Stay organized with collections
Save and categorize content based on your preferences.
VPC Service Controls enhance the security of your data by allowing you to define a service perimeter around Google Cloud resources. This service perimeter constrains the movement of data across the perimeter boundary, which mitigates data exfiltration risks.
Designated an
admin project
in your Ads Data Hub account.
Updated your service account to an email address containing
gcp-sa-adsdatahub.iam.gserviceaccount.com. If you haven't done this, or
are unsure whether you need to,
contact Ads Data Hub support.
Contacted Ads Data Hub support to configure your account for VPC Service
Controls.
Enable VPC Service Controls
If you haven't previously set up VPC Service Controls, refer to the VPC Service Controls quickstart. The quickstart will guide you through the initial setup of VPC Service Controls. Once you have completed the quickstart, follow the instructions below.
Ads Data Hub-specific setup
Navigate to the VPC Service Controls console and select an existing service perimeter.
Add the projects that you want to secure within the perimeter. You must include the admin project and any projects you use for input or output data in Ads Data Hub.
Add Ads Data Hub and BigQuery as restricted services within the perimeter.
Certain Ads Data Hub features (such as custom audience activation, user-provided data matching, and LiveRamp match tables) require certain user data to be exported outside of the VPC Service Controls perimeter. If Ads Data Hub is added as a restricted service, it will bypass VPC Service Controls policies for these features in order to retain their capabilities.
All dependent services must be included as allowed services in the same VPC
Service Controls perimeter. For example, since Ads Data Hub relies on
BigQuery, BigQuery must also be added. In general, VPC Service Controls best
practices recommend including all services in the perimeter, i.e. "restricting
all services".
Customers with dual-tier Ads Data Hub account structures, such as agencies
with subsidiaries, should have all of their admin projects in the same
perimeter. For simplicity, Ads Data Hub recommends that customers with
dual-tier account structures restrict their admin projects to the same Google
Cloud organization.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-18 UTC."],[[["Ads Data Hub can be integrated with VPC Service Controls to enhance data security by defining a service perimeter, though this feature is currently in preview."],["Before enabling VPC Service Controls, ensure an admin project is designated, the service account is updated, and Ads Data Hub support is contacted for account configuration."],["To enable, select an existing service perimeter, add relevant projects (including the admin project and data input/output projects), and add Ads Data Hub and BigQuery as restricted services within the perimeter."],["Certain Ads Data Hub features will bypass VPC Service Controls policies to maintain functionality, and dependent services like BigQuery must be included in the same perimeter for proper operation."],["For customers with dual-tier Ads Data Hub account structures, all admin projects should ideally be within the same perimeter or Google Cloud organization for streamlined management."]]],["VPC Service Controls can be set up for Ads Data Hub to enhance data security. Key actions include: adding your Ads Data Hub admin project and data projects to a defined service perimeter, and including Ads Data Hub and BigQuery as restricted services within that perimeter. Ensure your service account is updated and that Ads Data Hub support has configured your account for this feature. Note that certain Ads Data Hub features will bypass the VPC Service Controls. It is recommended to restrict all services.\n"]]
