Restrict Google Cloud Console to IP address range

Question

I need to restrict GCP console access to a specific IP address range, been doing some research online and it seems like I have to use Access Context Manager, however I can figure out how to link that access context to users and groups. Any idea how to do that or if that's really the right way?

Answer 1

Restricting Google Cloud Console to IP address range is possible using BeyondCorp Enterprise it ensure the individuals and groups within your organization satisfying the defined access requirements are able to access the Google Cloud Console.

Steps to set up this feature:

1. [Optional] Deploy Endpoint Verification to devices in your organization.
2. Create an access level in Access Context Manager.
3. Create a group of users to be bound by BeyondCorp Enterprise restrictions.
4. Obtain the required Identity and Access Management permissions.
5. Create an access binding that enforces context-aware rules for the Google Cloud console and the Google Cloud APIs.

Here's also a step on Creating an access binding to map between group of users created and the Access Context Manager access level you defined for accessing the Google Cloud console.

1. Go to the BeyondCorp Enterprise page in the Google Cloud console.
2. Choose an organization and click Select.
3. Click Manage access to choose which user groups should have access.
4. Click Add and configure the following:

• Member groups: Specify the group you want to grant access. Only groups not already bound to an access level are available to be selected.

• Select access levels: Choose the access level that should be applied to the group.

5. Click Save.

Alternatively you can also use the VPC Service Controls to create perimeters that protect the resources and data of services.