Certificate Authority as a Service and VPC Service Controls GCP
Certificate Authority as a Service
CAs as a service are part of GCP's offerings now.
Certificate Authority as a Service, like all GCP networking services, are tied to a VPC within a project (just like a Cloud SQL Service would be).
Hence, being tied to a VPC, these CAS can be protected by VPC Service Controls and a VPC service perimeter.
A VPC Service Perimeter's access can be one of 4 types
- Perimeter Bridge - Service to Service Perimeter Access
- External Ingress Access
- Egress to External Targets
- Access Levels
Access Levels define a way to protect data per data classification. E.g. - a HIGH access level can be created and tied to data in a specific storage bucket or compute instance (persistent disk).
Summary
Now that CAs as a service are part of GCP's offerings, one can use regular VPC Service Controls and Perimeters to protect this service.
Leave a Reply