Console
    Contact Us Start free

    Configuring ingress and egress policies

    This page explains how to configure ingress and egress policies for your VPC Service Controls perimeter.

    Ingress and egress policies can be configured for existing perimeters or included when a perimeter is created.

    Updating ingress and egress policies for a service perimeter

    Console

    1. In the Google Cloud console navigation menu, click Security, and then click VPC Service Controls.

      Go to the VPC Service Controls page

    2. Select an existing service perimeter.

    3. Click Edit.

    4. On the Edit service perimeterpage, click Ingress policyor Egress policy.

    5. Expand the ingress or egress rule that you want to edit.

    6. In the Fromand Tosections, edit the ingress or egress rule attributes that you want to change.

      The YAML attribute reference describes the same attributes that are found in the Google Cloud console, however the Google Cloud console uses slightly different names.

    7. Click Save.

    gcloud

    To update a perimeter policy, run one of the following commands replacing variables with appropriate values:

    gcloud access-context-manager perimeters update PERIMETER_NAME 
--set-ingress-policies= INGRESS-FILENAME 
.yaml

gcloud access-context-manager perimeters update PERIMETER_NAME 
--set-egress-policies= EGRESS-FILENAME 
.yaml

    For example:

    gcloud access-context-manager perimeters update my-perimeter --set-ingress-policies=my-ingress-rule.yaml

    For information about configuring ingress and egress rules as YAML files, see Ingress rules reference and Egress rules reference .

    Setting ingress and egress policies during perimeter creation

    Console

    1. In the Google Cloud console navigation menu, click Security, and then click VPC Service Controls.

      Go to the VPC Service Controls page

    2. Click New perimeter.

      For information about the other service perimeter configurations, see Create a service perimeter .

    3. On the Create a service perimeterpage, click Ingress policyor Egress policy.

    4. Click Add rule.

    5. In the Fromand Tosections, specify the ingress or egress rule attributes that you want to configure.

      The YAML attribute reference describes the same attributes that are found in the Google Cloud console, however the Google Cloud console uses slightly different names.

    6. Click Create.

    gcloud

    Run the following command during the creation of a perimeter to create an ingress/egress policy:

    gcloud access-context-manager perimeters create PERIMETER_NAME 
--title= TITLE 
--ingress-policies= INGRESS-FILENAME 
.yaml --restricted-services= SERVICE 
--resources="projects/ PROJECT 
"

gcloud access-context-manager perimeters create PERIMETER_NAME 
--title= TITLE 
--egress-policies= -EGRESS-FILENAME 
.yaml --restricted-services= SERVICE 
--resources="projects/ PROJECT 
"

    For example:

    gcloud access-context-manager perimeters create my-perimeter --title=perimeter-for-project-1 --ingress-policies=my-ingress-rule.yaml --restricted-services=storage.googelapis.com --resources="projects/myproject"

    For information about configuring ingress and egress rules as YAML files, see Ingress rules reference and Egress rules reference .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: