gcloud services vpc-peerings get-vpc-service-controls - get VPC state of Service Controls for the peering connection

gcloud services vpc-peerings get-vpc-service-controls--network=NETWORK[--service=SERVICE; default="servicenetworking.googleapis.com"][GCLOUD_WIDE_FLAG …]

When enabled, Google Cloud makes the following route configuration changes inthe service producer VPC network: Google Cloud removes the IPv4 default route(destination 0.0.0.0/0, next hop default internet gateway), Google Cloud thencreates an IPv4 route for destination 199.36.153.4/30 using the default internetgateway next hop.

When enabled, Google Cloud also creates Cloud DNS managed private zones andauthorizes those zones for the service producer VPC network. The zones includegoogleapis.com, gcr.io, pkg.dev, notebooks.cloud.google.com,kernels.googleusercontent.com, backupdr.cloud.google.com, andbackupdr.googleusercontent.com as necessary domains or host names for GoogleAPIs and services that are compatible with VPC Service Controls. Record data inthe zones resolves all host names to 199.36.153.4, 199.36.153.5, 199.36.153.6,and 199.36.153.7.

When disabled, Google Cloud makes the following route configuration changes inthe service producer VPC network: Google Cloud restores a default route(destination 0.0.0.0/0, next hop default internet gateway), Google Cloud alsodeletes the Cloud DNS managed private zones that provided the host nameoverrides.

While enabled, the service producer VPC network can still import static anddynamic routes from the peered customer network if you enable custom routeexport. These custom routes can include a default route. For this reason, thiscommand is not to be used solely as a means for preventing access to theinternet.

--network=NETWORK

The network in the current project that is peered with the service.

--service=SERVICE; default="servicenetworking.googleapis.com"

The service to get VPC service controls for.

Run$gcloud help for details.