For more information about Infrastructure Manager, refer to theproduct documentation.

The API for App Design Center can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about App Design Center, refer to theproduct documentation.

To use Workload Manager in a VPC Service Controls perimeter:

• You must use a Cloud Build private worker pool for your deployment environment in Workload Manager. You cannot use the default Cloud Build worker pool.
• The Cloud Build private pool must havepublic internet calls enabled to download the Terraform configuration.

For more information, see Use a Cloud Build private worker pool in the Workload Manager documentation.

For more information about Workload Manager, refer to theproduct documentation.

The API for Google Cloud NetApp Volumes can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Google Cloud NetApp Volumes, refer to theproduct documentation.

Google Cloud Search supports Virtual Private Cloud Security Controls (VPC Service Controls) to enhance the security of your data. VPC Service Controls allows you to define a security perimeter around Google Cloud Platform resources to constrain data and help mitigate data exfiltration risks.

For more information about Google Cloud Search, refer to theproduct documentation.

The API for Connectivity Tests can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Connectivity Tests, refer to theproduct documentation.

The Connectivity Tests integration with VPC Service Controls has no known limitations.

VPC Service Controls supports online prediction, but not batch prediction.

For more information about AI Platform Prediction, refer to theproduct documentation.

The API for AI Platform Training can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about AI Platform Training, refer to theproduct documentation.

VPC Service Controls perimeters protect the AlloyDB API.

For more information about AlloyDB for PostgreSQL, refer to theproduct documentation.

• Service perimeters protect only the AlloyDB for PostgreSQL Admin API. They don't protect IP-based data access to underlying databases (such as AlloyDB for PostgreSQL instances). To restrict public IP access on AlloyDB for PostgreSQL instances, use anorganization policy constraint.
• Before you configure VPC Service Controls for AlloyDB for PostgreSQL, enable the Service Networking API.
• When you use AlloyDB for PostgreSQL with Shared VPC and VPC Service Controls, the host project and service project must be in the same VPC Service Controls service perimeter.

The API for Vertex AI Workbench can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Vertex AI Workbench, refer to theproduct documentation.

The API for Vertex AI can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

SeeColab Enterprise.

For more information about Vertex AI, refer to theproduct documentation.

The API for Vertex AI Vision can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Vertex AI Vision, refer to theproduct documentation.

The API for Vertex AI in Firebase can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Vertex AI in Firebase, refer to theproduct documentation.

The API for Colab Enterprise can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

Colab Enterprise is a part of Vertex AI. SeeVertex AI.

Colab Enterprise uses Dataform for storing notebooks. SeeDataform.

For more information about Colab Enterprise, refer to theproduct documentation.

The API for Apigee and Apigee hybrid can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Apigee and Apigee hybrid, refer to theproduct documentation.

The API for Apigee API hub can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Apigee API hub, refer to theproduct documentation.

For more information about BigQuery sharing, refer to theproduct documentation.

The API for Cloud Service Mesh can be protected by VPC Service Controls, and the product can be used normally inside service perimeters.

You can usemesh.googleapis.com to enable the required APIs for Cloud Service Mesh. You don't need to restrictmesh.googleapis.com in your perimeter as it doesn't expose any APIs.

• Learn aboutconfiguring VPC Service Controls for Cloud Service Mesh (Managed).
• Learn aboutadding Cloud Service Mesh services to the service perimeters.

For more information about Cloud Service Mesh, refer to theproduct documentation.

The Cloud Service Mesh integration with VPC Service Controls has no known limitations.

In addition to protecting the Artifact Registry API, Artifact Registry can be used inside service perimeters with GKE and Compute Engine.

For more information about Artifact Registry, refer to theproduct documentation.

The API for Assured Open Source Software can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Assured Open Source Software, refer to theproduct documentation.

The API for Assured Workloads can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Assured Workloads, refer to theproduct documentation.

The Assured Workloads integration with VPC Service Controls has no known limitations.

To fully protect the AutoML API, include all of the following APIs in your perimeter:

• AutoML API (automl.googleapis.com)
• Cloud Storage API (storage.googleapis.com)
• Compute Engine API (compute.googleapis.com)
• BigQuery API (bigquery.googleapis.com)

For more information about AutoML Translation, refer to theproduct documentation.

The Bare Metal Solution API can be added to a secure perimeter. However, the VPC Service Controls perimeters do not extend to the Bare Metal Solution environment in the regional extensions.

For more information about Bare Metal Solution, refer to theproduct documentation.

Connecting VPC Service Controls to your Bare Metal Solution environment doesn't uphold any service control guarantees.

For more information about Bare Metal Solution limitation regarding VPC Service Controls, seeKnown issues and limitations.

The API for Batch can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Batch, refer to theproduct documentation.

The API for BigLake metastore can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about BigLake metastore, refer to theproduct documentation.

The BigLake metastore integration with VPC Service Controls has no known limitations.

When you protect the BigQuery API using a service perimeter, the BigQuery Storage API (bigquerystorage.googleapis.com), BigQuery Reservation API (bigqueryreservation.googleapis.com), and BigQuery Connection API (bigqueryconnection.googleapis.com) are also protected. You do not need to separately add these APIs to your perimeter's list of protected services.

Learn more about configuringVPC Service Controls for BigQuery and how toallow access to community-contributed functions within a perimeter.

For more information about BigQuery, refer to theproduct documentation.

The BigQuery Data Policy API can be protected by VPC Service Controls, and the product can be used normally inside service perimeters.

For more information about BigQuery Data Policy API, refer to theproduct documentation.

The BigQuery Data Policy API integration with VPC Service Controls has no known limitations.

Service perimeter only protects BigQuery Data Transfer Service API. The actual data protection is enforced by BigQuery. It is by design to allow importing data from various external sources outside of Google Cloud, such as Amazon S3, Redshift, Teradata, YouTube, Google Play and Google Ads, into BigQuery datasets. For information about VPC Service Controls requirements to migrate data from Teradata, seeVPC Service controls requirements.

For more information about BigQuery Data Transfer Service, refer to theproduct documentation.

The BigQuery Migration API can be protected by VPC Service Controls, and the product can be used normally inside service perimeters.

For more information about BigQuery Migration API, refer to theproduct documentation.

The BigQuery Migration API integration with VPC Service Controls has no known limitations.

Thebigtable.googleapis.com andbigtableadmin.googleapis.com services are bundled together. When you restrict thebigtable.googleapis.com service in a perimeter, the perimeter restricts thebigtableadmin.googleapis.com service by default. You cannot add thebigtableadmin.googleapis.com service to the list of restricted services in a perimeter because it is bundled withbigtable.googleapis.com.

For more information about Bigtable, refer to theproduct documentation.

The Bigtable integration with VPC Service Controls has no known limitations.

When using multiple projects with Binary Authorization, each project must be included in the VPC Service Controls perimeter. For more information about this use case, seeMulti-project setup.

With Binary Authorization, you may use Artifact Analysis to store attestors and attestations as notes and occurrences, respectively. In this case, you must also include Artifact Analysis in the VPC Service Controls perimeter. SeeVPC Service Controls guidance for Artifact Analysis for additional details.

For more information about Binary Authorization, refer to theproduct documentation.

The Binary Authorization integration with VPC Service Controls has no known limitations.

The API for Blockchain Node Engine can be protected by VPC Service Controls and used normally inside service perimeters.

For more information about Blockchain Node Engine, refer to theproduct documentation.

The API for Certificate Authority Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Certificate Authority Service, refer to theproduct documentation.

To use Config Controller with VPC Service Controls, you must enable the following APIs inside your perimeter:

• Cloud Monitoring API (monitoring.googleapis.com)
• Container Registry API (containerregistry.googleapis.com)
• Google Cloud Observability API (logging.googleapis.com)
• Security Token Service API (sts.googleapis.com)
• Cloud Storage API (storage.googleapis.com)

If you provision resources with Config Controller, you must enable the API for those resources in your service perimeter. For example, if you want to add an IAM service account, you must add the IAM API (iam.googleapis.com).

For more information about Config Controller, refer to theproduct documentation.

The Config Controller integration with VPC Service Controls has no known limitations.

