs from within VPC Service Controls perimeters, Cloud Vision API blocks calls to public URLs.
Because the Container Scanning API is a surfaceless API that stores the results in Artifact Analysis, you do not need to protect the API with a service perimeter.
When you specify an ingress or egress policy for a service perimeter, you cannot use ANY_SERVICE_ACCOUNT and ANY_USER_ACCOUNT as an identity type for all Container Registry operations.
As a workaround, use ANY_IDENTITY as the identity type.
In addition to the containers inside a perimeter that are available to Container Registry, the following read-only repositories are available to all projects regardless of any restrictions enforced by service perimeters:
gcr.io/anthos-baremetal-release
gcr.io/asci-toolchain
gcr.io/cloud-airflow-releaser
gcr.io/cloud-builders
gcr.io/cloud-dataflow
gcr.io/cloud-ingest
gcr.io/cloud-marketplace
gcr.io/cloud-ssa
gcr.io/cloudsql-docker
gcr.io/config-management-release
gcr.io/deeplearning-platform-release
gcr.io/foundry-dev
gcr.io/fn-img
gcr.io/gae-runtimes
gcr.io/serverless-runtimes
gcr.io/gke-node-images
gcr.io/gke-release
gcr.io/gkeconnect
gcr.io/google-containers
gcr.io/kubeflow
gcr.io/kubeflow-images-public
gcr.io/kubernetes-helm
gcr.io/istio-release
gcr.io/ml-pipeline
gcr.io/projectcalico-org
gcr.io/rbe-containers
gcr.io/rbe-windows-test-images
gcr.io/speckle-umbrella
gcr.io/stackdriver-agents
gcr.io/tensorflow
gcr.io/vertex-ai
gcr.io/vertex-ai-restricted
gke.gcr.io
k8s.gcr.io
In all cases, the multi-regional versions of these repositories are also available.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
container.googleapis.com
Details
The Google Kubernetes Engine API can be protected by VPC Service Controls and the product can be used normally inside service perimeters. This compatibility includes the protection of the DNS endpoint for GKE, which is a service for accessing the cluster's control plane and uses the *.gke.goog domain.
When you restrict the container.googleapis.com service in a perimeter, the perimeter also restricts the DNS endpoint for GKE.
For more information about Google Kubernetes Engine, refer to the product documentation.
Limitations
To fully protect the GKE API, you must include the Kubernetes Metadata API (kubernetesmetadata.googleapis.com) as well in your perimeter.
Only private clusters can be protected using VPC Service Controls. Clusters with public IP addresses are not supported by VPC Service Controls.
The GKE service entry in this table only specifies the control of the GKE API itself. GKE relies on several other underlying services for its operation, such as Compute Engine, Cloud Logging, Cloud Monitoring, and the Autoscaling API (autoscaling.googleapis.com). To effectively secure your GKE environments with VPC Service Controls, you must ensure that all necessary underlying services are also included within your service perimeter. See the GKE documentation for a complete list of these services.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
containerfilesystem.googleapis.com
Details
Image streaming is a GKE data streaming feature that provides shorter container image pull times for images stored in Artifact Registry. If VPC Service Controls protects your container images and you use Image streaming, you must also include the Image streaming API in the service perimeter.
Fleet management APIs, including the Connect gateway, can be protected with VPC Service Controls, and fleet management features can be used normally inside service perimeters. For more information, see the following:
Although all fleet management features can be used normally, enabling a service perimeter around the Stackdriver API restricts the Policy Controller fleet feature from integrating with Security Command Center.
When using the Connect gateway to access GKE clusters, VPC Service Controls perimeter for container.googleapis.com is not enforced.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudresourcemanager.googleapis.com
Details
The following Cloud Resource Manager API methods can be protected by VPC Service Controls:
Only tag keys directly parented by a project resource and corresponding tag values can be protected using VPC Service Controls. When a project is added to a VPC Service Controls perimeter, all tag keys and corresponding tag values under the project are considered to be resources within the perimeter.
Tag keys parented by an organization resource and their corresponding tag values can't be included in a VPC Service Controls perimeter and can't be protected using VPC Service Controls.
Clients inside a VPC Service Controls perimeter can't access tag keys and corresponding values parented by an organization resource, unless an egress rule allowing access is set on the perimeter. For more information about setting egress rules, see Ingress and egress rules.
Tag bindings are considered resources within the same perimeter as the resource to which the tag value is bound. For example, the tag bindings on a Compute Engine instance in a project is considered to belong to that project regardless of where the tag key is defined.
Some services such as Compute Engine allow creating tag bindings using their own service APIs, in addition to the Resource Manager service APIs. For example, adding tags to a Compute Engine VM during resource creation. To protect tag bindings created or deleted using these service APIs, add the corresponding service, such as compute.googleapis.com, to the list of restricted services in the perimeter.
Tags support method-level restrictions, so you can scope the method_selectors to specific API methods. For a list of restrictable methods, see Supported service method restrictions.
Granting the owner role on a project through Google Cloud console is now supported by VPC Service Controls. You cannot send an owner invitation or accept an invitation outside service perimeters. If you try to accept an invitation from outside the perimeter you will not be granted the owner role and there will not be any error or warning message displayed.
