The following table lists products and services that are supported by Sovereign Controls by Partners for each control package. If a service is not listed for a given control package, that service is unsupported and has not met the control requirements for the control package. Unsupported products are not recommended for use by Sovereign Controls by Partners customers without due diligence and a thorough understanding of your responsibilities in the shared responsibility model . Unsupported products may share an API endpoint with supported products, making them available to all users.
| Access Context Manager | accesscontextmanager.googleapis.com |
| Access Transparency | accessapproval.googleapis.com |
| Artifact Registry | artifactregistry.googleapis.com |
| BigQuery [2] | bigquery.googleapis.com bigqueryconnection.googleapis.com bigquerydatapolicy.googleapis.com bigquerydatatransfer.googleapis.com bigqueryreservation.googleapis.com bigquerystorage.googleapis.com |
| Bigtable | bigtable.googleapis.com bigtableadmin.googleapis.com |
| Certificate Authority Service | privateca.googleapis.com |
| Cloud Composer | composer.googleapis.com |
| Compute Engine | compute.googleapis.com |
| Connect | gkeconnect.googleapis.com connectgateway.googleapis.com |
| Sensitive Data Protection | dlp.googleapis.com |
| Dataflow | dataflow.googleapis.com datapipelines.googleapis.com |
| Dataplex Universal Catalog | dataplex.googleapis.com datalineage.googleapis.com |
| Dataproc | dataproc-control.googleapis.com dataproc.googleapis.com |
| Cloud DNS | dns.googleapis.com |
| Filestore | file.googleapis.com |
| GKE Identity Service | anthosidentityservice.googleapis.com |
| GKE Hub | gkehub.googleapis.com |
| Google Cloud Armor | compute.googleapis.com |
| Identity and Access Management (IAM) | iam.googleapis.com |
| Identity-Aware Proxy | iap.googleapis.com |
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com |
| Cloud HSM | cloudkms.googleapis.com |
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com |
| Google Kubernetes Engine | container.googleapis.com containersecurity.googleapis.com |
| Cloud Load Balancing | compute.googleapis.com |
| Cloud Logging | logging.googleapis.com |
| Cloud Monitoring [3] | monitoring.googleapis.com |
| Memorystore for Redis | redis.googleapis.com |
| Network Connectivity Center | networkconnectivity.googleapis.com |
| Cloud NAT | networkconnectivity.googleapis.com |
| Cloud Router | networkconnectivity.googleapis.com |
| Cloud Service Mesh | mesh.googleapis.com meshconfig.googleapis.com trafficdirector.googleapis.com networkservices.google.com |
| Cloud Interconnect | networkconnectivity.googleapis.com |
| Organization Policy Service | orgpolicy.googleapis.com |
| Persistent Disk | compute.googleapis.com |
| Pub/Sub | pubsub.googleapis.com |
| Resource Manager | cloudresourcemanager.googleapis.com |
| Resource Settings | resourcesettings.googleapis.com |
| Cloud Run | run.googleapis.com |
| Secret Manager | secretmanager.googleapis.com |
| Service Directory | servicedirectory.googleapis.com |
| Spanner | spanner.googleapis.com |
| Speech-to-Text | speech.googleapis.com |
| Cloud SQL | sqladmin.googleapis.com |
| Cloud Storage | storage.googleapis.com |
| Virtual Private Cloud (VPC) | compute.googleapis.com |
| VPC Service Controls | accesscontextmanager.googleapis.com |
| Cloud VPN | compute.googleapis.com |
| Access Context Manager | accesscontextmanager.googleapis.com |
| Access Transparency | accessapproval.googleapis.com |
| Artifact Registry | artifactregistry.googleapis.com |
| BigQuery [2] | bigquery.googleapis.com bigqueryconnection.googleapis.com bigquerydatapolicy.googleapis.com bigquerydatatransfer.googleapis.com bigqueryreservation.googleapis.com bigquerystorage.googleapis.com |
| Bigtable | bigtable.googleapis.com bigtableadmin.googleapis.com |
| Certificate Authority Service | privateca.googleapis.com |
| Cloud Composer | composer.googleapis.com |
| Compute Engine | compute.googleapis.com |
| Connect | gkeconnect.googleapis.com connectgateway.googleapis.com |
| Sensitive Data Protection | dlp.googleapis.com |
| Dataflow | dataflow.googleapis.com datapipelines.googleapis.com |
| Dataplex Universal Catalog | dataplex.googleapis.com datalineage.googleapis.com |
| Dataproc | dataproc-control.googleapis.com dataproc.googleapis.com |
| Cloud DNS | dns.googleapis.com |
| Filestore | file.googleapis.com |
| GKE Identity Service | anthosidentityservice.googleapis.com |
