VPC Service Controls can help you mitigate the risk of data exfiltration from Dialogflow. Use VPC Service Controls to create a service perimeter that protects the resources and data that you specify. For example, when you use VPC Service Controls to protect Dialogflow, the following artifacts cannot leave your service perimeter:
- Agent data
- Detect intent requests and responses
Limitations
The following limitations apply:
- Integrations let third-party applications directly connect to Agents regardless of if the Agent is within a service perimeter.
- Service Directory is not supported.
- When VPC Service Controls is enabled, webhook calls are blocked.
Service perimeter creation
A service perimeter acts as a virtual security boundary that isolates your Google Cloud resources. This ensures that sensitive data cannot be moved to unauthorized locations outside the perimeter. Services within the boundary can communicate freely, while access to or from resources external to that boundary is blocked.
When you create a service perimeter,
include Dialogflow (dialogflow.googleapis.com) as a protected service.
Include any services that you want to restrict (for example,
storage.googleapis.com, bigquery.googleapis.com) under the
Restricted services pane.
For more information about creating a service perimeter, see Creating a service perimeter in the VPC Service Controls documentation.