Aggregated log sinks (folder or organization sinks where includeChildren is true) can access data from projects inside a service perimeter. To restrict aggregated log sinks from accessing data inside a perimeter, we recommend using IAM to manage Logging permissions at the folder-level or organization-level aggregated log sinks.
VPC Service Controls does not support adding folder or organization resources to service perimeters. Therefore, you cannot use VPC Service Controls to protect folder-level and organization-level logs, including aggregate logs. To manage Logging permissions at the folder level or organizational level, we recommend using IAM.
If you route logs, using an organization-level or folder-level log sink, to a resource that a service perimeter protects, then you must add an ingress rule to the service perimeter. The ingress rule must allow access to the resource from the service account that the log sink uses. This step is not necessary for project-level sinks.
For more information, refer to the following pages:
When you specify an ingress or egress policy for a service perimeter, you cannot use ANY_SERVICE_ACCOUNT and ANY_USER_ACCOUNT as an identity type to export logs from a Cloud Logging sink to a Cloud Storage resource.
As a workaround, use ANY_IDENTITY as the identity type.
Notification channels, alerting policies, and custom metrics can be used together to exfiltrate data/metadata. As of today, a user of Monitoring can set up a notification channel that points to an entity outside of the organization e.g. "baduser@badcompany.com". The user then sets up custom metrics and corresponding alert policies that utilize the notification channel. As a result, by manipulating the custom metrics, the user can trigger alerts and send alert firing notifications, exfiltrating sensitive data to baduser@badcompany.com, outside of the VPC Service Controls perimeter.
Any Compute Engine or AWS VMs with the Monitoring Agent installed must be inside the VPC Service Controls perimeter or agent metric writes will fail.
Any GKE Pods must be inside the VPC Service Controls perimeter or GKE Monitoring will not work.
When querying metrics for a metrics scope, only the VPC Service Controls perimeter of the scoping project for the metric scope is considered. The perimeters of the individual monitored projects in the metrics scope aren't considered.
A project can only be added as a monitored project to an existing metrics scope if that project is in the same VPC Service Controls perimeter as the metrics scope's scoping project.
To access Monitoring in the Google Cloud console for a host project that is protected by a service perimeter, use an ingress rule.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
language.googleapis.com
Details
For more information about Natural Language API, refer to the product documentation.
Limitations
Because Natural Language API is a stateless API and doesn't run on projects, using VPC Service Controls to protect Natural Language API does not have any effect.
VPC Service Controls doesn't support access to folder-level or organization-level Cloud Asset API resources from resources and clients inside a service perimeter. VPC Service Controls protects project-level Cloud Asset API resources. You can specify an egress policy to prevent access to project-level Cloud Asset API resources from projects inside the perimeter.
VPC Service Controls doesn't support adding folder-level or organization-level Cloud Asset API resources into a service perimeter. You cannot use a perimeter to protect folder-level or organization-level Cloud Asset API resources. To manage Cloud Asset Inventory permissions at the folder or organization level, we recommend using IAM.
Cloud Translation - Advanced (v3) supports VPC Service Controls but not Cloud Translation - Basic (v2). To apply VPC Service Controls, you must use Cloud Translation - Advanced (v3). For more information about the different editions, see Compare Basic and Advanced.
To protect input endpoints with a service perimeter, you must follow the instructions for setting up a private pool and send input video streams over a private connection.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
storagetransfer.googleapis.com
Details
We recommend placing your Storage Transfer Service project within the same service perimeter as your Cloud Storage resources. This protects both your transfer and your Cloud Storage resources. Storage Transfer Service also supports scenarios where the Storage Transfer Service project is not in the same perimeter as your Cloud Storage buckets, using an egress policy.
When you call the Service Control API from a VPC network in a service perimeter with Service Control restricted to report billing or analytics metrics, you can only use the Service Control report method to report metrics for VPC Service Controls supported services.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
redis.googleapis.com
Details
The API for Memorystore for Redis can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Memorystore for Redis, refer to the product documentation.
Limitations
Service perimeters protect only the Memorystore for Redis API. Perimeters do not protect normal data access on Memorystore for Redis instances within the same network.
If the Cloud Storage API is also protected, then Memorystore for Redis import and export operations can only read and write to a Cloud Storage bucket within the same service perimeter as the Memorystore for Redis instance.
If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Redis instance inside the same perimeter in order for Redis requests to succeed. At any time, separating the host project and service project with a perimeter can cause a Redis instance failure, in addition to blocked requests. For more information, see Memorystore for Redis configuration requirements.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
memcache.googleapis.com
Details
The API for Memorystore for Memcached can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Memorystore for Memcached, refer to the product documentation.
Limitations
Service perimeters protect only the Memorystore for Memcached API. Perimeters do not protect normal data access on Memorystore for Memcached instances within the same network.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
memorystore.googleapis.com
Details
Service perimeters protect only the Memorystore for Valkey API. Perimeters do not protect normal data access on Memorystore for Valkey instances within the same network.
If the Cloud Storage API is also protected, then Memorystore for Valkey import and export operations can only read and write to a Cloud Storage bucket within the same service perimeter as the Memorystore for Valkey instance.
