A company is setting up a new Google Cloud organization for DevOps. They want to enforce that all projects have a specific set of VPC Service Controls perimeters. Which approach should they use to ensure these perimeters are automatically applied to all new projects?
Trap 1: Configure Cloud Shell to run a script that creates a perimeter when…
Cloud Shell is not designed for automated enforcement triggers.
Trap 2: Use Deployment Manager to deploy a configuration that creates a…
This is reactive and not automatic; requires manual trigger or script.
Trap 3: Create a VPC Service Controls perimeter and add the organization…
Perimeters cannot be applied to the organization node directly; they apply to projects.
- A
Configure Cloud Shell to run a script that creates a perimeter when a new project is created.
Why wrong: Cloud Shell is not designed for automated enforcement triggers.
- B
Define an organization policy with a constraint that requires all projects to be within a perimeter.
Organization policies can enforce constraints like 'vpcServiceControls' across projects.
- C
Use Deployment Manager to deploy a configuration that creates a perimeter for each new project.
Why wrong: This is reactive and not automatic; requires manual trigger or script.
- D
Create a VPC Service Controls perimeter and add the organization node as a member.
Why wrong: Perimeters cannot be applied to the organization node directly; they apply to projects.