A customer needs to run a batch processing system on Compute Engine VMs and store the output in a Cloud Storage bucket. The security policy prohibits the VMs from having any internet access. How can this be achieved?