On the VPC Service Controls page, click New perimeter.
On the Create a service perimeter page, in the Title field,
enter a name for the perimeter.
You can search for a perimeter only using its name, so we recommend
using a unique name for the perimeter. You can't search for a perimeter
using its ID.
Optional: In the Description field, enter a description for the perimeter.
For Perimeter type, select Bridge.
For Enforcement mode, select a perimeter enforcement mode. The available
options are Dry run and Enforced.
BRIDGE_NAME is the name of the perimeter bridge you are
creating.
BRIDGE_TITLE is the title of the bridge.
PROJECTS is a comma-delimited list of one or more project IDs.
For example: projects/100712 or
projects/100712,projects/233130. Only numeric IDs are supported. You
cannot use the project name.
POLICY_NAME is the numeric name of your organization's access
policy. For example, 330193482019.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Creating a perimeter bridge\n\nThis page describes how to create service perimeter bridges.\n\nBefore you begin\n----------------\n\n- Read [Overview of VPC Service Controls](/vpc-service-controls/docs/overview)\n- Read [Service Perimeter Configuration](/vpc-service-controls/docs/service-perimeters#stages)\n- Read [Sharing across perimeters with bridges](/vpc-service-controls/docs/share-across-perimeters)\n\nCreate a perimeter bridge\n-------------------------\n\n### Console\n\n1. In the Google Cloud console navigation menu, click **Security** , and then\n click **VPC Service Controls**.\n\n [Go to the VPC Service Controls page](https://console.cloud.google.com/security/service-perimeter)\n2. If you are prompted, select your organization.\n\n3. On the **VPC Service Controls** page, click **New perimeter**.\n\n4. On the **Create a service perimeter** page, in the **Title** field,\n enter a name for the perimeter.\n\n You can search for a perimeter only using its name, so we recommend\n using a unique name for the perimeter. You can't search for a perimeter\n using its ID.\n5. Optional: In the **Description** field, enter a description for the perimeter.\n\n6. For **Perimeter type** , select **Bridge**.\n\n7. For **Enforcement mode** , select a perimeter enforcement mode. The available\n options are **Dry run** and **Enforced**.\n\n For more information about the dry run and enforced modes, see [Service perimeter\n details and configuration](/vpc-service-controls/docs/service-perimeters).\n8. Click **Continue**.\n\n9. Select the projects that you want to secure within the perimeter:\n\n 1. Click **Add projects**.\n\n 2. In the **Add projects** pane, in each row corresponding to a\n project that you want to add to the perimeter, select the checkbox.\n\n 3. Click **Add selected projects**.\n\n10. Click **Create**.\n\n### gcloud\n\nTo create a perimeter bridge, use the following command: \n\n```\ngcloud access-context-manager perimeters create BRIDGE_NAME \\\n --title=\"BRIDGE_TITLE\" --perimeter-type=bridge \\\n --resources=PROJECTS \\\n --policy=POLICY_NAME\n```\n\nWhere:\n\n- \u003cvar translate=\"no\"\u003eBRIDGE_NAME\u003c/var\u003e is the name of the perimeter bridge you are\n creating.\n\n- \u003cvar translate=\"no\"\u003eBRIDGE_TITLE\u003c/var\u003e is the title of the bridge.\n\n- \u003cvar translate=\"no\"\u003ePROJECTS\u003c/var\u003e is a comma-delimited list of one or more project IDs.\n For example: `projects/100712` or\n `projects/100712,projects/233130`. Only numeric IDs are supported. You\n cannot use the project name.\n\n- \u003cvar translate=\"no\"\u003ePOLICY_NAME\u003c/var\u003e is the numeric name of your organization's access\n policy. For example, `330193482019`.\n\n### API\n\nTo create a perimeter bridge, call [`accessPolicies.servicePerimeters.create`](/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters/create). \n\n```\nPOST https://accesscontextmanager.googleapis.com/v1/accessPolicies/POLICY_NAME/servicePerimeters\n```\n\nWhere:\n\n- \u003cvar translate=\"no\"\u003ePOLICY_NAME\u003c/var\u003e is the numeric name of your organization's access policy. For example, `330193482019`.\n\n### Request body\n\nThe request body must include a [`ServicePerimeter`](/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ServicePerimeter)\nresource that defines the perimeter bridge.\n\nFor the `ServicePerimeter` resource, specify `PERIMETER_TYPE_BRIDGE` for\n`perimeterType`.\n\n### Response body\n\nIf successful, the response body for the call contains an\n[`Operation`](/access-context-manager/docs/reference/rest/Shared.Types/Operation) resource that provides details about the\n`POST` operation."]]