For more information about Data Catalog, refer to theproduct documentation.

The Data Catalog integration with VPC Service Controls has no known limitations.

Cloud Data Fusion requires somespecial steps to protect using VPC Service Controls.

For more information about Cloud Data Fusion, refer to theproduct documentation.

The API for Data Lineage API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Data Lineage API, refer to theproduct documentation.

The Data Lineage API integration with VPC Service Controls has no known limitations.

VPC Service Controls support for Compute Engine offers the following security benefits:

• Restricts access to sensitive API operations
• Restricts persistent disk snapshots and custom images to a perimeter
• Restricts access to instance metadata

VPC Service Controls support for Compute Engine also enables you to utilize Virtual Private Cloud networks and Google Kubernetes Engine private clusters inside service perimeters.

For more information about Compute Engine, refer to theproduct documentation.

To use Conversational Insights with VPC Service Controls you must have the following additional APIs inside your perimeter, depending on your integration.

• To load data into Conversational Insights, add the Cloud Storage API to your service perimeter.

• To useexport, add the BigQuery API to your service perimeter.

• To integrate multiple CCAI products, add the Vertex AI API to your service perimeter.

For more information about Conversational Insights, refer to theproduct documentation.

The Conversational Insights integration with VPC Service Controls has no known limitations.

Dataflow supports a number of storage service connectors. The following connectors have been verified to work with Dataflow inside a service perimeter:

• Cloud Storage (Java,Python)
• BigQuery (Java, Python)
• Pub/Sub (Java,Python)
• Bigtable (Java)
• Spanner (Java)

For more information about Dataflow, refer to theproduct documentation.

• Custom BIND is not supported when using Dataflow. To customize DNS resolution whenusing Dataflow with VPC Service Controls, use Cloud DNSprivate zonesinstead of using custom BIND servers. To use your own on-premises DNS resolution, consider using aGoogle CloudDNS forwarding method.

• Vertical Autoscaling cannot be protected by a VPC Service Controls perimeter. To use Vertical Autoscaling in a VPC Service Controls perimeter, you must disable the VPC accessible services feature.

Caution: Disabling VPC accessible services reduces the security posture.
• If you enable Dataflow Prime and launch a new job within a VPC Service Controls perimeter, the job usesDataflow Prime without Vertical Autoscaling.

• Not all storage service connectors have been verified to work when used with Dataflow inside a service perimeter. For a list of verified connectors, see "Details" in the previous section.

• When using Python 3.5 with Apache Beam SDK 2.20.0‑2.22.0,Dataflow jobs will fail at startup if the workers haveprivate IP addresses only, such as when using VPC Service Controls to protect resources.If Dataflow workers can only have private IP addresses, such as when using VPC Service Controls to protect resources,do not use Python 3.5 with Apache Beam SDK 2.20.0‑2.22.0. This combination causes jobs to fail at startup.

The API for Dataplex Universal Catalog can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Dataplex Universal Catalog, refer to theproduct documentation.

Dataproc requiresspecial steps to protect using VPC Service Controls.

For more information about Dataproc, refer to theproduct documentation.

To protect a Dataproc cluster with a service perimeter, follow theDataproc and VPC Service Controls networks instructions.

Google Cloud Serverless for Apache Spark requiresspecial steps to protect using VPC Service Controls.

For more information about Google Cloud Serverless for Apache Spark for Spark, refer to theproduct documentation.

To protect your serverless workload with a service perimeter, follow theGoogle Cloud Serverless for Apache Spark and VPC Service Controls networks instructions.

The API for Dataproc Metastore can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Dataproc Metastore, refer to theproduct documentation.

The Dataproc Metastore integration with VPC Service Controls has no known limitations.

The API for Datastream can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Datastream, refer to theproduct documentation.

The Datastream integration with VPC Service Controls has no known limitations.

The API for Database Center can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Database Center, refer to theproduct documentation.

VPC Service Controls doesn't support access to folder-level or organization-level Cloud Asset API resources from resources and clients inside a service perimeter. VPC Service Controls protects project-level Cloud Asset API resources. You can specify an egress policy to allow access to project-level Cloud Asset API resources from projects inside the perimeter. To manage Database Center permissions at the folder level or organizational level, we recommend using IAM.

The API for Database Insights API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Database Insights API, refer to theproduct documentation.

The Database Insights API integration with VPC Service Controls has no known limitations.

The API for Database Migration Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Database Migration Service, refer to theproduct documentation.

The API for Dialogflow can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Dialogflow, refer to theproduct documentation.

The API for Agent Assist can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Agent Assist, refer to theproduct documentation.

The API for Sensitive Data Protection can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Sensitive Data Protection, refer to theproduct documentation.

The API for Cloud DNS can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud DNS, refer to theproduct documentation.

• You can access Cloud DNS through the restricted VIP. However you cannot create or update public DNS zones within projects inside the VPC Service Controls perimeter.

The API for Document AI can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Document AI, refer to theproduct documentation.

The Document AI integration with VPC Service Controls has no known limitations.

The API for Document AI Warehouse can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Document AI Warehouse, refer to theproduct documentation.

The Document AI Warehouse integration with VPC Service Controls has no known limitations.

The API for Cloud Domains can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Domains, refer to theproduct documentation.

• The contact data used in Cloud Domains might be shared with thedomain ending or top-level domain (TLD) registry and might be publicly accessible forWHOIS/RDAP as your settings permit, in compliance withICANN rules. For details, seePrivacy protection.

• The DNS configuration data used in Cloud Domains—name servers and DNSSEC settings—is public. If your domain delegates to a public DNS zone, which is the default, then that zone's DNS configuration data is public too.

Eventarc Advanced APIs can be protected with VPC Service Controls, and features can be used normally inside service perimeters.

An Eventarc Advanced bus outside of a service perimeter can't receive events from Google Cloud Platform projects inside the perimeter. An Eventarc Advanced bus inside of a perimeter can't route events to a consumer outside of the perimeter.

• To publish to an Eventarc Advanced bus, the source of an event must be inside the same service perimeter as the bus.
• To consume a message, an event consumer must be inside the same service perimeter as the bus.

You can verify VPC Service Controls support for theEnrollment,GoogleApiSource,MessageBus, andPipeline resources by viewing platform logs on ingress.

For more information about Eventarc Advanced, refer to theproduct documentation.

The Eventarc Advanced integration with VPC Service Controls has no known limitations.

Eventarc Standard handles event delivery using Pub/Sub topics and push subscriptions. To access the Pub/Sub API and manage event triggers, the Eventarc API must be protected within the same VPC Service Controls service perimeter as the Pub/Sub API.

For more information about Eventarc Standard, refer to theproduct documentation.

The API for Distributed Cloud Edge Network API can be protected by VPC Service Controls and used normally inside service perimeters.

For more information about Distributed Cloud Edge Network API, refer to theproduct documentation.

The Distributed Cloud Edge Network API integration with VPC Service Controls has no known limitations.

The API for Anti Money Laundering AI can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Anti Money Laundering AI, refer to theproduct documentation.

The Anti Money Laundering AI integration with VPC Service Controls has no known limitations.

When you configure and exchange Firebase App Check tokens, VPC Service Controls protects only the Firebase App Check service. To protect services that rely on Firebase App Check, you must set up service perimeters for those services.

For more information about Firebase App Check, refer to theproduct documentation.

The Firebase App Check integration with VPC Service Controls has no known limitations.

VPC Service Controls helps protect requests to the App Hosting API. However, VPC Service Controls restrictions don't apply to requests to websites deployed on App Hosting.

For more information about Firebase App Hosting, refer to theproduct documentation.

Service perimeters protect only the Firebase Data Connect API. They don't protect access to the underlying data sources (such as Cloud SQL instances). Restricting access on database instances must be configured separately.

For more information about Firebase Data Connect, refer to theproduct documentation.

The Firebase Data Connect integration with VPC Service Controls has no known limitations.

When you manage Firebase Security Rules policies VPC Service Controls protects only the Firebase Security Rules service. To protect services that rely on Firebase Security Rules, you must set up service permiters for those services.

For more information about Firebase Security Rules, refer to theproduct documentation.

The Firebase Security Rules integration with VPC Service Controls has no known limitations.

