Reputation: 1575
GCP Access Context Manager with IP range
I have a problem/question regarding GCP's Access Context Manager. I am just trying it out together with VPC Service Control and my idea is to limit access to GCP services within specific project.
What I did was I created service perimeter, added storage.googleapis.com as restricted service and attached access level to it.
Within access level I set up a condition to allow my public IPv4 CIDR (x.x.x.x/32). With that condition, I keep getting ERROR: Could not fetch resource: - Request is prohibited by organization's policy.
What I figured is if I add my public IPv6 CIDR in the condition, this works.
Any idea why this would not work on IPv4 address (I even added 0.0.0.0/0 for test there, but the error still persisted)? When going through logs, I see that within the requestMetadata.callerIp, IPv6 is used.
I was trying to use both gcloud CLI as well as GCP console for testing access.
Best regards, Bostjan
Upvotes: 0
Views: 398
Answers (1)
Reputation: 1
refer the link about how system chooses IPv6 or IPv4 protocol how do client applications know to use IPv4 or IPv6
If you disable IPv6 in your system then resources will be accessed through IPv4 address.Then the access level specified with IPv4 works
Upvotes: 0
Related Questions
- Issue with VPC Service Controls and Ingress Policy on Google Cloud
- How to change the project in GCP using CLI commands
- Unable to Allow IP Address Through VPC Service Controls on Google Cloud Platform[Artifact Registry Perimeter]
- GCP Cloud Workstations config degraded error
- CloudRun can't make outbound http(s) requests - Timeout
- Deploy CloudFunctions in VPC SC with cloud build
- GCP VPC Service Controls Allow for Downloads out of VM SSH Browser
- Allow one VPC and deny others in a VPC Service Perimeter GCP