# Security perimeter

## What is P0's GCP security perimeter?

The P0 GCP security perimeter is a lightweight Cloud Run agent that allows P0 to manage access in your Google Cloud environment, while preventing malicious access to your environment.

## Prerequisites

* [Set up your P0 organization](/integrations/resource-integrations/google-cloud.md#set-up-your-organization).
* Identify a Google Cloud project where you want to install P0 GCP security perimeter. P0 recommends that you create a separate google cloud project to deploy this security perimeter.
* Obtain permissions to create a GCP cloud run service, create GCP roles, and add IAM bindings to the project. These permissions can be gained via the `editor` role.

{% hint style="info" %}
Contact P0 support for access to the GCP security perimeter code repo.
{% endhint %}

## Install the security perimeter

1. Choose the **IAM management security perimeter** component.

<div data-full-width="false"><figure><img src="/files/espYyEaCMZOPQRWLoiJQ" alt="" width="560"><figcaption></figcaption></figure></div>

2. Click **Add project** to install a new project.

<figure><img src="/files/bkgoWChD0MUeEOQkQjlR" alt="" width="563"><figcaption></figcaption></figure>

3. Enter the Google project name into the **Project identifier** field.

<figure><img src="/files/Yhkq6KXMwDJEFZGdZeQk" alt="" width="563"><figcaption></figcaption></figure>

4. The resulting page will display GCP commands to complete the installation.\
   Run these instructions in Cloud Shell:

<figure><img src="/files/tgVXFi04zoI8ifqPLPMC" alt="" width="563"><figcaption></figcaption></figure>

5. Retrieve the Cloud Run url by running the displayed command in Cloud Shell:

<figure><img src="/files/DdBLZPcWTNsg2b02Dfyz" alt="" width="563"><figcaption></figcaption></figure>

6. Click **Finish** to complete the installation.

{% hint style="success" %}
Congratulations! You can now install Google Cloud IAM management component.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/integrations/resource-integrations/google-cloud/security-perimeter.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.