Restrict Access by IP

During incident response, to contain/remediate an incident, there are times when it is required to block an adversary’s IP address from accessing/utilising GCP resources.

Restrict Access to GCP Cloud Console

• Requires BeyondCorp Enterprise

• Reference

Restict Activities

• Users and service accounts are granted roles to perform activities on GCP

• Roles can optionally come with conditions (e.g. Compute Instance Admin role with a condition that it only applies to a specific compute instance only)

• It is currently not possible to restrict roles with a condition that the activity must (not) be performed from specified IP addresses

  • Feature request (pending for 2 years)

Restrict Access to Cloud Storage Bucket

• It is currently not possible to do so

• Feature request (pending for 5 years)