See theCloud Run functions documentation for setup steps. VPC Service Controls protection does not apply to the build phase when Cloud Run functions are built using Cloud Build. For more details, see the known limitations.

For more information about Cloud Run functions, refer to theproduct documentation.

When you restrict IAM with a perimeter, only actions that use the Identity and Access Management API are restricted. These actions include the following:

• Managing custom IAM roles
• Managing workload identity pools
• Managing service accounts and keys
• Managing deny policies
• Managing policy bindings for principal access boundary policies

The perimeterdoesn't restrict actions related to workforce pools and principal access boundary policies because those resources are created at the organization level.

The perimeter alsodoesn't restrict allow policy management for resources owned by other services, like Resource Manager projects, folders, and organizations or Compute Engine virtual machine instances. To restrict allow policy management for these resources, create a perimeter that restricts the service that owns the resources. For a list of resources that accept allow policies and the services that own them, seeResource types that accept allow policies.

Additionaly, the perimeter around IAMdoesn't restrict actions that use other APIs, including the following:

• IAM Policy Simulator API
• IAM Policy Troubleshooter API
• Security Token Service API
• Service Account Credentials API (including the legacysignBlob andsignJwt methods in the IAM API)

For more information about Identity and Access Management, refer to theproduct documentation.

If you are inside the perimeter, you cannot call theroles.list method with an empty string to list IAM predefined roles. If you need to view predefined roles, seeIAM role documentation.

IAP Admin API enables users to configure IAP.

For more information about IAP Admin API , refer to theproduct documentation.

The IAP Admin API integration with VPC Service Controls has no known limitations.

The API for Cloud KMS Inventory API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud KMS Inventory API, refer to theproduct documentation.

The SearchProtectedResources API method does not enforce service perimeter restrictions on returned projects.

The API for Service Account Credentials can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Service Account Credentials, refer to theproduct documentation.

The Service Account Credentials integration with VPC Service Controls has no known limitations.

The API for Service Metadata API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Service Metadata API, refer to theproduct documentation.

The Service Metadata API integration with VPC Service Controls has no known limitations.

If you're using private service access, we recommend enabling VPC Service Controls for the Service Networking connection.When you enable VPC Service Controls, service producers are restricted to access only the APIs supported by VPC Service Controls over the Service Networking connection.

You can enable VPC Service Controls for Service Networking only using theEnableVpcServiceControls API. You can disable VPC Service Controls for Service Networking only usingDisableVpcServiceControls API.

For more information about Service Networking, refer to theproduct documentation.

The Service Networking integration with VPC Service Controls has no known limitations.

The API for Serverless VPC Access can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Serverless VPC Access, refer to theproduct documentation.

The Serverless VPC Access integration with VPC Service Controls has no known limitations.

The Cloud KMS API can be protected by VPC Service Controls and the product can be used inside service perimeters. The access to Cloud HSM services is also protected by VPC Service Controls and can be used inside service perimeters.

For more information about Cloud Key Management Service, refer to theproduct documentation.

The Cloud Key Management Service integration with VPC Service Controls has no known limitations.

The API for Game Servers can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Game Servers, refer to theproduct documentation.

The Game Servers integration with VPC Service Controls has no known limitations.

The API for Gemini Code Assist can be protected by VPC Service Controls and the product can be used normally inside service perimeters. This includescode customization.

For more information about Gemini Code Assist, refer to theproduct documentation.

Access control based on device, public IP address, or location is not supported for Gemini in the Google Cloud console.

The API for Identity-Aware Proxy for TCP can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Identity-Aware Proxy for TCP, refer to theproduct documentation.

The API for Cloud Life Sciences can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Life Sciences, refer to theproduct documentation.

The Cloud Life Sciences integration with VPC Service Controls has no known limitations.

Additional configuration required for:

• On-premises access to the Managed Microsoft AD API
• Shared VPC

For more information about Managed Service for Microsoft Active Directory, refer to theproduct documentation.

The Managed Service for Microsoft Active Directory integration with VPC Service Controls has no known limitations.

The API for reCAPTCHA can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about reCAPTCHA, refer to theproduct documentation.

The reCAPTCHA integration with VPC Service Controls has no known limitations.

The API for Web Risk can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Web Risk, refer to theproduct documentation.

The Evaluate API and the Submission API are not supported by VPC Service Controls.

The API for Recommender can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Recommender, refer to theproduct documentation.

• VPC Service Controls doesn't support organization, folder, or billing account resources.

The API for Secret Manager can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Secret Manager, refer to theproduct documentation.

The Secret Manager integration with VPC Service Controls has no known limitations.

VPC Service Controls protection applies to all administrator operations, publisher operations, and subscriber operations (except for existing push subscriptions).

For more information about Pub/Sub, refer to theproduct documentation.

In projects protected by a service perimeter, the following limitations apply:

• New push subscriptions can't be created unless the push endpoints are set to Cloud Run services with defaultrun.app URLs or a Workflows execution (custom domains don't work). For more information about integrating with Cloud Run, seeUsing VPC Service Controls.
• For non-push subscriptions, you must create a subscription in the same perimeter as the topic or enable egress rules to allow access from the topic to the subscription.
• When routing events through Eventarc to Workflows targets for which the push endpoint is set to a Workflows execution, you can only create new push subscriptions through Eventarc.
• Pub/Sub subscriptions created prior to the service perimeter are not blocked.

VPC Service Controls protection applies to all subscriber operations.

For more information about Pub/Sub Lite, refer to theproduct documentation.

The Pub/Sub Lite integration with VPC Service Controls has no known limitations.

UseVPC Service Controls with Cloud Build private pools to add additional security to your builds.

For more information about Cloud Build, refer to theproduct documentation.

• VPC Service Controls protection is available only for builds run inprivate pools.

• Cloud Build Pub/Sub triggers are not supported.

The API for Cloud Deploy can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Deploy, refer to theproduct documentation.

To use Cloud Deploy in a perimeter, you must use a Cloud Build private pool for the target'sexecution environments. Don't use the default (Cloud Build) worker pool, and don't use a hybrid pool.

Configuring Composer for use with VPC Service Controls

For more information about Cloud Composer, refer to theproduct documentation.

• Enabling DAG serialization prevents Airflow from displaying a rendered template with functions in the web UI.

• Setting theasync_dagbag_loader flag toTrue is not supported while DAG serialization is enabled.

• Enabling DAG serialization disables all Airflow web server plugins, as they could risk the security of the VPC network where Cloud Composer is deployed. This doesn't impact the behaviour of scheduler or worker plugins, including Airflow operators and sensors.

• When Cloud Composer is running inside a perimeter, access to public PyPI repositories is restricted. In the Cloud Composer documentation, seeInstalling Python dependencies to learn how to install PyPi modules in Private IP mode.

• Cloud Composer doesn't support usingthird-party identities in ingress and egress rules forApache Airflow web interface operations. However, you can use theANY_IDENTITY identity type in ingress and egress rules to allow access to all identities, including third-party identities. For more information about theANY_IDENTITY identity type, seeIngress and egress rules.

The API for Cloud Quotas can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Quotas, refer to theproduct documentation.

For more information about Cloud Run, refer to theproduct documentation.

• Cloud Scheduler job creation
• Cloud Scheduler job updates

For more information about Cloud Scheduler, refer to theproduct documentation.

The API for Spanner can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Spanner, refer to theproduct documentation.

The Spanner integration with VPC Service Controls has no known limitations.

The API for Speaker ID can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Speaker ID, refer to theproduct documentation.

The Speaker ID integration with VPC Service Controls has no known limitations.

The API for Cloud Storage can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Storage, refer to theproduct documentation.

The API for Cloud Tasks can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

HTTP requests from Cloud Tasks executions are supported as follows:

• Authenticated requests to VPC Service Controls-compliant Cloud Run functions and Cloud Run endpoints are allowed.
• Requests to non-Cloud Run functions and non-Cloud Run endpoints are blocked.
• Requests to non-VPC Service Controls-compliant Cloud Run functions and Cloud Run endpoints are blocked.

For more information about Cloud Tasks, refer to theproduct documentation.

VPC Service Controls perimeters protect the Cloud SQL Admin API.

For more information about Cloud SQL, refer to theproduct documentation.

• Service perimeters protect only the Cloud SQL Admin API. They do not protect IP-based data access to Cloud SQL instances. You need to use anorganization policy constraint to restrict public IP access on Cloud SQL instances.
• Before you configure VPC Service Controls for Cloud SQL, enable the Service Networking API.

• Cloud SQL imports and exports can only perform reads and writes from a Cloud Storage bucket within the same service perimeter as the Cloud SQL replica instance.

• In theexternal server migration flow, you need to add the Cloud Storage bucket to the same service perimeter.

• In thekey creation flow for CMEK, use one of the following configurations:

  • Create the key in the same service perimeter as the resources that use it, such as Cloud SQL.
  • Create the key in a service perimeter that's connected, through aperimeter bridge, to the service perimeter that protects Cloud SQL.
• When restoring an instance from a backup, the target instance needs to reside in the same service perimeter as the backup.

The API for Video Intelligence API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Video Intelligence API, refer to theproduct documentation.

The Video Intelligence API integration with VPC Service Controls has no known limitations.

The API for Cloud Vision API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Vision API, refer to theproduct documentation.

To use Artifact Analysis with VPC Service Controls, you may have to add other services to your VPC perimeter:

• If you are usingPub/Sub notifications with Artifact Analysis, addPub/Sub to your service perimeter.
• If you are using theContainer Scanning API, add your registry to the perimeter:Artifact Registry orContainer Registry.

Because the Container Scanning API is a surfaceless API that stores the results in Artifact Analysis, you do not need to protect the API with a service perimeter.

For more information about Artifact Analysis, refer to theproduct documentation.

The Artifact Analysis integration with VPC Service Controls has no known limitations.

Caution: Container Registry is deprecated. Effective March 18, 2025, Container Registry is shut down, and writing images to Container Registry is unavailable. For details on the deprecation and how to migrate to Artifact Registry, seeContainer Registry deprecation.

In addition to protecting the Container Registry API, Container Registry can be used inside a service perimeter with GKE and Compute Engine.

For more information about Container Registry, refer to theproduct documentation.

• When you specify an ingress or egress policy for a service perimeter, you cannot useANY_SERVICE_ACCOUNT andANY_USER_ACCOUNT as an identity type for allContainer Registry operations.

  As a workaround, useANY_IDENTITY as the identity type.

• Because Container Registry uses thegcr.io domain, you mustconfigure DNS for*.gcr.io to map to eitherprivate.googleapis.com orrestricted.googleapis.com. For more information, seeSecuring Container Registry in a service perimeter.

• In addition to the containers inside a perimeter that are available to Container Registry, the following read-only repositories are available to all projects regardless of any restrictions enforced by service perimeters:

  • gcr.io/anthos-baremetal-release
  • gcr.io/asci-toolchain
  • gcr.io/cloud-airflow-releaser
  • gcr.io/cloud-builders
  • gcr.io/cloud-dataflow
  • gcr.io/cloud-ingest
  • gcr.io/cloud-marketplace
  • gcr.io/cloud-ssa
  • gcr.io/cloudsql-docker
  • gcr.io/config-management-release
  • gcr.io/deeplearning-platform-release
  • gcr.io/foundry-dev
  • gcr.io/fn-img
  • gcr.io/gae-runtimes
  • gcr.io/serverless-runtimes
  • gcr.io/gke-node-images
  • gcr.io/gke-release
  • gcr.io/gkeconnect
  • gcr.io/google-containers
  • gcr.io/kubeflow
  • gcr.io/kubeflow-images-public
  • gcr.io/kubernetes-helm
  • gcr.io/istio-release
  • gcr.io/ml-pipeline
  • gcr.io/projectcalico-org
  • gcr.io/rbe-containers
  • gcr.io/rbe-windows-test-images
  • gcr.io/speckle-umbrella
  • gcr.io/stackdriver-agents
  • gcr.io/tensorflow
  • gcr.io/vertex-ai
  • gcr.io/vertex-ai-restricted
  • gke.gcr.io
  • k8s.gcr.io

  In all cases, the multi-regional versions of these repositories are also available.

The Google Kubernetes Engine API can be protected by VPC Service Controls and the product can be used normally inside service perimeters. This compatibility includes the protection of theDNS endpoint for GKE, which is a service for accessing the cluster's control plane and uses the*.gke.goog domain.

When you restrict thecontainer.googleapis.com service in a perimeter, the perimeter also restricts the DNS endpoint for GKE.

For more information about Google Kubernetes Engine, refer to theproduct documentation.

• To fully protect the GKE API, you must include the Kubernetes Metadata API (kubernetesmetadata.googleapis.com) as well in your perimeter.
• Only private clusters can be protected using VPC Service Controls. Clusters with public IP addresses are not supported by VPC Service Controls.

• The GKE service entry in this table only specifies the control of the GKE API itself. GKE relies on several other underlying services for its operation, such as Compute Engine, Cloud Logging, Cloud Monitoring, and the Autoscaling API (autoscaling.googleapis.com). To effectively secure your GKE environments with VPC Service Controls, you must ensure that all necessary underlying services are also included within your service perimeter. See theGKE documentation for a complete list of these services.

The API for Container Security API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Container Security API, refer to theproduct documentation.

The Container Security API integration with VPC Service Controls has no known limitations.

Image streaming is a GKE data streaming feature that provides shorter container image pull times for images stored in Artifact Registry. If VPC Service Controls protects your container images and you use Image streaming, you must also include the Image streaming API in the service perimeter.

For more information about Image streaming, refer to theproduct documentation.

• The following read-only repositories are available to all projects regardless of any restrictions enforced by service perimeters:

  • gcr.io/anthos-baremetal-release
  • gcr.io/asci-toolchain
  • gcr.io/cloud-airflow-releaser
  • gcr.io/cloud-builders
  • gcr.io/cloud-dataflow
  • gcr.io/cloud-ingest
  • gcr.io/cloud-marketplace
  • gcr.io/cloud-ssa
  • gcr.io/cloudsql-docker
  • gcr.io/config-management-release
  • gcr.io/deeplearning-platform-release
  • gcr.io/foundry-dev
  • gcr.io/fn-img
  • gcr.io/gae-runtimes
  • gcr.io/serverless-runtimes
  • gcr.io/gke-node-images
  • gcr.io/gke-release
  • gcr.io/gkeconnect
  • gcr.io/google-containers
  • gcr.io/kubeflow
  • gcr.io/kubeflow-images-public
  • gcr.io/kubernetes-helm
  • gcr.io/istio-release
  • gcr.io/ml-pipeline
  • gcr.io/projectcalico-org
  • gcr.io/rbe-containers
  • gcr.io/rbe-windows-test-images
  • gcr.io/speckle-umbrella
  • gcr.io/stackdriver-agents
  • gcr.io/tensorflow
  • gcr.io/vertex-ai
  • gcr.io/vertex-ai-restricted
  • gke.gcr.io
  • k8s.gcr.io

Fleet management APIs, including theConnect gateway, can be protected with VPC Service Controls, and fleet management features can be used normally inside service perimeters. For more information, see the following:

• Use VPC Service Controls with the Connect Agent
• Use VPC Service Controls with the Connect gateway

For more information about Fleets, refer to theproduct documentation.

• Although all fleet management features can be used normally, enabling a service perimeter around the Stackdriver API restricts the Policy Controller fleet feature from integrating with Security Command Center.
• When using the Connect gateway to access GKE clusters, VPC Service Controls perimeter forcontainer.googleapis.com is not enforced.

The API forFleetPackage API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information aboutFleetPackage API, refer to theproduct documentation.

TheFleetPackage API integration with VPC Service Controls has no known limitations.

The following Cloud Resource Manager API methods can be protected by VPC Service Controls:

• v1project.setIAMPolicy
• v1beta1project.setIAMPolicy
• v3tagKeys.*
• v3tagValues.*
• v3tagValues.tagHolds.*
• v3tagBindings.*

For more information about Resource Manager, refer to theproduct documentation.

