Reputation: 351
How to restrict users to single VPC in Google cloud platform?
If I have 2 VPCs set up for 2 different teams on a single project in GCP and want to give the IAM users the access to one single VPC and the resources in that VPC only, how to I do that in Google cloud platform? what IAM roles has to be assigned to these users?
Upvotes: 0
Views: 482
Answers (1)
Reputation: 76083
You can't achieve this easily and out of the box. The VPC is a resource, you can restrict access on this resource. VM (on this VPC) are also resources, and the permissions provided on the VPC aren't inherited to the resource that use this VPC.
You can to use a new feature, named asset relationship that provide you the relation between the assets. Like that you could get the asset (resources) in relation with your VPC and enforce the same restriction on all these resources. But you need to code this, it's not out of the box, and the feature still in preview.
Upvotes: 2
Related Questions
- Google Cloud Platform: Using VPC with managed instance groups
- GCP limit service account to have conditional access to a single instance
- Restrict access to Google Cloud VM to only Firebase server
- Restricting user access for VM in gcp
- How to secure a GCS bucket by using VPC network
- Restrict IAM users to a single VPC
- GCP VPC Service Control: Allow access to a subset of Service Projects that belong to the same Host Project
- GCP Organization wide service
- Allow one VPC and deny others in a VPC Service Perimeter GCP
- Shared VPC - Only share a specific subnet to a project