Creating a perimeter bridge

This page describes how to create service perimeter bridges.

Before you begin

Create a perimeter bridge

Console

  1. In the Google Cloud console navigation menu, clickSecurity, and thenclickVPC Service Controls.

    Go to the VPC Service Controls page

  2. If you are prompted, select your organization.

  3. On theVPC Service Controls page, clickNew perimeter.

  4. On theCreate a service perimeter page, in theTitle field,enter a name for the perimeter.

    You can search for a perimeter only using its name, so we recommendusing a unique name for the perimeter. You can't search for a perimeterusing its ID.

  5. Optional: In theDescription field, enter a description for the perimeter.

  6. ForPerimeter type, selectBridge.

  7. ForEnforcement mode, select a perimeter enforcement mode. The availableoptions areDry run andEnforced.

    For more information about the dry run and enforced modes, seeService perimeterdetails and configuration.

  8. ClickContinue.

  9. Select the projects that you want to secure within the perimeter:

    1. ClickAdd projects.

    2. In theAdd projects pane, in each row corresponding to aproject that you want to add to the perimeter, select the checkbox.

    3. ClickAdd selected projects.

  10. ClickCreate.

gcloud

To create a perimeter bridge, use the following command:

gcloud access-context-manager perimeters createBRIDGE_NAME \  --title="BRIDGE_TITLE" --perimeter-type=bridge \  --resources=PROJECTS \  --policy=POLICY_NAME

Where:

  • BRIDGE_NAME is the name of the perimeter bridge you arecreating.

  • BRIDGE_TITLE is the title of the bridge.

  • PROJECTS is a comma-delimited list of one or more project IDs.For example:projects/100712 orprojects/100712,projects/233130. Only numeric IDs are supported. Youcannot use the project name.

  • POLICY_NAME is the numeric name of your organization's accesspolicy. For example,330193482019.

API

To create a perimeter bridge, callaccessPolicies.servicePerimeters.create.

POST https://accesscontextmanager.googleapis.com/v1/accessPolicies/POLICY_NAME/servicePerimeters

Where:

  • POLICY_NAME is the numeric name of your organization's accesspolicy. For example,330193482019.

Request body

The request body must include aServicePerimeterresource that defines the perimeter bridge.

For theServicePerimeter resource, specifyPERIMETER_TYPE_BRIDGE forperimeterType.

Response body

If successful, the response body for the call contains anOperation resource that provides details about thePOST operation.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.