• Only tag keys directly parented by a project resource and corresponding tag values can be protected using VPC Service Controls. When a project is added to a VPC Service Controls perimeter, all tag keys and corresponding tag values under the project are considered to be resources within the perimeter.
• Tag keys parented by an organization resource and their corresponding tag values can't be included in a VPC Service Controls perimeter and can't be protected using VPC Service Controls.
• Clients inside a VPC Service Controls perimeter can't access tag keys and corresponding values parented by an organization resource, unless an egress rule allowing access is set on the perimeter. For more information about setting egress rules, seeIngress and egress rules.
• Tag bindings are considered resources within the same perimeter as the resource to which the tag value is bound. For example, the tag bindings on a Compute Engine instance in a project is considered to belong to that project regardless of where the tag key is defined.
• Some services such as Compute Engine allowcreating tag bindings using their own service APIs, in addition to the Resource Manager service APIs. For example, adding tags to a Compute Engine VM during resource creation. To protect tag bindings created or deleted using these service APIs, add the corresponding service, such ascompute.googleapis.com, to the list of restricted services in the perimeter.
• Tags support method-level restrictions, so you can scope themethod_selectors to specific API methods. For a list of restrictable methods, seeSupported service method restrictions.
• Granting the owner role on a project through Google Cloud console is now supported by VPC Service Controls. You cannot send an owner invitation or accept an invitation outside service perimeters. If you try to accept an invitation from outside the perimeter you will not be granted the owner role and there will not be any error or warning message displayed.

The API for Cloud Logging can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Logging, refer to theproduct documentation.

The API for Certificate Manager can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Certificate Manager, refer to theproduct documentation.

The Certificate Manager integration with VPC Service Controls has no known limitations.

The API for Cloud Monitoring can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Monitoring, refer to theproduct documentation.

The API for Cloud Profiler can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Profiler, refer to theproduct documentation.

The Cloud Profiler integration with VPC Service Controls has no known limitations.

The API for Telemetry API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Telemetry API, refer to theproduct documentation.

The Telemetry API integration with VPC Service Controls has no known limitations.

The API for Timeseries Insights API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Timeseries Insights API, refer to theproduct documentation.

The Timeseries Insights API integration with VPC Service Controls has no known limitations.

The API for Cloud Trace can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Trace, refer to theproduct documentation.

The Cloud Trace integration with VPC Service Controls has no known limitations.

The API for Cloud TPU can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud TPU, refer to theproduct documentation.

The Cloud TPU integration with VPC Service Controls has no known limitations.

For more information about Natural Language API, refer to theproduct documentation.

Because Natural Language API is a stateless API and doesn't run on projects, using VPC Service Controls to protect Natural Language API does not have any effect.

The API for Network Connectivity Center can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Network Connectivity Center, refer to theproduct documentation.

The Network Connectivity Center integration with VPC Service Controls has no known limitations.

The API for Cloud Asset API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Asset API, refer to theproduct documentation.

• VPC Service Controls doesn't support access to folder-level or organization-level Cloud Asset API resources from resources and clients inside a service perimeter. VPC Service Controls protects project-level Cloud Asset API resources. You can specify an egress policy to prevent access to project-level Cloud Asset API resources from projects inside the perimeter.
• VPC Service Controls doesn't support adding folder-level or organization-level Cloud Asset API resources into a service perimeter. You cannot use a perimeter to protect folder-level or organization-level Cloud Asset API resources. To manage Cloud Asset Inventory permissions at the folder or organization level, we recommend using IAM.

The API for Speech-to-Text can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Speech-to-Text, refer to theproduct documentation.

The Speech-to-Text integration with VPC Service Controls has no known limitations.

The API for Text-to-Speech can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Text-to-Speech, refer to theproduct documentation.

The Text-to-Speech integration with VPC Service Controls has no known limitations.

The API for Translation can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Translation, refer to theproduct documentation.

Cloud Translation - Advanced (v3) supports VPC Service Controls but not Cloud Translation - Basic (v2). To apply VPC Service Controls, you must use Cloud Translation - Advanced (v3). For more information about the different editions, seeCompare Basic and Advanced.

Create a service perimeter for License Manager with the License Manager API to secure your licenses.

For more information about License Manager, refer to theproduct documentation.

The License Manager integration with VPC Service Controls has no known limitations.

Use VPC Service Controls with the Live Stream API to secure your pipeline.

For more information about Live Stream API, refer to theproduct documentation.

To protect input endpoints with a service perimeter, you must follow the instructions for setting up a private pool and send input video streams over a private connection.

The API for Transcoder API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Transcoder API, refer to theproduct documentation.

The Transcoder API integration with VPC Service Controls has no known limitations.

The API for Video Stitcher API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Video Stitcher API, refer to theproduct documentation.

The Video Stitcher API integration with VPC Service Controls has no known limitations.

The API for Access Approval can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Access Approval, refer to theproduct documentation.

The Access Approval integration with VPC Service Controls has no known limitations.

The API for Cloud Healthcare API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Healthcare API, refer to theproduct documentation.

VPC Service Controls doesn't supportcustomer-managed encryption keys (CMEK) in the Cloud Healthcare API.

We recommend placing your Storage Transfer Service project within the same service perimeter as your Cloud Storage resources. This protects both your transfer and your Cloud Storage resources. Storage Transfer Service also supports scenarios where the Storage Transfer Service project is not in the same perimeter as your Cloud Storage buckets, using anegress policy.

For setup information, seeUsing Storage Transfer Service with VPC Service Controls

Transfer service for on-premises data

SeeUsing Transfer for on-premises with VPC Service Controls for details and setup information for Transfer for on-premises.

For more information about Storage Transfer Service, refer to theproduct documentation.

The API for Service Control can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Service Control, refer to theproduct documentation.

• When you call the Service Control API from a VPC network in a service perimeter with Service Control restricted to report billing or analytics metrics, you can only use theService Control report method to report metrics for VPC Service Controls supported services.

The API for Memorystore for Redis can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Memorystore for Redis, refer to theproduct documentation.

• Service perimeters protect only the Memorystore for Redis API. Perimeters do not protect normal data access on Memorystore for Redis instances within the same network.

• If the Cloud Storage API is also protected, then Memorystore for Redis import and export operations can only read and write to a Cloud Storage bucket within the same service perimeter as the Memorystore for Redis instance.

• If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Redis instance inside the same perimeter in order for Redis requests to succeed. At any time, separating the host project and service project with a perimeter can cause a Redis instance failure, in addition to blocked requests. For more information, see Memorystore for Redisconfiguration requirements.

The API for Memorystore for Memcached can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Memorystore for Memcached, refer to theproduct documentation.

• Service perimeters protect only the Memorystore for Memcached API. Perimeters do not protect normal data access on Memorystore for Memcached instances within the same network.

• Service perimeters protect only the Memorystore for Valkey API. Perimeters do not protect normal data access on Memorystore for Valkey instances within the same network.

• If the Cloud Storage API is also protected, then Memorystore for Valkey import and export operations can only read and write to a Cloud Storage bucket within the same service perimeter as the Memorystore for Valkey instance.

• If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Redis instance inside the same perimeter in order for Redis requests to succeed. At any time, separating the host project and service project with a perimeter can cause a Redis instance failure, in addition to blocked requests. For more information, see Memorystore for Valkeyconfiguration requirements.

• The Memorystore for Valkey API ismemorystore.googleapis.com. For this reason, the display name for Memorystore for Valkey is "Memorystore API" when using the VPC Service Controls in the Google Cloud console.

For more information about Memorystore for Valkey, refer to theproduct documentation.

The API for Service Directory can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Service Directory, refer to theproduct documentation.

The Service Directory integration with VPC Service Controls has no known limitations.

Transfer Appliance is fully supported for projects using VPC Service Controls.

Transfer Appliance doesn't offer an API, and therefore does not support API-related features in VPC Service Controls.

For more information about Transfer Appliance, refer to theproduct documentation.

• When Cloud Storage is protected by VPC Service Controls, the Cloud KMS key you share with the Transfer Appliance Team must be within the same project as the destination Cloud Storage bucket.

The API for Organization Policy Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Organization Policy Service, refer to theproduct documentation.

