Deploy resources in a service perimeter
Stay organized with collections
Save and categorize content based on your preferences.
To guard against data exfiltration, create a service perimeter around your
App Design Center resources. The perimeter protects
App Design Center resources in your management project, including
application templates and applications. You create a service perimeter using
VPC Service Controls with
Cloud Build private pools.
To configure your service perimeter, do the following:
Create the worker pool in a project in the perimeter.
The Cloud Build job needs to access the public internet to download
Terraform modules and providers. To create network rules to allow access,
see Enable public internet calls on the VPC network.
In the service perimeter, add management projects where you set up
App Design Center.
Grant the WorkerPool User (roles/cloudbuild.workerPoolUser) role to your
deployment service account.
If you use a restricted VIP to restrict access to VPC Service Controls enabled
service, configure DNS to resolve *.googleapis.com to the restricted VIP.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-12-04 UTC."],[],[]]