If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Redis instance inside the same perimeter in order for Redis requests to succeed. At any time, separating the host project and service project with a perimeter can cause a Redis instance failure, in addition to blocked requests. For more information, see Memorystore for Valkey configuration requirements.
The Memorystore for Valkey API is memorystore.googleapis.com. For this reason, the display name for Memorystore for Valkey is "Memorystore API" when using the VPC Service Controls in the Google Cloud console.
For more information about Memorystore for Valkey, refer to the product documentation.
Limitations
The Memorystore for Valkey integration with VPC Service Controls has no known limitations.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
No. The API for Transfer Appliance cannot be protected by service perimeters. However, Transfer Appliance can be used normally in projects inside a perimeter.
Details
Transfer Appliance is fully supported for projects using VPC Service Controls.
Transfer Appliance doesn't offer an API, and therefore does not support API-related features in VPC Service Controls.
When Cloud Storage is protected by VPC Service Controls, the Cloud KMS key you share with the Transfer Appliance Team must be within the same project as the destination Cloud Storage bucket.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
orgpolicy.googleapis.com
Details
The API for Organization Policy Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Organization Policy Service, refer to the product documentation.
Limitations
VPC Service Controls doesn't support access restrictions to folder-level or organization-level organization policies that are inherited by the project. VPC Service Controls protects project-level Organization Policy Service API resources.
For example, if an ingress rule restricts a user from accessing the Organization Policy Service API, that user gets a 403 error when querying for organization policies enforced on the project. However, the user is still able to access the organization policies of the folder and organization containing the project.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
oslogin.googleapis.com
Details
You can call the OS Login API from within VPC Service Controls perimeters. To manage OS Login from within VPC Service Controls perimeters, set up OS Login.
SSH connections to VM instances are not protected by VPC Service Controls.
The OS Login methods for reading and writing SSH keys don't enforce VPC Service Controls perimeters. Use VPC accessible services to disable access to OS Login APIs.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
servicehealth.googleapis.com
Details
The API for Personalized Service Health can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Personalized Service Health, refer to the product documentation.
Limitations
VPC Service Controls does not support the OrganizationEvents and OrganizationImpacts resources of the Service Health API. Therefore, VPC Service Controls policy checks won't occur when you call the methods for these resources. However, you can call the methods from a service perimeter using a restricted VIP.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
osconfig.googleapis.com
Details
You can call the OS Config API from within VPC Service Controls perimeters. To use VM Manager from within VPC Service Controls perimeters, set up VM Manager.
To fully protect VM Manager, you must include all of the following APIs in your perimeter:
OS Config API (osconfig.googleapis.com)
Compute Engine API (compute.googleapis.com)
Artifact Analysis API (containeranalysis.googleapis.com)
VM Manager does not host package and patch content. OS patch management uses the update tools for the operating system which require that package updates and patches are retrievable on the VM. For patching to work, you might need to use Cloud NAT or host your own package repository or Windows Server Update Service within your Virtual Private Cloud.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
workflows.googleapis.com
Details
Workflows is an orchestration platform that can combine Google Cloud Platform services and HTTP-based APIs to execute services in an order that you define.
When you protect the Workflows API using a service perimeter, the Workflow Executions API is also protected. You do not need to separately add workflowexecutions.googleapis.com to your perimeter's list of protected services.
HTTP requests from a Workflows execution are supported as follows:
Authenticated requests to VPC Service Controls-compliant Google Cloud endpoints are allowed.
Requests to Cloud Run functions and Cloud Run service endpoints are allowed.
Requests to third-party endpoints are blocked.
Requests to non-VPC Service Controls-compliant Google Cloud endpoints are blocked.
Service perimeters protect only the Filestore API. Perimeters do not protect normal NFS data access on Filestore instances within the same network.
If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Filestore instance inside the same perimeter for the Filestore instance to function correctly. Separating the host project and service project with a perimeter might cause the existing instances to become unavailable and might not create new instances.
If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Parallelstore instance inside the same perimeter for the Parallelstore instance to function correctly. Separating the host project and service project with a perimeter might cause the existing instances to become unavailable and might not create new instances.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Ads Data Hub and VPC Service Controls are subject to different terms of service. Review the terms of each product for details.
Certain Ads Data Hub features (such as custom audience activation, custom bidding, and LiveRamp match tables) require certain user data to be exported outside of the VPC Service Controls perimeter. If Ads Data Hub is added as a restricted service, it will bypass VPC Service Controls policies for these features in order to retain their functionality.
All dependent services must be included as allowed services in the same VPC Service Controls perimeter. For example, since Ads Data Hub relies on BigQuery, BigQuery must also be added. In general, VPC Service Controls best practices recommend including all services in the perimeter, i.e. “restricting all services”.
Customers with multi-tier Ads Data Hub account structures (such as agencies with subsidiaries) should have all of their admin projects in the same perimeter. For simplicity, Ads Data Hub recommends that customers with multi-tier account structures restrict their admin projects to the same Google Cloud organization.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
sts.googleapis.com
Details
VPC Service Controls only restricts token exchanges if the audience in the request is a project-level resource. For example, VPC Service Controls doesn't restrict requests for downscoped tokens, because those requests have no audience. VPC Service Controls also doesn't restrict requests for Workforce Identity Federation because the audience is an organization-level resource.
