0
0
GCPcloud~30 mins

Access Context Manager in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Access Context Manager Setup in Google Cloud
📖 Scenario: You are working for a company that wants to control access to its Google Cloud resources based on user location and device security status. To do this, you will use Access Context Manager to create access levels and a service perimeter.
🎯 Goal: Build an Access Context Manager configuration that defines an access level with specific conditions and then create a service perimeter that uses this access level to protect resources.
📋 What You'll Learn
Create an access level named office_access with a condition that allows access only from IP addresses in the range 192.168.0.0/16.
Create a service perimeter named secure_perimeter that includes the project projects/123456789.
Configure the service perimeter to use the office_access access level for ingress policies.
💡 Why This Matters
🌍 Real World
Companies use Access Context Manager to enforce security policies that restrict access to cloud resources based on user location, device security, and other conditions.
💼 Career
Understanding how to configure access levels and service perimeters is essential for cloud security engineers and administrators managing secure environments in Google Cloud.
Progress0 / 4 steps
1
Create the Access Level Definition
Create a variable called access_level that holds a dictionary with the key name set to "accessPolicies/1000/accessLevels/office_access" and a key basic containing a conditions list with one condition. This condition should have ipSubnetworks set to a list containing "192.168.0.0/16".
GCP
Need a hint?

Use a dictionary with keys name and basic. Inside basic, add conditions as a list with one dictionary containing ipSubnetworks.

2
Create the Service Perimeter Configuration
Create a variable called service_perimeter that holds a dictionary with the key name set to "accessPolicies/1000/servicePerimeters/secure_perimeter", a key resources set to a list containing "projects/123456789", and a key status with a nested key ingressPolicies set to an empty list.
GCP
Need a hint?

Use a dictionary with keys name, resources, and status. Inside status, add ingressPolicies as an empty list.

3
Add Ingress Policy Using the Access Level
Add a dictionary to the ingressPolicies list inside service_perimeter["status"]. This dictionary should have a key accessLevels set to a list containing the string "accessPolicies/1000/accessLevels/office_access".
GCP
Need a hint?

Append a dictionary with key accessLevels to the ingressPolicies list inside service_perimeter["status"].

4
Finalize the Access Context Manager Configuration
Add a key title with the value "Secure Perimeter" to the service_perimeter dictionary and a key description with the value "Perimeter restricting access to office IP range".
GCP
Need a hint?

Add "title" and "description" keys directly to the service_perimeter dictionary.