VPC Service Controls doesn't support access restrictions to folder-level or organization-level organization policies that are inherited by the project. VPC Service Controls protects project-level Organization Policy Service API resources.

For example, if an ingress rule restricts a user from accessing the Organization Policy Service API, that user gets a 403 error when querying for organization policies enforced on the project. However, the user is still able to access the organization policies of the folder and organization containing the project.

You can call the OS Login API from within VPC Service Controls perimeters. To manage OS Login from within VPC Service Controls perimeters,set up OS Login.

SSH connections to VM instances are not protected by VPC Service Controls.

For more information about OS Login, refer to theproduct documentation.

The OS Login methods for reading and writing SSH keys don't enforce VPC Service Controls perimeters. Use VPC accessible services to disable access to OS Login APIs.

The API for Personalized Service Health can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Personalized Service Health, refer to theproduct documentation.

VPC Service Controls does not support theOrganizationEvents andOrganizationImpacts resources of the Service Health API. Therefore, VPC Service Controls policy checks won't occur when you call the methods for these resources. However, you can call the methods from a service perimeter using a restricted VIP.

You can call the OS Config API from within VPC Service Controls perimeters. To use VM Manager from within VPC Service Controls perimeters,set up VM Manager.

For more information about VM Manager, refer to theproduct documentation.

Workflows is an orchestration platform that can combine Google Cloud Platform services and HTTP-based APIs to execute services in an order that you define.

When you protect the Workflows API using a service perimeter, the Workflow Executions API is also protected. You do not need to separately addworkflowexecutions.googleapis.com to your perimeter's list of protected services.

HTTP requests from a Workflows execution are supported as follows:

• Authenticated requests to VPC Service Controls-compliant Google Cloud endpoints are allowed.
• Requests to Cloud Run functions and Cloud Run service endpoints are allowed.
• Requests to third-party endpoints are blocked.
• Requests to non-VPC Service Controls-compliant Google Cloud endpoints are blocked.

For more information about Workflows, refer to theproduct documentation.

The Workflows integration with VPC Service Controls has no known limitations.

The API for Filestore can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Filestore, refer to theproduct documentation.

• Service perimeters protect only the Filestore API. Perimeters do not protect normal NFS data access on Filestore instances within the same network.

• If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Filestore instance inside the same perimeter for the Filestore instance to function correctly. Separating the host project and service project with a perimeter might cause the existing instances to become unavailable and might not create new instances.

For more information about Parallelstore, refer to theproduct documentation.

• If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Parallelstore instance inside the same perimeter for the Parallelstore instance to function correctly. Separating the host project and service project with a perimeter might cause the existing instances to become unavailable and might not create new instances.

The API for Container Threat Detection can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Container Threat Detection, refer to theproduct documentation.

For more information about Ads Data Hub, refer to theproduct documentation.

VPC Service Controls only restricts token exchanges if theaudience in the request is a project-level resource. For example, VPC Service Controls doesn't restrict requests fordownscoped tokens, because those requests have no audience. VPC Service Controls also doesn't restrict requests forWorkforce Identity Federation because the audience is an organization-level resource.

For more information about Security Token Service, refer to theproduct documentation.

Thefirestore.googleapis.com,datastore.googleapis.com, andfirestorekeyvisualizer.googleapis.com services are bundled together. When you restrict thefirestore.googleapis.com service in a perimeter, the perimeter also restricts thedatastore.googleapis.com andfirestorekeyvisualizer.googleapis.com services. You don't need to separately add these services to your perimeter's list of protected services.

To restrictdatastore.googleapis.com service, use thefirestore.googleapis.com service name.

To get full egress protection on import and export operations, you must use the Firestore service agent. See the following for more information:

• SecuringFirestore import and export operations with VPC Service Controls.
• SecuringDatastore import and export operations with VPC Service Controls.

For more information about Firestore/Datastore, refer to theproduct documentation.

The API for Migrate to Virtual Machines can be protected by VPC Service Controls, and the product can be used normally inside service perimeters.

For more information about Migrate to Virtual Machines, refer to theproduct documentation.

• To fully protect Migrate to Virtual Machines, add all of the following APIs to the service perimeter:

  • Artifact Registry API (artifactregistry.googleapis.com)
  • Pub/Sub API (pubsub.googleapis.com)
  • Cloud Storage API (storage.googleapis.com)
  • Cloud Logging API (logging.googleapis.com)
  • Container Registry API (containerregistry.googleapis.com)
  • Secret Manager API (secretmanager.googleapis.com)
  • Compute Engine API (compute.googleapis.com)

  For more information, see theMigrate to Virtual Machines documentation.

VPC Service Controls lets you protect the infrastructure data that you collect with Migration Center with a service perimeter.

For more information about Migration Center, refer to theproduct documentation.

The API for Backup and DR Service can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Backup and DR Service, refer to theproduct documentation.

If you remove the internet default route from the service producer project using the commandgcloud services vpc-peerings enable-vpc-service-controls, then you may not be able to access or deploy the management console. If you encounter this issue, contactGoogle Cloud Customer Care.

You can use VPC Service Controls to protect backup for GKE and you can use backup for GKE features normally inside service perimeters.

For more information about Backup for GKE, refer to theproduct documentation.

The Backup for GKE integration with VPC Service Controls has no known limitations.

The API for Retail API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Retail API, refer to theproduct documentation.

The Retail API integration with VPC Service Controls has no known limitations.

Application Integration is a collaborative workflow management system that allows you to create, augment, debug and understand core business system workflows. The workflows on the Application Integration are made up of triggers and tasks. There are several kinds of triggers such as api trigger/Pub/Sub trigger/cron trigger/sfdc trigger.

For more information about Application Integration, refer to theproduct documentation.

The API for Integration Connectors can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Integration Connectors, refer to theproduct documentation.

The API for Error Reporting can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Error Reporting, refer to theproduct documentation.

The API for Cloud Workstations can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Workstations, refer to theproduct documentation.

• To fully protect Cloud Workstations, you must restrict the Compute Engine API in your service perimeter whenever you restrict the Cloud Workstations API.
• Ensure that Google Cloud Storage API, Google Container Registry API, and Artifact Registry API are VPC accessible in your service perimeter. This is needed to pull images onto your workstation. We also recommended that you allow Cloud Logging API and Cloud Error Reporting API to be VPC accessible in your service perimeter, although this is not required to use Cloud Workstations.
• Ensure that your workstation cluster isprivate. Configuring a private cluster prevents connections to your workstations from outside your VPC service perimeter.
• Ensure that you disable public IP addresses in your workstation configuration. Failing to do so results in VMs with public IP addresses in your project. We strongly recommend that you use theconstraints/compute.vmExternalIpAccess organization policy constraint to disable public IP addresses for all VMs in your VPC service perimeter. For details, seeRestricting external IP addresses to specific VMs.
• While connecting to your workstation, access control is only based on whether the private network you are connecting from belongs to the security perimeter. Access control based on device, public IP address, or location is not supported.

The API for Cloud IDS can be protected by VPC Service Controls, and the product can be used normally inside service perimeters.

For more information about Cloud IDS, refer to theproduct documentation.

Cloud IDS uses Cloud Logging to create threat logs in your project. If Cloud Logging is restricted by the service perimeter, VPC Service Controls blocks the Cloud IDS threat logs, even if Cloud IDS is not added as a restricted service to the perimeter. To use Cloud IDS inside a service perimeter, you must configure aningress rule for the Cloud Logging service account in your service perimeter.

For more information about Chrome Enterprise Premium, refer to theproduct documentation.

The Chrome Enterprise Premium integration with VPC Service Controls has no known limitations.

When you restrict the Policy Troubleshooter API with a perimeter, principals can troubleshoot IAM allow policies only if all resources involved in the request are in the same perimeter. There are usually two resources involved in a troubleshooting request:

• The resource you're troubleshooting access for. This resource can be any type. You explicitly specify this resource when you troubleshoot an allow policy.

• The resource you're using to troubleshoot access. This resource is a project, folder, or organization. In the Google Cloud console and gcloud CLI, this resource is inferred based on the project, folder, or organization you have selected. In the REST API, you specify this resource using thex-goog-user-project header.