For more information about Security Token Service, refer to the product documentation.
Limitations
When you create an ingress or egress rule to allow token exchanges, you must set the identity type to ANY_IDENTITY because the token method has no authorization.
The firestore.googleapis.com, datastore.googleapis.com, and firestorekeyvisualizer.googleapis.com services are bundled together. When you restrict the firestore.googleapis.com service in a perimeter, the perimeter also restricts the datastore.googleapis.com and firestorekeyvisualizer.googleapis.com services. You don't need to separately add these services to your perimeter's list of protected services.
App Engine legacy bundled services for Datastore do not support service perimeters. Protecting the Datastore service with a service perimeter blocks traffic from App Engine legacy bundled services. Legacy bundled services include:
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
backupdr.googleapis.com
Details
The API for Backup and DR Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Backup and DR Service, refer to the product documentation.
Limitations
If you remove the internet default route from the service producer project using the command gcloud services vpc-peerings enable-vpc-service-controls, then you may not be able to access or deploy the management console. If you encounter this issue, contact Google Cloud Customer Care.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
retail.googleapis.com
Details
The API for Retail API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
integrations.googleapis.com
Details
Application Integration is a collaborative workflow management system that allows you to create, augment, debug and understand core business system workflows. The workflows on the Application Integration are made up of triggers and tasks. There are several kinds of triggers such as api trigger/Pub/Sub trigger/cron trigger/sfdc trigger.
For more information about Application Integration, refer to the product documentation.
Limitations
VPC Service Controls protects Application Integration logs. If you use Application Integration, verify the support for vpcsc integration with the Application Integration team.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
connectors.googleapis.com
Details
The API for Integration Connectors can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Integration Connectors, refer to the product documentation.
Limitations
When using VPC Service Controls, if your connection is connecting to a non-Google Cloud CLI resource, the destination of the connection must be a Private Service Connect attachment. Connections created without the Private Service Connect attachment fail.
If you set up a VPC Service Controls service perimeter for your Google Cloud CLI project, you can't use the event subscription feature for the project.
Notifications sent when a new or reoccurring error group is found contain information about the error group. To prevent data exfiltration outside of the VPC Service Controls perimeter, ensure that notification channels are within your organization.
To fully protect Cloud Workstations, you must restrict the Compute Engine API in your service perimeter whenever you restrict the Cloud Workstations API.
Ensure that Google Cloud Storage API, Google Container Registry API, and Artifact Registry API are VPC accessible in your service perimeter. This is needed to pull images onto your workstation. We also recommended that you allow Cloud Logging API and Cloud Error Reporting API to be VPC accessible in your service perimeter, although this is not required to use Cloud Workstations.
Ensure that your workstation cluster is private. Configuring a private cluster prevents connections to your workstations from outside your VPC service perimeter.
Ensure that you disable public IP addresses in your workstation configuration. Failing to do so results in VMs with public IP addresses in your project. We strongly recommend that you use the constraints/compute.vmExternalIpAccess organization policy constraint to disable public IP addresses for all VMs in your VPC service perimeter. For details, see Restricting external IP addresses to specific VMs.
While connecting to your workstation, access control is only based on whether the private network you are connecting from belongs to the security perimeter. Access control based on device, public IP address, or location is not supported.
Cloud IDS uses Cloud Logging to create threat logs in your project. If Cloud Logging is restricted by the service perimeter, VPC Service Controls blocks the Cloud IDS threat logs, even if Cloud IDS is not added as a restricted service to the perimeter. To use Cloud IDS inside a service perimeter, you must configure an ingress rule for the Cloud Logging service account in your service perimeter.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
policytroubleshooter.googleapis.com
Details
When you restrict the Policy Troubleshooter API with a perimeter, principals can troubleshoot IAM allow policies only if all resources involved in the request are in the same perimeter. There are usually two resources involved in a troubleshooting request:
The resource you're troubleshooting access for. This resource can be any type. You explicitly specify this resource when you troubleshoot an allow policy.
The resource you're using to troubleshoot access. This resource is a project, folder, or organization. In the Google Cloud console and gcloud CLI, this resource is inferred based on the project, folder, or organization you have selected. In the REST API, you specify this resource using the x-goog-user-project header.
This resource can be the same as the resource that you're troubleshooting access for, but it doesn't need to be.
If these resources aren't in the same perimeter, the request fails.
For more information about Policy Troubleshooter, refer to the product documentation.
Limitations
The Policy Troubleshooter integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
policysimulator.googleapis.com
Details
When you restrict the Policy Simulator API with a perimeter, principals can simulate allow policies only if certain resources involved in the simulation are in the same perimeter. There are several resources involved in a simulation:
The resource whose allow policy you're simulating. This resource is also called the target resource. In the Google Cloud console, this is the resource whose allow policy you're editing. In the gcloud CLI and REST API, you explicitly specify this resource when you simulate an allow policy.
The project, folder, or organization that creates and runs the simulation. This resource is also called the host resource. In the Google Cloud console and gcloud CLI, this resource is inferred based on the project, folder, or organization you have selected. In the REST API, you specify this resource using the x-goog-user-project header.
