Restrict Access by IP
Contents
Restrict Access by IP#
During incident response, to contain/remediate an incident, there are times when it is required to block an adversary’s IP address from accessing/utilising GCP resources.
Restrict Access to GCP Cloud Console#
Requires BeyondCorp Enterprise
Restict Activities#
Users and service accounts are granted roles to perform activities on GCP
Roles can optionally come with conditions (e.g.
Compute Instance Admin
role with a condition that it only applies to a specific compute instance only)
It is currently not possible to restrict roles with a condition that the activity must (not) be performed from specified IP addresses
Restrict Access to Cloud Storage Bucket#
It is currently not possible to do so