You can use VPC Service Controls with AML AI to restrict data access and prevent data exfiltration, even by users and accounts which otherwise have the permissions in IAM to access data. This helps prevent access from unauthorized devices and networks.
VPC-SC for AML AI can be set up and monitored like any other VPC Service Controls service.
For more information about VPC-SC, see the VPC SC documentation.
Applying VPC-SC to the Google AML AI
Where VPC-SC is enabled, services consumed by AML AI must be accessible within the same VPC-SC perimeter. VPC-SC allows for complex configuration, but you should consider:
- Cloud KMS
- The BigQuery dataset (note that the input and output datasets must be in the same project)
- The network origin from which requests will be made