This resource can be the same as the resource that you're simulating access for, but it doesn't need to be.
The resource that provides access logs for the simulation. In a simulation, there is always one resource that provides access logs for the simulation. This resource varies depending on the target resource type:
If you are simulating an allow policy for a project or organization, Policy Simulator retrieves the access logs for that project or organization.
If you are simulating an allow policy for a different type of resource, Policy Simulator retrieves the access logs for that resource's parent project or organization.
If you are simulating multiple resources' allow policies at once, Policy Simulator retrieves the access logs for the resources' nearest common project or organization.
All supported resources with relevant allow policies. When Policy Simulator runs a simulation, it considers all allow policies that might impact the user's access, including allow policies on the target resource's ancestor and descendant resources. As a result, these ancestor and descendant resources are also involved in simulations.
If the target resource and the host resource aren't in the same perimeter, the request fails.
If the target resource and the resource that provides access logs for the simulation aren't in the same perimeter, the request fails.
If the target resource and some supported resources with relevant allow policies aren't in the same perimeter, the requests succeeds, but the results might be incomplete. For example, if you're simulating a policy for a project in a perimeter, the results won't include the allow policy of the project's parent organization, because organizations are always outside of VPC Service Controls perimeters. To get more complete results, you can configure ingress and egress rules for the perimeter.
To fully protect Identity Platform, add the Secure Token API (securetoken.googleapis.com) to the service perimeter to allow token refresh. securetoken.googleapis.com is not listed on the VPC Service Controls page of the Google Cloud console. You can only add this service with the gcloud access-context-manager perimeters update command.
If your application also integrates with the blocking functions feature, add Cloud Run functions (cloudfunctions.googleapis.com) to the service perimeter.
The use of SMS-based multi-factor authentication (MFA), email authentication, or third-party identity providers causes data to be sent out of the perimeter. If you don't use MFA with SMS, email authentication, or third-party identity providers, disable these features.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
No. The API for Google Distributed Cloud (software only) for bare metal cannot be protected by service perimeters. However, Google Distributed Cloud (software only) for bare metal can be used normally in projects inside a perimeter.
Details
You can create a cluster in your environment, which is connected to VPC using Cloud Interconnect or Cloud VPN.
For more information about Google Distributed Cloud (software only) for bare metal, refer to the product documentation.
Limitations
To protect your clusters, use Restricted VIP in Google Distributed Cloud (software only) for bare metal, and add all of the following APIs to the service perimeter:
Artifact Registry API (artifactregistry.googleapis.com)
Google Cloud Resource Manager API (cloudresourcemanager.googleapis.com)
Compute Engine API (compute.googleapis.com)
Connect Gateway API (connectgateway.googleapis.com)
Google Container Registry API (containerregistry.googleapis.com)
GKE Connect API (gkeconnect.googleapis.com)
GKE Hub API (gkehub.googleapis.com)
GKE On-Prem API (gkeonprem.googleapis.com)
Cloud IAM API (iam.googleapis.com)
Cloud Logging API (logging.googleapis.com)
Cloud Monitoring API (monitoring.googleapis.com)
Config Monitoring for Ops API (opsconfigmonitoring.googleapis.com)
Service Control API (servicecontrol.googleapis.com)
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
looker.googleapis.com
Details
The API for Looker (Google Cloud core) can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Looker (Google Cloud core), refer to the product documentation.
Limitations
Only Enterprise or Embed editions of Looker (Google Cloud core) instances using private IP connections support VPC Service Controls compliance. Looker (Google Cloud core) instances with public IP connections or both public and private IP connections do not support VPC Service Controls compliance. To create an instance that uses a private IP connection, select Private IP in the Networking section of the Create instance page of the Google Cloud console.
When placing or creating a Looker (Google Cloud core) instance inside a VPC Service Controls service perimeter, you must remove the default route to the internet by calling the services.enableVpcServiceControls method or by running the following gcloud command:
Removing the default route restricts outgoing traffic to only VPC Service Controls compliant services. For example, sending email will fail because the API that is used to send email is not VPC Service Controls compliant.
If you're using Shared VPC, ensure that you either include the Looker (Google Cloud core) service project in the same service perimeter as the Shared VPC host project or create a perimeter bridge between the two projects. If the Looker (Google Cloud core) service project and the Shared VPC host project are not in same perimeter or cannot communicate through a perimeter bridge, instance creation could fail or the Looker (Google Cloud core) instance may not function properly.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
storagebatchoperations.googleapis.com
Details
To use VPC Service Controls with storage batch operations, create a service perimeter to protect the following project and Google Cloud services:
Cloud Storage project
Storage batch operations API (storagebatchoperations.googleapis.com)
Cloud Storage API (storage.googleapis.com)
Optional: Cloud KMS API (cloudkms.googleapis.com), if you use the object encryption key updates job type.
To allow access to storage batch operations from outside the perimeter, you must configure ingress policies.
For more information about Storage batch operations, refer to the product documentation.
Limitations
The Storage batch operations integration with VPC Service Controls has no known limitations.
The APIs for Security Command Center can be protected by VPC Service Controls, and Security Command Center can be used normally inside service perimeters.