  This resource can be the same as the resource that you're troubleshooting access for, but it doesn't need to be.

If these resources aren't in the same perimeter, the request fails.

For more information about Policy Troubleshooter, refer to theproduct documentation.

The Policy Troubleshooter integration with VPC Service Controls has no known limitations.

You can restrict the Policy Simulator API with a perimeter when simulating organization policies or allow and deny policies.

Principals can simulate organization policies as expected inside service perimeters.

Principals can simulate allow policies only if certain resources involved in the simulation are in the same perimeter. There are several resources involved in an allow policy simulation:

• The resource whose allow policy you're simulating. This resource is also called thetarget resource. In the Google Cloud console, this is the resource whose allow policy you're editing. In the gcloud CLI and REST API, you explicitly specify this resource when you simulate an allow policy.

• The project, folder, or organization that creates and runs the simulation. This resource is also called thehost resource. In the Google Cloud console and gcloud CLI, this resource is inferred based on the project, folder, or organization you have selected. In the REST API, you specify this resource using thex-goog-user-project header.

  This resource can be the same as the resource that you're simulating access for, but it doesn't need to be.

• The resource that provides access logs for the simulation. In a simulation, there is always one resource that provides access logs for the simulation. This resource varies depending on the target resource type:

  • If you are simulating an allow policy for a project or organization, Policy Simulator retrieves the access logs for that project or organization.
  • If you are simulating an allow policy for a different type of resource, Policy Simulator retrieves the access logs for that resource's parent project or organization.
  • If you are simulating multiple resources' allow policies at once, Policy Simulator retrieves the access logs for the resources' nearest common project or organization.
• All supported resources with relevant allow policies. When Policy Simulator runs a simulation, it considers all allow policies that might impact the user's access, including allow policies on the target resource's ancestor and descendant resources. As a result, these ancestor and descendant resources are also involved in simulations.

If the target resource and the host resource aren't in the same perimeter, the request fails.

If the target resource and the resource that provides access logs for the simulation aren't in the same perimeter, the request fails.

If the target resource and some supported resources with relevant allow policies aren't in the same perimeter, the requests succeeds, but the results might be incomplete. For example, if you're simulating a policy for a project in a perimeter, the results won't include the allow policy of the project's parent organization, because organizations are always outside of VPC Service Controls perimeters. To get more complete results, you can configureingress and egress rules for the perimeter.

For more information about Policy Simulator, refer to theproduct documentation.

• VPC Service Controls does not support adding folder-level or organization-level resources to service perimeters. Therefore, you cannot use VPC Service Controls to protect folder-level and organization-level simulations of deny policies. Deny policy simulations on resources outside of the service perimeter still return complete results, and deny policy simulations on project-level resources are protected.

The API for Essential Contacts can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Essential Contacts, refer to theproduct documentation.

The Essential Contacts integration with VPC Service Controls has no known limitations.

The API for Identity Platform can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Identity Platform, refer to theproduct documentation.

• To fully protect Identity Platform, add the Secure Token API (securetoken.googleapis.com) to the service perimeter to allow token refresh.securetoken.googleapis.com is not listed on the VPC Service Controls page of the Google Cloud console. You can only add this service with thegcloud access-context-manager perimeters update command.

• If your application also integrates with theblocking functions feature, add Cloud Run functions (cloudfunctions.googleapis.com) to the service perimeter.

• The use of SMS-based multi-factor authentication (MFA), email authentication, or third-party identity providers causes data to be sent out of the perimeter. If you don't use MFA with SMS, email authentication, or third-party identity providers, disable these features.

The API for GKE Multi-Cloud can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about GKE Multi-Cloud, refer to theproduct documentation.

• To fully protect the GKE Multi-Cloud API, you must include the Kubernetes Metadata API (kubernetesmetadata.googleapis.com) as well in your perimeter.

The GKE On-Prem API can be protected by VPC Service Controls, and the API can be used normally inside service perimeters.

For more information about GKE On-Prem API, refer to theproduct documentation.

• To fully protect the GKE On-Prem API, add all of the following APIs to the service perimeter:

  • Kubernetes Metadata API (kubernetesmetadata.googleapis.com)
  • Cloud Monitoring API (monitoring.googleapis.com)
  • Cloud Logging API (logging.googleapis.com)
  Note that VPC Service Controls doesn't protect against Cloud Logging log exports on a folder or organization level.

You can create a cluster in your environment, which is connected to VPC using Cloud Interconnect or Cloud VPN.

For more information about Google Distributed Cloud (software only) for bare metal, refer to theproduct documentation.

• To protect your clusters, use Restricted VIP in Google Distributed Cloud (software only) for bare metal, and add all of the following APIs to the service perimeter:

• Artifact Registry API (artifactregistry.googleapis.com)
• Google Cloud Resource Manager API (cloudresourcemanager.googleapis.com)
• Compute Engine API (compute.googleapis.com)
• Connect Gateway API (connectgateway.googleapis.com)
• Google Container Registry API (containerregistry.googleapis.com)
• GKE Connect API (gkeconnect.googleapis.com)
• GKE Hub API (gkehub.googleapis.com)
• GKE On-Prem API (gkeonprem.googleapis.com)
• Cloud IAM API (iam.googleapis.com)
• Cloud Logging API (logging.googleapis.com)
• Cloud Monitoring API (monitoring.googleapis.com)
• Config Monitoring for Ops API (opsconfigmonitoring.googleapis.com)
• Service Control API (servicecontrol.googleapis.com)
• Cloud Storage API (storage.googleapis.com)

The API for On-Demand Scanning API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about On-Demand Scanning API, refer to theproduct documentation.

The On-Demand Scanning API integration with VPC Service Controls has no known limitations.

The API for Looker (Google Cloud core) can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Looker (Google Cloud core), refer to theproduct documentation.

• OnlyEnterprise orEmbed editions of Looker (Google Cloud core) instances using private IP connections support VPC Service Controls compliance. Looker (Google Cloud core) instances with public IP connections or both public and private IP connections do not support VPC Service Controls compliance. To create an instance that uses a private IP connection, selectPrivate IP in theNetworking section of theCreate instance page of the Google Cloud console.

• When placing or creating a Looker (Google Cloud core) instance inside a VPC Service Controls service perimeter, you must remove the default route to the internet by calling theservices.enableVpcServiceControls method or by running the followinggcloud command:
  
  gcloud services vpc-peerings enable-vpc-service-controls--network=your-network service=servicenetworking.googleapis.com
  
  Removing the default route restricts outgoing traffic to onlyVPC Service Controls compliant services. For example, sending email will fail because the API that is used to send email is not VPC Service Controls compliant.

• If you're usingShared VPC, ensure that you either include the Looker (Google Cloud core) service project in the same service perimeter as the Shared VPC host project or create aperimeter bridge between the two projects. If the Looker (Google Cloud core) service project and the Shared VPC host project are not in same perimeter or cannot communicate through a perimeter bridge, instance creation could fail or the Looker (Google Cloud core) instance may not function properly.

• If you're usingLooker Studio Pro orStudio in Looker}, the Looker connector can't connect to a Looker (Google Cloud core) instance that is inside a VPC Service Controls perimeter. For more information about limitations of the Looker connector, see theOverview of Looker connector requirements, limits, and feature support documentation page.

The API for Public Certificate Authority can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Public Certificate Authority, refer to theproduct documentation.

The Public Certificate Authority integration with VPC Service Controls has no known limitations.

• To use VPC Service Controls with storage batch operations,create a service perimeter to protect the following project and Google Cloud services:
  • Cloud Storage project
  • Storage batch operations API (storagebatchoperations.googleapis.com)
  • Cloud Storage API (storage.googleapis.com)
  • Optional: Cloud KMS API (cloudkms.googleapis.com), if you use the object encryption key updatesjob type.
• To allow access to storage batch operations from outside the perimeter, you mustconfigure ingress policies.

For more information about Storage batch operations, refer to theproduct documentation.

The Storage batch operations integration with VPC Service Controls has no known limitations.

The API for Storage Insights can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Storage Insights, refer to theproduct documentation.

The Storage Insights integration with VPC Service Controls has no known limitations.

