GCP - Cloud IAM Advanced
After setting up a VPC Service Controls perimeter, external users can still access Cloud Storage buckets inside it. What is the most probable reason?
After setting up a VPC Service Controls perimeter, external users can still access Cloud Storage buckets inside it. What is the most probable reason?
medium📝 Debug Q6 of 15
Step-by-Step Solution
Solution:
Step 1: Understand perimeter enforcement
VPC Service Controls restrict access only to services listed in restrictedServices.Step 2: Check restrictedServices list
If Cloud Storage is not included, perimeter won't block access to it.Step 3: Consider other options
Dry run mode would not enforce restrictions but is less common; IAM roles do not override perimeter restrictions.Final Answer:
The perimeter does not include the Cloud Storage service in restrictedServices -> Option BQuick Check:
Verify restrictedServices includes all intended services. [OK]
Quick Trick: Ensure all services are listed in restrictedServices. [OK]
Common Mistakes:
- Assuming IAM roles bypass perimeter restrictions
- Not including all services in restrictedServices
- Confusing dry run mode with enforcement
Master "Cloud IAM Advanced" in GCP
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore GCP Quizzes