The securitycenter.googleapis.com and securitycentermanagement.googleapis.com services are bundled together. When you restrict the securitycenter.googleapis.com service in a perimeter, the perimeter restricts the securitycentermanagement.googleapis.com service by default. You cannot add the securitycentermanagement.googleapis.com service to the list of restricted services in a perimeter because it is bundled with securitycenter.googleapis.com.
For more information about Security Command Center, refer to the product documentation.
Limitations
VPC Service Controls doesn't support access to folder-level or organization-level Security Command Center API resources from resources and clients inside a service perimeter. VPC Service Controls protects project-level Security Command Center API resources. You can specify an egress policy to prevent access to project-level Security Command Center API resources from projects inside the perimeter.
VPC Service Controls doesn't support adding folder-level or organization-level Security Command Center API resources into a service perimeter. You cannot use a perimeter to protect folder-level or organization-level Security Command Center API resources. To manage Security Command Center permissions at the folder or organization level, we recommend using IAM.
VPC Service Controls doesn't support the security posture service because security posture resources (such as postures, posture deployments, and predefined posture templates) are organization-level resources.
You cannot export findings at the folder or organization level into destinations inside a service perimeter.
You must enable perimeter access in the following scenarios:
When you enable finding notifications at the folder or organization level and the Pub/Sub topic is inside a service perimeter.
When you export data to BigQuery from the folder or organization level and BigQuery is inside a service perimeter.
When you integrate Security Command Center with a SIEM or SOAR product and the product is deployed inside a service perimeter in a Google Cloud Platform environment. Supported SIEMs and SOARs include Splunk and IBM QRadar.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudsupport.googleapis.com
Details
The API for Cloud Customer Care can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
discoveryengine.googleapis.com
Details
The API for AI Applications - Vertex AI Search can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about AI Applications - Vertex AI Search, refer to the product documentation.
Limitations
If you configure the Vertex AI Search widget for public access (that is, without an OAuth token), then calls to the API backend are made through a Google-managed service agent. Because this traffic doesn't carry your authentication token, the request can effectively bypass your organization's configured VPC Service Controls ingress rules. Even if you protect the discoveryengine.googleapis.com service inside a VPC Service Controls perimeter, a widget with public access can still be reached from outside that perimeter. If your organization requires VPC Service Controls enforcement to protect sensitive data, don't enable a widget that has public access.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
ssh-serialport.googleapis.com
Details
To use VPC Service Controls protection when connecting to the serial console for a virtual machine (VM) instance, you need to specify an ingress rule for the service perimeter. When setting up the ingress rule, the access level for the source must be an IP-based value and the service name set to ssh-serialport.googleapis.com. The ingress rule is required to access the serial console even if the source request and target resource are in the same perimeter.
For more information about Google Cloud VMware Engine, refer to the product documentation.
Limitations
When adding existing VMware Engine networks, Private Clouds, Network Policies, and VPC Peering to a VPC Service Perimeter, previously created resources are not checked again to see if they still comply with the perimeter's policies.
To use VPC Service Controls protection for Dataform, you must set the `dataform.restrictGitRemotes` organization policy and restrict BigQuery with the same service perimeter as Dataform. You should ensure that Identity and Access Management permissions granted to your service accounts used in Dataform reflect your security architecture.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
websecurityscanner.googleapis.com
Details
Web Security Scanner and VPC Service Controls are subject to different terms of service. Review the terms of each product for details.
Web Security Scanner sends the findings to Security Command Center on demand. You can view or download the data from the Security Command Center dashboard.
For more information about Web Security Scanner, refer to the product documentation.
Limitations
The Web Security Scanner integration with VPC Service Controls has no known limitations.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
securesourcemanager.googleapis.com
Details
You need to configure Certificate Authority Service with a working certificate authority before creating Secure Source Manager VPC Service Controls instances.
You need to configure Private Service Connect before accessing the Secure Source Manager VPC Service Controls instance.
For more information about Secure Source Manager, refer to the product documentation.
Limitations
SERVICE_NOT_ALLOWED_FROM_VPC audit log violation caused by GKE limitations can be ignored.
To open the VPC Service Controls web interface with a browser, the browser needs access to the following URLs:
The APIs for Secure Web Proxy can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
If you provision your proxy with a certificate, then you must also include the Certificate Manager API (certificatemanager.googleapis.com) in your service perimeter.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudcontrolspartner.googleapis.com
Details
The Cloud Controls Partner API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Partner console in Sovereign Controls by Partners, refer to the product documentation.
Limitations
This service must be restricted for all non-partners. If you're a partner supporting Sovereign Controls by Partners, you can protect this service using a service perimeter.
The earthengine.googleapis.com and earthengine-highvolume.googleapis.com services are bundled together. When you restrict the earthengine.googleapis.com service in a perimeter, the perimeter restricts the earthengine-highvolume.googleapis.com service by default. You cannot add the earthengine-highvolume.googleapis.com service to the list of restricted services in a perimeter because it is bundled with earthengine.googleapis.com.
The Earth Engine Code Editor, a web-based IDE for the Earth Engine JavaScript API, is not supported and VPC Service Controls doesn't allow using the Earth Engine Code Editor with resources and clients inside a service perimeter.
