VPC Service Controls

Confidential Space requires read access to Cloud Storage buckets to download the certificates that are used to validate its attestation token. If these Cloud Storage buckets are located outside your perimeter, you must create the following egress rule:

- egressTo:
      operations:
      - serviceName: storage.googleapis.com
        methodSelectors:
        - method: google.storage.objects.get
      resources:
      - projects/870449385679
      - projects/180376494128
    egressFrom:
      identityType: ANY_IDENTITY

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-10-30 UTC.