| GKE Hub | gkehub.googleapis.com |
| Google Cloud Armor | compute.googleapis.com |
| Identity and Access Management (IAM) | iam.googleapis.com |
| Identity-Aware Proxy | iap.googleapis.com |
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com |
| Cloud HSM | cloudkms.googleapis.com |
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com |
| Google Kubernetes Engine | container.googleapis.com containersecurity.googleapis.com |
| Cloud Load Balancing | compute.googleapis.com |
| Cloud Logging | logging.googleapis.com |
| Cloud Monitoring [3] | monitoring.googleapis.com |
| Memorystore for Redis | redis.googleapis.com |
| Network Connectivity Center | networkconnectivity.googleapis.com |
| Cloud NAT | networkconnectivity.googleapis.com |
| Cloud Router | networkconnectivity.googleapis.com |
| Cloud Interconnect | networkconnectivity.googleapis.com |
| Organization Policy Service | orgpolicy.googleapis.com |
| Persistent Disk | compute.googleapis.com |
| Pub/Sub | pubsub.googleapis.com |
| Resource Manager | cloudresourcemanager.googleapis.com |
| Resource Settings | resourcesettings.googleapis.com |
| Cloud Run | run.googleapis.com |
| Cloud Service Mesh | mesh.googleapis.com meshconfig.googleapis.com trafficdirector.googleapis.com networkservices.google.com |
| Secret Manager | secretmanager.googleapis.com |
| Service Directory | servicedirectory.googleapis.com |
| Spanner | spanner.googleapis.com |
| Speech-to-Text | speech.googleapis.com |
| Cloud SQL | sqladmin.googleapis.com |
| Cloud Storage | storage.googleapis.com |
| Virtual Private Cloud (VPC) | compute.googleapis.com |
| VPC Service Controls | accesscontextmanager.googleapis.com |
| Cloud VPN | compute.googleapis.com |
| Access Context Manager | accesscontextmanager.googleapis.com |
| Access Transparency | accessapproval.googleapis.com |
| Artifact Registry | artifactregistry.googleapis.com |
| BigQuery [2] | bigquery.googleapis.com bigqueryconnection.googleapis.com bigquerydatapolicy.googleapis.com bigquerydatatransfer.googleapis.com bigqueryreservation.googleapis.com bigquerystorage.googleapis.com |
| Bigtable | bigtable.googleapis.com bigtableadmin.googleapis.com |
| Certificate Authority Service | privateca.googleapis.com |
| Cloud Composer | composer.googleapis.com |
| Compute Engine | compute.googleapis.com |
| Connect | gkeconnect.googleapis.com connectgateway.googleapis.com |
| Sensitive Data Protection | dlp.googleapis.com |
| Dataflow | dataflow.googleapis.com datapipelines.googleapis.com |
| Dataplex Universal Catalog | dataplex.googleapis.com datalineage.googleapis.com |
| Dataproc | dataproc-control.googleapis.com dataproc.googleapis.com |
| Cloud DNS | dns.googleapis.com |
| Filestore | file.googleapis.com |
| Identity and Access Management (IAM) | iam.googleapis.com |
| Identity-Aware Proxy | iap.googleapis.com |
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com |
| Cloud HSM | cloudkms.googleapis.com |
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com |
| GKE Identity Service | anthosidentityservice.googleapis.com |
| GKE Hub | gkehub.googleapis.com |
| Google Cloud Armor | compute.googleapis.com |
| Google Kubernetes Engine | container.googleapis.com containersecurity.googleapis.com |
| Cloud Load Balancing | compute.googleapis.com |
| Cloud Logging | logging.googleapis.com |
| Cloud Monitoring [3] | monitoring.googleapis.com |
| Memorystore for Redis | redis.googleapis.com |
| Network Connectivity Center | networkconnectivity.googleapis.com |
| Cloud NAT | networkconnectivity.googleapis.com |
| Cloud Router | networkconnectivity.googleapis.com |
| Cloud Service Mesh | mesh.googleapis.com meshconfig.googleapis.com trafficdirector.googleapis.com networkservices.google.com |
| Cloud Interconnect | networkconnectivity.googleapis.com |
| Organization Policy Service | orgpolicy.googleapis.com |
| Persistent Disk | compute.googleapis.com |
| Pub/Sub | pubsub.googleapis.com |
| Resource Manager | cloudresourcemanager.googleapis.com |
| Resource Settings | resourcesettings.googleapis.com |
| Cloud Run | run.googleapis.com |
| Secret Manager | secretmanager.googleapis.com |
| Service Directory | servicedirectory.googleapis.com |
| Spanner | spanner.googleapis.com |
| Speech-to-Text | speech.googleapis.com |
| Cloud SQL | sqladmin.googleapis.com |
| Cloud Storage | storage.googleapis.com |
| Virtual Private Cloud (VPC) | compute.googleapis.com |
| VPC Service Controls | accesscontextmanager.googleapis.com |
