GCP Access levels are an extra level of security requirements based on request
attributes. You can require that incoming requests meet these access levels in order
to access resources.
To allow Cloud Posture the permission to access the VPC Service Controls managed
resources.
You will need to set up:
Procedure
- Create an access level
- Open the Access Context Manager page in the Google Cloud console.
- If you are prompted, select your organization.
- At the top of the Access Context Manager page, click New.
- In the New Access Level pane, in the Conditions section, click Add attribute and then click IP Subnetworks.
- In the IP Subnetworks box, enter one or more IPv4 or IPv6 ranges formatted as CIDR blocks.
- You would enter the list of IP address which can found below for the matching region in the IP Subnetworks box.
- Click Save.
- Adding an access level to an existing perimeter Once you have
created/updated an access level, you can apply it to a service perimeter to
control access.
- In the Google Cloud console navigation menu, click Security, and then click VPC Service Controls.
- On the VPC Service Controls page, in the table, click the name of the service perimeter that you want to modify.
- On the Edit VPC Service Perimeter page, click the Choose Access Level box.
- Select the check boxes corresponding to the access levels that you want to apply to the service perimeter.
- Click Save.
What to do next
Region
|
Addresses
|
us-west-2 (Oregon)
|
|
ap-southeast-2 (Sydney)
|
|
eu-west-1 (Ireland)
|
|
Ca-central-1 (Canada)
|
|
ap-southeast-1 (Singapore)
|
|
eu-central-1, CloudOne Germany (de-1)
|
|
ap-northeast-1, CloudOne Japan (jp-1)
|
|