The VPC service controls API being at the organization level makes this implementation more troublesome. Had this been at the project level, we could have. easily incorporated it via our deployment pipeline.
Hi Is there any way..Where we can opt/order only selected service's from project/folder in GCP (eg. Cloud Run only ) and other services (Eg : Load balance, Instance, storage) are blocked using "VPC Service Controls" for all the IAM users? Thanks
I don't know why we can't disable the api to be public even after creating private service connect links? In azure, if we enable private links on storage accounts, it won't have a public endpoint available. I think we should have similar options for the GCS buckets as well.
We are bit confused about accessing cloud function ..we want to make it private so added ingress setting to allow internal traffic but we unable to communicate from the GKE cluster with in the same project getting 403 error how could we do that
Sure, this was great. Please come up with more content like this.
Thanks GCP
SuperExfiltrationProtection!
Great content!
Could you do a similar video, but one that shows using the DLP API to protect from data exfil?
Hi Gary, thanks for your note - I will pass this feedback along to the team!
Simple but efficient!
The VPC service controls API being at the organization level makes this implementation more troublesome. Had this been at the project level, we could have. easily incorporated it via our deployment pipeline.
Basically firewall rules for your GCP services.
cloud.google.com/terms/identity/sla
Hi
Is there any way..Where we can opt/order only selected service's from project/folder in GCP (eg. Cloud Run only ) and other services (Eg : Load balance, Instance, storage) are blocked using "VPC Service Controls" for all the IAM users?
Thanks
I don't know why we can't disable the api to be public even after creating private service connect links? In azure, if we enable private links on storage accounts, it won't have a public endpoint available. I think we should have similar options for the GCS buckets as well.
What would happen if the malicious actor copied from the protected bucket to a local machine?
We are bit confused about accessing cloud function ..we want to make it private so added ingress setting to allow internal traffic
but we unable to communicate from the GKE cluster with in the same project getting 403 error
how could we do that
Great!
Where is the relation between VPC and Cloud storage bucket? did we ever setup cloud bucket within VPC ?
Why call it VPC when it is protecting an API endpoint?
exactly, very confusing
Smart Google haha