Ensure that Private Service Connect (PSC) endpoints are configured for your Virtual Private Cloud (VPC) networks. Private Service Connect creates a secure, private tunnel between your VPC network and Google's services (or your own services in another VPC) so traffic never touches the public internet. This enhances security and avoids complexities of managing public connections. PSC endpoints are internal IP addresses within a consumer VPC network that allow secure and private access to Google APIs and services. Endpoints are established through forwarding rules linked to a service attachment. PSC service attachments are configurations that point to a producer's load balancer. This allows clients in a consumer VPC network to access that load balancer privately and securely.
excellence
Private Service Connect offers a secure, performant, and scalable approach to accessing Google Cloud managed services privately from within your VPC network. It strengthens security posture, provides more granular network control, and can contribute to improved application performance and cost management.
Audit
To determine if Private Service Connect endpoints are configured for your VPC networks, perform the following operations:
Remediation / Resolution
To create and configure Private Service Connect (PSC) endpoints for privately accessing services in another VPC network, perform the following operations:
References
- Google Cloud Platform (GCP) Documentation
- Private Service Connect
- About accessing published services through endpoints
- Access published services through endpoints
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud compute networks list
- gcloud compute forwarding-rules list
- gcloud compute service-attachments list
- gcloud compute addresses create
- gcloud compute forwarding-rules create