VPC Service Controls is a Google Cloud feature that lets you set up a service perimeter and create a data transfer boundary. You can use VPC Service Controls with Cloud Tasks to help protect your services.
Supported targets
Once you set up a service perimeter, HTTP requests from a Cloud Tasks execution are allowed for:
- Authenticated requests to VPC Service Controls-compliant
Cloud Run functions targets at
functions.netendpoints - Authenticated requests to VPC Service Controls-compliant
Cloud Run targets at
run.appendpoints
Examples of unsupported targets
Once you set up a service perimeter, non-compliant HTTP requests from a
Cloud Tasks execution are blocked and fail with a
TARGET_TYPE_NOT_PERMITTED_FOR_VPC error code. For example, requests to all of
the following are blocked:
- Non-VPC Service Controls-compliant Cloud Run functions
targets at
functions.netendpoints - Non-VPC Service Controls-compliant Cloud Run targets at
run.appendpoints - Cloud Run functions targets at non-
functions.netendpoints - Cloud Run targets at non-
run.appendpoints - Non-Cloud Run functions endpoints
- Non-Cloud Run endpoints
What's next
To set up a service perimeter, see Create a service perimeter.
To adjust the ingress settings of your Cloud Run function, see Configuring network settings.
To adjust the ingress settings of your Cloud Run service, see Restricting ingress for Cloud Run.
To learn more about VPC Service Controls, see the overview and supported products and limitations.