Our goal is to restrict a subset of our GCS buckets for use by a range of IP addresses.
We have several GCP projects in a university lab tied to a common billing account, where people generally use their gmail address for interacting with GCP resources. We believe we need to setup a service perimeter around our buckets using VPC Service Controls.
VPC Service Controls seem to require an organization. Creating an organization seems to require GSuite or Cloud Identity. Both of these options seem to require accounts to be setup on a specific domain. I do not want to ask people to create additional accounts, and migrate to using them.
Is there a path forward to having a collection of gmail users implement a service perimeter? Or is there another way to get IP-address restriction on GCS buckets?