VPC Service Controls for Google Cloud Pub/Sub and Google Cloud Functions

You can now enable VPC Service Controls to further enhance security when commercetools Projects access your Google Cloud Pub/Sub and Google Cloud Functions infrastructure.

Enabling VPC Service Controls offers an additional layer of security for Google Cloud services. This layer is independent of Identity and Access Management (IAM) and provides a broader, context-based security perimeter, ensuring that resources are accessible exclusively within the Google Cloud Platform (GCP) infrastructure of commercetools.

We recommend enabling VPC Service Controls for:

• Google Cloud Pub/Sub Subscription Destinations: ensuring that only commercetools Subscription Messages can reach your Pub/Sub resources.
• Google Cloud Functions API Extension Destinations: ensuring that only API Extension requests from commercetools can access your Cloud Function resources.