Legacy assets are not protected by VPC Service Controls.
Earth Engine Apps are not supported for resources and clients inside a service perimeter.
VPC Service Controls is only available for Premium and Professional Earth Engine pricing plans. For more information about pricing plans, see Earth Engine plans.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
apphub.googleapis.com
Details
App Hub enables you to discover and organize infrastructure resources into applications. You can use VPC Service Controls perimeters to protect the App Hub resources.
You must set up VPC Service Controls on the App Hub host and service projects before you create an application and register services and workloads to the application. App Hub supports the following resource types:
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudcode.googleapis.com
Details
The Cloud Code API can be protected by VPC Service Controls. To use Gemini-powered features in Cloud Code, an ingress policy must be configured to allow traffic from IDE clients. See the Gemini documentation for details.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
commerceorggovernance.googleapis.com
Details
VPC Service Controls perimeter protects the Commerce Org Governance API for Google Private Marketplace.
For more information about Commerce Org Governance API, refer to the product documentation.
Limitations
Resources such as procurement request and access request, which the Commerce Org Governance API creates at the project level, surface up to the organization level and are reviewed by the Organization Administrator without enforcing VPC Service Controls policies.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
contactcenteraiplatform.googleapis.com
Details
To restrict the internet traffic, use organization policies. Invoke the CREATE or UPDATE methods of the Google Cloud Contact Center as a Service API to apply the organization policy constraints manually.
For more information about Google Cloud Contact Center as a Service, refer to the product documentation.
Limitations
The Google Cloud Contact Center as a Service integration with VPC Service Controls has no known limitations.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
privilegedaccessmanager.googleapis.com
Details
The API for Privileged Access Manager can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Privileged Access Manager, refer to the product documentation.
Limitations
VPC Service Controls doesn't support adding folder-level or organization-level resources into a service perimeter. You can't use a perimeter to protect folder-level or organization-level Privileged Access Manager resources. VPC Service Controls protects project-level Privileged Access Manager resources.
To protect Privileged Access Manager, you need to include the following APIs in your perimeter:
Privileged Access Manager API (privilegedaccessmanager.googleapis.com)
Cloud Resource Manager API (cloudresourcemanager.googleapis.com)
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
auditmanager.googleapis.com
Details
The API for Audit Manager can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
You can't use a perimeter to protect folder-level or organization-level Audit Manager resources. To manage Audit Manager permissions at the folder or organization level, we recommend using IAM.
If you run an audit at the project level, the project is protected by a perimeter, and the Cloud Storage bucket is not inside the same perimeter, configure an egress rule for the project that contains the Cloud Storage bucket.
When you enable VPC Service Controls on a Google Cloud Platform project that contains a Google Agentspace app, you're blocked from creating or using Google Agentspace actions by default, and any attempt to create an action in the UI is prohibited. To enable and use actions for specific services within your VPC Service Controls perimeter, you must contact your Google representative and request to be added to the allowlist.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
discoveryengine.googleapis.com
Details
The API for Google Agentspace - NotebookLM for enterprise can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Google Agentspace - NotebookLM for enterprise, refer to the product documentation.
Limitations
The Google Agentspace - NotebookLM for enterprise integration with VPC Service Controls has no known limitations.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
developerconnect.googleapis.com
Details
The API for Developer Connect can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
modelarmor.googleapis.com
Details
The API for Model Armor can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
addressvalidation.googleapis.com
Details
The API for Address Validation can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
places.googleapis.com
Details
The API for Places (New) can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
GA. This product integration is fully supported by VPC Service Controls.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
managedkafka.googleapis.com
Details
The API for Google Cloud Managed Service for Apache Kafka can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
For more information about Google Cloud Managed Service for Apache Kafka, refer to the product documentation.
Limitations
Managed Service for Apache Kafka relies on underlying networking services. To help protect this service, make sure that all necessary services are also included within your service perimeter:
Compute Engine API (compute.googleapis.com)
Cloud DNS API (dns.googleapis.com)
To help protect a Kafka Connect connector, include any services the connector calls in your perimeter. Depending on the connector type, the connector might call one of the following services:
Preview. The integration of this product with VPC Service Controls is in Preview and is ready for broader testing and use, but is not fully supported for production environments.
Protect with perimeters?
Yes. You can configure your perimeters to protect this service.
Service name
cloudsecuritycompliance.googleapis.com
Details
The API for Compliance Manager can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
You can't use a perimeter to help protect Compliance Manager resources at the folder level or organization level. To manage Compliance Manager permissions at the folder or organization level, use IAM.
The restricted virtual IP (VIP) provides a way for VMs that are inside a service perimeter to make calls to Google Cloud Platform services without exposing the requests to the internet. For a complete list of the services available on the restricted VIP, see Services supported by the restricted VIP.
Unsupported services
Attempting to restrict an unsupported service using the gcloud command-line tool or the Access Context Manager API will result in an error.
Cross-project access to data of supported services will be blocked by VPC Service Controls. Additionally, the restricted VIP can be used to block the ability of workloads to call unsupported services.
Other known limitations
This section describes known limitations with certain Google Cloud services, products, and interfaces that can be encountered when using VPC Service Controls.