| Cloud VPN | compute.googleapis.com |
| Access Context Manager | accesscontextmanager.googleapis.com |
| Access Transparency | accessapproval.googleapis.com |
| Artifact Registry | artifactregistry.googleapis.com |
| BigQuery [2] | bigquery.googleapis.com bigqueryconnection.googleapis.com bigquerydatapolicy.googleapis.com bigquerydatatransfer.googleapis.com bigqueryreservation.googleapis.com bigquerystorage.googleapis.com |
| Bigtable | bigtable.googleapis.com bigtableadmin.googleapis.com |
| Certificate Authority Service | privateca.googleapis.com |
| Cloud Composer | composer.googleapis.com |
| Compute Engine | compute.googleapis.com |
| Connect | gkeconnect.googleapis.com connectgateway.googleapis.com |
| Sensitive Data Protection | dlp.googleapis.com |
| Dataflow | dataflow.googleapis.com datapipelines.googleapis.com |
| Dataplex Universal Catalog | dataplex.googleapis.com datalineage.googleapis.com |
| Dataproc | dataproc-control.googleapis.com dataproc.googleapis.com |
| Cloud DNS | dns.googleapis.com |
| Filestore | file.googleapis.com |
| GKE Identity Service | anthosidentityservice.googleapis.com |
| GKE Hub | gkehub.googleapis.com |
| Google Cloud Armor | compute.googleapis.com |
| Identity and Access Management (IAM) | iam.googleapis.com |
| Identity-Aware Proxy | iap.googleapis.com |
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com |
| Cloud HSM | cloudkms.googleapis.com |
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com |
| Google Kubernetes Engine | container.googleapis.com containersecurity.googleapis.com |
| Cloud Load Balancing | compute.googleapis.com |
| Cloud Logging | logging.googleapis.com |
| Cloud Monitoring [3] | monitoring.googleapis.com |
| Memorystore for Redis | redis.googleapis.com |
| Network Connectivity Center | networkconnectivity.googleapis.com |
| Cloud NAT | networkconnectivity.googleapis.com |
| Cloud Router | networkconnectivity.googleapis.com |
| Cloud Service Mesh | mesh.googleapis.com meshconfig.googleapis.com trafficdirector.googleapis.com networkservices.google.com |
| Cloud Interconnect | networkconnectivity.googleapis.com |
| Organization Policy Service | orgpolicy.googleapis.com |
| Persistent Disk | compute.googleapis.com |
| Pub/Sub | pubsub.googleapis.com |
| Resource Manager | cloudresourcemanager.googleapis.com |
| Resource Settings | resourcesettings.googleapis.com |
| Cloud Run | run.googleapis.com |
| Secret Manager | secretmanager.googleapis.com |
| Service Directory | servicedirectory.googleapis.com |
| Spanner | spanner.googleapis.com |
| Speech-to-Text | speech.googleapis.com |
| Cloud SQL | sqladmin.googleapis.com |
| Cloud Storage | storage.googleapis.com |
| Virtual Private Cloud (VPC) | compute.googleapis.com |
| VPC Service Controls | accesscontextmanager.googleapis.com |
| Cloud VPN | compute.googleapis.com |
| Access Transparency | accessapproval.googleapis.com |
| Artifact Registry | artifactregistry.googleapis.com |
| BigQuery [2] | bigquery.googleapis.com bigqueryconnection.googleapis.com bigquerydatapolicy.googleapis.com bigqueryreservation.googleapis.com bigquerystorage.googleapis.com |
| Bigtable | bigtable.googleapis.com bigtableadmin.googleapis.com |
| Compute Engine | compute.googleapis.com |
| Sensitive Data Protection | dlp.googleapis.com |
| Dataflow | dataflow.googleapis.com datapipelines.googleapis.com |
| Dataplex Universal Catalog | dataplex.googleapis.com datalineage.googleapis.com |
| Dataproc | dataproc-control.googleapis.com dataproc.googleapis.com |
| Cloud DNS | dns.googleapis.com |
| Essential Contacts | essentialcontacts.googleapis.com |
| Filestore | file.googleapis.com |
| Cloud Next Generation Firewall | compute.googleapis.com |
| Google Cloud Armor | compute.googleapis.com |
| Identity and Access Management (IAM) | iam.googleapis.com |
| Identity-Aware Proxy | iap.googleapis.com |
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com |
| Cloud HSM | cloudkms.googleapis.com |
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com |
| Google Kubernetes Engine | container.googleapis.com containersecurity.googleapis.com |
| GKE Hub | gkehub.googleapis.com |
| Cloud Load Balancing | compute.googleapis.com |
| Cloud Logging | logging.googleapis.com |
| Cloud Monitoring [3] | monitoring.googleapis.com |
| Network Connectivity Center | networkconnectivity.googleapis.com |
| Cloud NAT | networkconnectivity.googleapis.com |
| Cloud Router | networkconnectivity.googleapis.com |