To fully protect Dataflow Data Pipelines, include all of the following APIs in your perimeter:

• Dataflow API (dataflow.googleapis.com)
• Cloud Scheduler API (cloudscheduler.googleapis.com)
• Container Registry API (containerregistry.googleapis.com)

For more information about Dataflow Data Pipelines, refer to theproduct documentation.

The Dataflow Data Pipelines integration with VPC Service Controls has no known limitations.

The APIs for Security Command Center can be protected by VPC Service Controls, and Security Command Center can be used normally inside service perimeters.

Thesecuritycenter.googleapis.com andsecuritycentermanagement.googleapis.com services are bundled together. When you restrict thesecuritycenter.googleapis.com service in a perimeter, the perimeter restricts thesecuritycentermanagement.googleapis.com service by default. You cannot add thesecuritycentermanagement.googleapis.com service to the list of restricted services in a perimeter because it is bundled withsecuritycenter.googleapis.com.

For more information about Security Command Center, refer to theproduct documentation.

• VPC Service Controls doesn't support access to folder-level or organization-level Security Command Center API resources from resources and clients inside a service perimeter. VPC Service Controls protects project-level Security Command Center API resources. You can specify an egress policy to prevent access to project-level Security Command Center API resources from projects inside the perimeter.
• VPC Service Controls doesn't support adding folder-level or organization-level Security Command Center API resources into a service perimeter. You cannot use a perimeter to protect folder-level or organization-level Security Command Center API resources. To manage Security Command Center permissions at the folder or organization level, we recommend using IAM.
• VPC Service Controls doesn't support thesecurity posture service because security posture resources (such as postures, posture deployments, and predefined posture templates) are organization-level resources.
• You cannot export findings at the folder or organization level into destinations inside a service perimeter.
• VPC Service Controls doesn't support Google Security Operations (Google Security Operations SIEM and Google Security Operations SOAR). Enabling Security Command Center Enterprise on projects within a service perimeter might lead to violations from unsupported security operations services. If you have VPC Service Controls configured, before you create a Google Security Operations instance, move the Google Cloud Platform project and Cloud Key Management Service (Cloud KMS) for customer-managed encryption keys (CMEK) project outside the VPC Service Controls perimeter.
• You must enable perimeter access in the following scenarios:
  • When youenable finding notifications at the folder or organization level and the Pub/Sub topic is inside a service perimeter.
  • When you export data to BigQuery from the folder or organization level and BigQuery is inside a service perimeter.
  • When you integrate Security Command Center with a supported third-party SIEM or SOAR product and the product is deployed inside a service perimeter in a Google Cloud Platform environment. Supported SIEMs and SOARs includeSplunk andIBM QRadar.
  • When you enableAssured Open Source Software within a service perimeter.
  • When you want Virtual Machine Threat Detection to scan VMs in your service perimeters.
  • When you want toallow Vulnerability Assessment for Google Cloud to scan VMs in your perimeters.
  • To use Container Threat Detection, you must grant the service account for Container Threat Detection inbound access to that service perimeter.
  • When you want Event Threat Detection to monitor logging streams in Security Command Center within VPC Service Controls perimeters.
  • When you want to use Mandiant Attack Surface Management in Security Command Center within VPC Service Controls perimeters.

The API for Cloud Customer Care can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Cloud Customer Care, refer to theproduct documentation.

The API for AI Applications - Vertex AI Search can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about AI Applications - Vertex AI Search, refer to theproduct documentation.

To ensure that Confidential Space functions correctly across perimeter boundaries, you must configure egress rules.

• If your Confidential Space needs to access Cloud Storage buckets outside your perimeter, create an egress rule to allow access to those buckets.
• If you are enabling Confidential Space API on Compute Engine resources outside your perimeter, create an egress rule to allow access to this API.

For more information about Confidential Space, refer to theproduct documentation.

To use VPC Service Controls protection when connecting to the serial console for a virtual machine (VM) instance, you need to specify aningress rule for the service perimeter. When setting up the ingress rule, the access level for the source must be an IP-based value and the service name set tossh-serialport.googleapis.com. The ingress rule is required to access the serial console even if the source request and target resource are in the same perimeter.

For more information about Serial console, refer to theproduct documentation.

For more information about Google Cloud VMware Engine, refer to theproduct documentation.

To learn how to control access to Dataform with VPC Service Controls, seeConfigure VPC Service Controls for Dataform.

For more information about Dataform, refer to theproduct documentation.

Web Security Scanner and VPC Service Controls are subject to different terms of service. Review the terms of each product for details.

Web Security Scanner sends the findings to Security Command Center on demand. You can view or download the data from the Security Command Center dashboard.

For more information about Web Security Scanner, refer to theproduct documentation.

The Web Security Scanner integration with VPC Service Controls has no known limitations.

• You need to configureCertificate Authority Service with a working certificate authority before creating Secure Source Manager VPC Service Controls instances.
• You need to configurePrivate Service Connect before accessing the Secure Source Manager VPC Service Controls instance.

For more information about Secure Source Manager, refer to theproduct documentation.

• SERVICE_NOT_ALLOWED_FROM_VPC audit log violation caused by GKE limitations can be ignored.
• To open the VPC Service Controls web interface with a browser, the browser needs access to the following URLs:
  • https://accounts.google.com
  • https://LOCATION_OF_INSTANCE-sourcemanagerredirector-pa.client6.google.com
    • For example,https://us-central1-sourcemanagerredirector-pa.client6.google.com
  • https://lh3.googleusercontent.com

• The APIs for Secure Web Proxy can be protected by VPC Service Controls and the product can be used normally inside service perimeters.
• If you provision your proxy with acertificate, then you must also include the Certificate Manager API (certificatemanager.googleapis.com) in your service perimeter.
• If youenable TLS inspection for your proxy, then you must also include theCertificate Authority Service API (privateca.googleapis.com) in your service perimeter.

For more information about Secure Web Proxy, refer to theproduct documentation.

The Secure Web Proxy integration with VPC Service Controls has no known limitations.

The API for API keys can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about API keys, refer to theproduct documentation.

The API keys integration with VPC Service Controls has no known limitations.

The Cloud Controls Partner API can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Partner console in Sovereign Controls by Partners, refer to theproduct documentation.

The API for Microservices can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Microservices, refer to theproduct documentation.

The Microservices integration with VPC Service Controls has no known limitations.

Theearthengine.googleapis.com andearthengine-highvolume.googleapis.com services are bundled together. When you restrict theearthengine.googleapis.com service in a perimeter, the perimeter restricts theearthengine-highvolume.googleapis.com service by default. You cannot add theearthengine-highvolume.googleapis.com service to the list of restricted services in a perimeter because it is bundled withearthengine.googleapis.com.

For more information about Earth Engine, refer to theproduct documentation.

App Hub enables you to discover and organize infrastructure resources into applications. You can use VPC Service Controls perimeters to protect the App Hub resources.

For more information about App Hub, refer to theproduct documentation.

The Cloud Code API can be protected by VPC Service Controls. To use Gemini-powered features in Cloud Code, an ingress policy must be configured to allow traffic from IDE clients. See theGemini documentation for details.

For more information about Cloud Code, refer to theproduct documentation.

The Cloud Code integration with VPC Service Controls has no known limitations.

VPC Service Controls perimeter protects the Commerce Org Governance API for Google Private Marketplace.

For more information about Commerce Org Governance API, refer to theproduct documentation.

To restrict the internet traffic, use organization policies. Invoke theCREATE orUPDATE methods of the Google Cloud Contact Center as a Service API toapply the organization policy constraints manually.

For more information about Google Cloud Contact Center as a Service, refer to theproduct documentation.

The Google Cloud Contact Center as a Service integration with VPC Service Controls has no known limitations.

The API for Privileged Access Manager can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Privileged Access Manager, refer to theproduct documentation.

The API for Service Usage can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Service Usage, refer to theproduct documentation.

VPC Service Controls doesn't support the restriction ofService Usage API'sv1beta1 methods and blocks calls to these methods through the restricted VIP.

The API for Audit Manager can be protected by VPC Service Controls and the product can be used normally inside service perimeters.

For more information about Audit Manager, refer to theproduct documentation.