For limitations with products that are supported by VPC Service Controls, refer to the Supported Products table.
For more information on resolving issues with VPC Service Controls, refer to the Troubleshooting page.
AutoML API
When you use the AutoML API with VPC Service Controls, the following limitations apply:
You cannot add the supported regional endpoints, such as eu-automl.googleapis.com, to the list of restricted services in a perimeter. When you protect the automl.googleapis.com service, the perimeter protects the supported regional endpoints, such as eu-automl.googleapis.com, as well.
When you use a service perimeter to protect automl.googleapis.com, access to all of the AutoML products that are integrated with VPC Service Controls and used inside the perimeter are impacted. You must configure your VPC Service Controls perimeter for all integrated AutoML products that are used inside that perimeter.
To fully protect the AutoML API, include all of the following APIs in your perimeter:
AutoML API (automl.googleapis.com)
Cloud Storage API (storage.googleapis.com)
Compute Engine API (compute.googleapis.com)
BigQuery API (bigquery.googleapis.com)
App Engine
App Engine (both standard environment and flexible environment) is not supported by VPC Service Controls. Don't include App Engine projects in service perimeters.
However, it is possible to allow App Engine apps created in projects outside service perimeters to read and write data to protected services inside perimeters. To allow your app to access the data of protected services, create an access level that includes the project's App Engine service account. This does not enable App Engine to be used inside service perimeters.
Bare Metal Solution
Connecting VPC Service Controls to your Bare Metal Solution environment doesn't uphold any service control guarantees.
The Bare Metal Solution API can be added to a secure perimeter. However, the VPC Service Controls perimeters don't extend to the Bare Metal Solution environment in the regional extensions.
Blockchain Node Engine
VPC Service Controls only protects the Blockchain Node Engine API. When a node is created, you must still indicate that it is meant for a user-configured private network with Private Service Connect.
The peer-to-peer traffic is not affected by VPC Service Controls or Private Service Connect and will continue to use the public internet.
Client libraries
The Java and Python client libraries for all supported services are fully supported for access using the restricted VIP. Support for other languages is at the Alpha stage and should be used for testing purposes only.
Clients must use client libraries that have been updated as of November 1, 2018 or later.
Service account keys or OAuth2 client metadata used by clients must be updated as of November 1, 2018 or later. Older clients using the token endpoint must change to the endpoint specified in newer key material or client metadata.
Cloud Billing
VPC Service Controls doesn't support Cloud Billing. You can export Cloud Billing data to a Cloud Storage bucket or BigQuery instance in a project that is protected by a service perimeter without configuring an access level or ingress rule.
Cloud Deployment Manager
Deployment Manager is not supported by VPC Service Controls. Users may be able to call into services that are compliant with VPC Service Controls, but they shouldn't rely on this because it might break.
As a workaround, you can add the Deployment Manager service account (PROJECT_NUMBER@cloudservices.gserviceaccount.com) to the access levels to allow calls to APIs protected by VPC Service Controls.
Cloud Shell
VPC Service Controls doesn't support Cloud Shell. VPC Service Controls treats Cloud Shell as outside of service perimeters and denies access to data that VPC Service Controls protects. However, VPC Service Controls allows access to Cloud Shell if a device that meets the access level requirements of the service perimeter initiates Cloud Shell.
Google Cloud console
Because the Google Cloud console is only accessible over the internet, it is treated as outside of service perimeters. When you apply a service perimeter, the Google Cloud console interface for the services that you protected may become partially or fully inaccessible. For example, if you protected Logging with the perimeter, you won't be able to access the Logging interface in the Google Cloud console.
To allow access from the Google Cloud console to resources protected by a perimeter, you need to create an access level for a public IP range that includes the machines of users who want to use the Google Cloud console with protected APIs. For example, you could add the public IP range of the NAT gateway of your private network to an access level, and then assign that access level to the service perimeter.
If you want to limit Google Cloud console access to the perimeter to only a specific set of users, you can also add those users to an access level. In that case, only the specified users would be able to access the Google Cloud console.
Requests through Google Cloud console from a network that is Private Google Access enabled, including networks implicitly enabled by Cloud NAT, might be blocked even if the requesting source network and target resource are in the same perimeter. This is because Google Cloud console access through Private Google Access is not supported by VPC Service Controls.
Private services access supports deploying a service instance in a Shared VPC network. If you use this configuration with VPC Service Controls, ensure that the host project that provides the network and the service project that contains the service instance are inside the same VPC Service Controls perimeter. Otherwise, requests might be blocked and service instances might not work correctly.
For more information about services that support private services access, see Supported services.
GKE Multi-Cloud
VPC Service Controls only applies to resources within your Google Cloud Platform project. The third-party cloud environment that hosts your GKE Multi-Cloud clusters does not uphold any service control guarantees.
Google Distributed Cloud
VPC Service Controls only applies to bare metal machines connected to VPC network projects that use Restricted VIP.
After you enable the service perimeter, you can't transfer your infrastructure data to StratoZone.
Workforce Identity Federation
Workforce Identity Federation is not supported by VPC Service Controls. Workforce pools are organization-level resources, and organization-level resources are not supported by VPC Service Controls.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-30 UTC."],[],[]]
