Stay organized with collections
Save and categorize content based on your preferences.
To validate its attestation token, Confidential Space needs to download
certificates from Cloud Storage buckets. If these buckets reside outside
your perimeter, you must configure the following egress rule:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-09 UTC."],[[["\u003cp\u003eConfidential Space requires downloading certificates from Cloud Storage buckets, necessitating an egress rule for \u003ccode\u003estorage.googleapis.com\u003c/code\u003e with \u003ccode\u003egoogle.storage.objects.get\u003c/code\u003e method access to projects \u003ccode\u003e870449385679\u003c/code\u003e and \u003ccode\u003e180376494128\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ecloud-shielded-ca-prod\u003c/code\u003e (project \u003ccode\u003e870449385679\u003c/code\u003e) project contains attestation certificates, while \u003ccode\u003ecloud-shielded-ca-prod-root\u003c/code\u003e (project \u003ccode\u003e180376494128\u003c/code\u003e) contains root certificates.\u003c/p\u003e\n"],["\u003cp\u003eIf the Compute Engine API is within a restricted perimeter, an egress rule must be created for \u003ccode\u003ecompute.googleapis.com\u003c/code\u003e, specifically allowing the \u003ccode\u003eInstancesService.Insert\u003c/code\u003e method to project \u003ccode\u003e30229352718\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe project \u003ccode\u003econfidential-space-images\u003c/code\u003e (project \u003ccode\u003e30229352718\u003c/code\u003e) houses the Confidential Space VM images.\u003c/p\u003e\n"]]],[],null,[]]
