GCPcloud~30 mins

VPC Service Controls in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

VPC Service Controls Setup in GCP

📖 Scenario: You work for a company that wants to protect its sensitive data in Google Cloud Platform (GCP). They want to create a secure perimeter around their cloud resources to prevent data exfiltration.VPC Service Controls help create this security boundary.

🎯 Goal: Build a VPC Service Controls perimeter that includes specific projects to protect sensitive data.

📋 What You'll Learn

Create a service perimeter resource with a specific name

Add two projects to the perimeter's restricted resources list

Set the perimeter type to 'PERIMETER_TYPE_REGULAR'

Enable the perimeter with the correct configuration

💡 Why This Matters

🌍 Real World

Companies use VPC Service Controls to protect sensitive data by creating security perimeters around their cloud projects and services.

💼 Career

Cloud security engineers and architects configure VPC Service Controls to prevent data leaks and enforce security policies in GCP environments.

Progress0 / 4 steps

Create the initial service perimeter resource

Create a variable called service_perimeter as a dictionary with the key name set to "projects/my-company/servicePerimeters/my-perimeter".

GCP

# Create the service_perimeter dictionary with the name key
# Your code here

Need a hint?

Think of service_perimeter as a container that holds the perimeter's identity.

Add the list of restricted projects

Add a key spec to service_perimeter with a nested dictionary containing the key resources. Set resources to a list with these exact strings: "projects/project-123" and "projects/project-456".

GCP

service_perimeter = {
    "name": "projects/my-company/servicePerimeters/my-perimeter"
}
# Add the spec key with resources list
# Your code here

Need a hint?

The spec key holds the perimeter's configuration details.

Set the perimeter type

Inside the spec dictionary of service_perimeter, add the key perimeterType with the value "PERIMETER_TYPE_REGULAR".

GCP

service_perimeter = {
    "name": "projects/my-company/servicePerimeters/my-perimeter",
    "spec": {
        "resources": [
            "projects/project-123",
            "projects/project-456"
        ]
        # Add perimeterType here
    }
}
# Your code here

Need a hint?

The perimeter type defines how the perimeter behaves. Use the regular type for standard perimeters.

Enable the service perimeter

Add the key status to service_perimeter with the same dictionary as spec to enable the perimeter configuration.

GCP

service_perimeter = {
    "name": "projects/my-company/servicePerimeters/my-perimeter",
    "spec": {
        "resources": [
            "projects/project-123",
            "projects/project-456"
        ],
        "perimeterType": "PERIMETER_TYPE_REGULAR"
    }
}
# Add status key with the same spec dictionary
# Your code here

Need a hint?

The status key activates the perimeter with the same settings as spec.