# Security perimeter

## What is P0's GCP security perimeter?

The P0 GCP security perimeter is a lightweight Cloud Run agent that allows P0 to manage access in your Google Cloud environment, while preventing malicious access to your environment.

## Prerequisites

* [Set up your P0 organization](https://docs.p0.dev/integrations/resource-integrations/google-cloud/..#set-up-your-organization).
* Identify a Google Cloud project where you want to install P0 GCP security perimeter. P0 recommends that you create a separate google cloud project to deploy this security perimeter.
* Obtain permissions to create a GCP cloud run service, create GCP roles, and add IAM bindings to the project. These permissions can be gained via the `editor` role.

{% hint style="info" %}
Contact P0 support for access to the GCP security perimeter code repo.
{% endhint %}

## Install the security perimeter

1. Choose the **IAM management security perimeter** component.

<div data-full-width="false"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-ec382bbd84e8ee43c7333643c3c8fb5bbba44308%2FScreenshot%202025-05-20%20at%2011.16.25%E2%80%AFAM.png?alt=media" alt="" width="560"><figcaption></figcaption></figure></div>

2. Click **Add project** to install a new project.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-32697c40d6c1c540616b8522561db1caf2b074f7%2FScreenshot%202025-05-20%20at%2011.16.35%E2%80%AFAM.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

3. Enter the Google project name into the **Project identifier** field.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-c8bf98216c517ada0f79f8955a89da0ea0918b8e%2FScreenshot%202025-05-20%20at%2011.16.41%E2%80%AFAM.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

4. The resulting page will display GCP commands to complete the installation.\
   Run these instructions in Cloud Shell:

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-60f32382eb02363d68f03d1d004ef90b17f427a0%2FScreenshot%202025-05-20%20at%2011.16.58%E2%80%AFAM.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

5. Retrieve the Cloud Run url by running the displayed command in Cloud Shell:

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-dd6f3a9f43f22a77ff69f782fb0c7d79895b639d%2FScreenshot%202025-05-20%20at%2011.17.12%E2%80%AFAM.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

6. Click **Finish** to complete the installation.

{% hint style="success" %}
Congratulations! You can now install Google Cloud IAM management component.
{% endhint %}