Stay organized with collections
Save and categorize content based on your preferences.
Google Cloud Virtual Private Cloud (VPC) Service Controls lets you set up a
secure perimeter to guard against data exfiltration. Configure
Cloud Quotas with
VPC Service Controls so that API
requests to Cloud Quotas stay within the VPC
service perimeter boundary.
Limitations
Because VPC Service Controls enforces boundaries at the project level,
Cloud Quotas requests that originate from clients within the
perimeter can only access organization resources if the organization sets up an
egress rule.
To set up an egress rule, see the VPC Service Controls instructions for
configuring ingress and egress policies
Enforced actions
VPC Service Controls is only enforced on the following
Cloud Quotas actions:
After setting up your service perimeter, VPC Service Controls checks calls
to the Cloud Quotas API to help make sure that the calls originate
from within the same perimeter.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eGoogle Cloud VPC Service Controls allows you to establish a secure perimeter to prevent data exfiltration, ensuring Cloud Quotas API requests remain within the designated boundary.\u003c/p\u003e\n"],["\u003cp\u003eVPC Service Controls for Cloud Quotas are enforced on specific actions, including quota preference creation, update, get, and list, as well as quota info get and list operations.\u003c/p\u003e\n"],["\u003cp\u003eTo access organization resources via Cloud Quotas from within the service perimeter, an egress rule must be configured by the organization.\u003c/p\u003e\n"],["\u003cp\u003eSetting up VPC Service Controls for Cloud Quotas involves creating a service perimeter, adding protected projects, and restricting the Cloud Quotas API within that perimeter, following provided instructions.\u003c/p\u003e\n"],["\u003cp\u003eAfter the perimeter is configured, VPC Service Controls verifies that calls to the Cloud Quotas API originate from within the same defined perimeter.\u003c/p\u003e\n"]]],[],null,["# Configure VPC Service Controls for Cloud Quotas\n\nGoogle Cloud Virtual Private Cloud (VPC) Service Controls lets you set up a\nsecure perimeter to guard against data exfiltration. Configure\nCloud Quotas with\n[VPC Service Controls](/vpc-service-controls/docs/overview) so that API\nrequests to Cloud Quotas stay within the VPC\nservice perimeter boundary.\n\nLimitations\n-----------\n\nBecause VPC Service Controls enforces boundaries at the project level,\nCloud Quotas requests that originate from clients within the\nperimeter can only access organization resources if the organization sets up an\n[egress rule](/vpc-service-controls/docs/ingress-egress-rules).\nTo set up an egress rule, see the VPC Service Controls instructions for\n[configuring ingress and egress policies](/vpc-service-controls/docs/configuring-ingress-egress-policies)\n\nEnforced actions\n----------------\n\nVPC Service Controls is only enforced on the following\nCloud Quotas actions:\n\n- [Quota preference](/docs/quotas/api-overview#quota_preference) creation, update, get and list.\n- [Quota info](/docs/quotas/api-overview#quota_info) get and list.\n\nFor examples of setting\n[`QuotaPreference`](/docs/quotas/api-overview#quota_preference) and\n[`QuotaInfo`](/docs/quotas/api-overview#quota_info), see the description of\nthe [API resource model](/docs/quotas/api-overview#api_resource_model).\nFor reference information, see the\n[REST API overview](/docs/quotas/reference/rest).\n\nSet up\n------\n\nFollow these steps to restrict the Cloud Quotas API to your\nVPC service perimeter:\n\n1. Follow the instructions to [set up the Cloud Quotas API](/docs/quotas/development-environment).\n\n2. Follow the [VPC Service Controls Quickstart](/vpc-service-controls/docs/set-up-service-perimeter)\n to complete the following tasks:\n\n 1. [Create a service perimeter](/vpc-service-controls/docs/set-up-service-perimeter#set-up-perimeter).\n 2. [Add projects to the perimeter](/vpc-service-controls/docs/set-up-service-perimeter#add-projects-perimeter) that you want to protect.\n 3. Restrict the Cloud Quotas API. For example, see these instructions that add [other Google Cloud APIs to the VPC service\n perimeter](/vpc-service-controls/docs/set-up-service-perimeter#secure-services-perimeter).\n\nAfter setting up your service perimeter, VPC Service Controls checks calls\nto the Cloud Quotas API to help make sure that the calls originate\nfrom within the same perimeter.\n\nWhat's next\n-----------\n\n- Learn about [VPC Service Controls](/vpc-service-controls/docs/overview).\n- See the Cloud Quotas entry in the [VPC Service Controls supported products table](/vpc-service-controls/docs/supported-products#table_quotas).\n- Refer to the description of the Cloud Quotas [API resource model](/docs/quotas/api-overview#api_resource_model) for examples."]]