| Cloud Interconnect | networkconnectivity.googleapis.com |
| Organization Policy Service | orgpolicy.googleapis.com |
| Persistent Disk | compute.googleapis.com |
| Pub/Sub | pubsub.googleapis.com |
| Resource Manager | cloudresourcemanager.googleapis.com |
| Cloud Run | run.googleapis.com |
| Secret Manager | secretmanager.googleapis.com |
| Service Directory | servicedirectory.googleapis.com |
| Spanner | spanner.googleapis.com |
| Cloud SQL | sqladmin.googleapis.com |
| Cloud Storage | storage.googleapis.com |
| Virtual Private Cloud | compute.googleapis.com |
| VPC Service Controls | accesscontextmanager.googleapis.com |
| Cloud VPN | compute.googleapis.com |
| Access Transparency | accessapproval.googleapis.com |
| Artifact Registry | artifactregistry.googleapis.com |
| BigQuery [2] | bigquery.googleapis.com bigqueryconnection.googleapis.com bigquerydatapolicy.googleapis.com bigqueryreservation.googleapis.com bigquerystorage.googleapis.com |
| Bigtable | bigtable.googleapis.com bigtableadmin.googleapis.com |
| Compute Engine | compute.googleapis.com |
| Sensitive Data Protection | dlp.googleapis.com |
| Dataflow | dataflow.googleapis.com datapipelines.googleapis.com |
| Dataplex Universal Catalog | dataplex.googleapis.com datalineage.googleapis.com |
| Dataproc | dataproc-control.googleapis.com dataproc.googleapis.com |
| Cloud DNS | dns.googleapis.com |
| Essential Contacts | essentialcontacts.googleapis.com |
| Filestore | file.googleapis.com |
| Cloud Next Generation Firewall | compute.googleapis.com |
| Google Cloud Armor | compute.googleapis.com |
| Identity and Access Management (IAM) | iam.googleapis.com |
| Identity-Aware Proxy | iap.googleapis.com |
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com |
| Cloud HSM | cloudkms.googleapis.com |
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com |
| Google Kubernetes Engine | container.googleapis.com containersecurity.googleapis.com |
| GKE Hub | gkehub.googleapis.com |
| Cloud Load Balancing | compute.googleapis.com |
| Cloud Logging | logging.googleapis.com |
| Cloud Monitoring [3] | monitoring.googleapis.com |
| Network Connectivity Center | networkconnectivity.googleapis.com |
| Cloud NAT | networkconnectivity.googleapis.com |
| Cloud Router | networkconnectivity.googleapis.com |
| Cloud Interconnect | networkconnectivity.googleapis.com |
| Organization Policy Service | orgpolicy.googleapis.com |
| Persistent Disk | compute.googleapis.com |
| Pub/Sub | pubsub.googleapis.com |
| Resource Manager | cloudresourcemanager.googleapis.com |
| Cloud Run | run.googleapis.com |
| Secret Manager | secretmanager.googleapis.com |
| Service Directory | servicedirectory.googleapis.com |
| Spanner | spanner.googleapis.com |
| Cloud SQL | sqladmin.googleapis.com |
| Cloud Storage | storage.googleapis.com |
| Virtual Private Cloud | compute.googleapis.com |
| VPC Service Controls | accesscontextmanager.googleapis.com |
| Cloud VPN | compute.googleapis.com |
Footnotes
1. Depending on the control package you choose, different API endpoint types may be available. The API endpoints listed on this page are global API endpoints, but regional or locational API endpoints may be available or required for a given control package.
2. BigQuery is supported, but it isn't automatically enabled when you create a new
Assured Workloads folder due to an internal configuration process. This process normally
finishes in ten minutes, but can take much longer in some circumstances. To check whether the
process is finished and to enable BigQuery, complete following steps:
- In the Google Cloud console, go to the Assured Workloads page.
- Select your new Assured Workloads folder from the list.
- On the Folder Details page in the Allowed services section, click Review Available Updates .
- In the Allowed services
pane, review the services to be added to the Resource Usage Restriction
organization policy for the folder. If BigQuery services are listed, click Allow Services
to add them.
If BigQuery services are not listed, wait for the internal process to complete. If the services are not listed within 12 hours of folder creation, contact Cloud Customer Care .
After the enablement process is completed, you can use BigQuery in your Assured Workloads folder.
Gemini in BigQuery is not supported by Assured Workloads.
3. Cloud Monitoring's Synthetic monitoring and Uptime checks features are not supported in Sovereign Controls by Partners.
