Blog Studio Go to console

    VPC Service Controls

    VPC Service Controls lets organizations define a perimeter around Google Cloud resources to mitigate data exfiltration risks. With VPC Service Controls, you create perimeters that protect the resources and data of services that you explicitly specify.

    Bundled Cloud Firestore services

    The following APIs are bundled together in VPC Service Controls:

    • firestore.googleapis.com
    • datastore.googleapis.com
    • firestorekeyvisualizer.googleapis.com

    When you restrict the firestore.googleapis.com service in a perimeter, the perimeter also restricts the datastore.googleapis.com and firestorekeyvisualizer.googleapis.com services.

    Restrict the datastore.googleapis.com service

    The datastore.googleapis.com service is bundled under the firestore.googleapis.com service. To restrict the datastore.googleapis.com service, you must restrict the firestore.googleapis.com service as follows:

    • When creating a service perimeter using the Google Cloud console, add Cloud Firestore as the restricted service.

    • When creating a service perimeter using the Google Cloud CLI , use firestore.googleapis.com instead of datastore.googleapis.com .

       --perimeter-restricted-services=firestore.googleapis.com

    App Engine legacy bundled services for Datastore

    App Engine legacy bundled services for Datastore don't support service perimeters. Protecting the Datastore service with a service perimeter blocks traffic from App Engine legacy bundled services. Legacy bundled services include:

    Egress protection on import and export operations

    Cloud Firestore with MongoDB compatibility supports VPC Service Controls but requires additional configuration to get full egress protection on import and export operations. You must use the Cloud Firestore service agent to authorize import and export operations instead of the default App Engine service account. Use the following instructions to view and configure the authorization account for import and export operations.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: