The following table lists products and services that are supported by Sovereign Controls by Partners for each data boundary. If a service isn't listed for a given data boundary, that service is unsupported and hasn't met the control requirements for the data boundary. Unsupported products aren't recommended for use by Sovereign Controls by Partners customers without due diligence and a thorough understanding of your responsibilities in the shared responsibility model . Unsupported products may share an API endpoint with supported products, making them available to all users.
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| Backup for GKE | gkebackup.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigquerydatatransfer.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Binary Authorization | binaryauthorization.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud Composer | composer.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud Interconnect | compute.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Service Mesh | mesh.googleapis.com
meshca.googleapis.com
meshconfig.googleapis.com
trafficdirector.googleapis.com
networkservices.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Filestore | file.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Firestore | firestore.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| GKE Identity Service | anthosidentityservice.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
networksecurity.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
policytroubleshooter.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Speech-to-Text | speech.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| Backup for GKE | gkebackup.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigquerydatatransfer.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Binary Authorization | binaryauthorization.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud Composer | composer.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud Interconnect | compute.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Service Mesh | mesh.googleapis.com
meshca.googleapis.com
meshconfig.googleapis.com
trafficdirector.googleapis.com
networkservices.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Filestore | file.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Firestore | firestore.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| GKE Identity Service | anthosidentityservice.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
networksecurity.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
policytroubleshooter.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Speech-to-Text | speech.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| Backup for GKE | gkebackup.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigquerydatatransfer.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Binary Authorization | binaryauthorization.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud Composer | composer.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud Interconnect | compute.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Service Mesh | mesh.googleapis.com
meshca.googleapis.com
meshconfig.googleapis.com
trafficdirector.googleapis.com
networkservices.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Filestore | file.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Firestore | firestore.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| GKE Identity Service | anthosidentityservice.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
networksecurity.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
policytroubleshooter.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Speech-to-Text | speech.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud Interconnect | compute.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Next Generation Firewall | compute.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Essential Contacts | essentialcontacts.googleapis.com
|
| Filestore | file.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
networksecurity.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
policytroubleshooter.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Personalized Service Health | servicehealth.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
servicenetworking.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud Interconnect | compute.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Next Generation Firewall | compute.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Essential Contacts | essentialcontacts.googleapis.com
|
| Filestore | file.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
networksecurity.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
policytroubleshooter.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Personalized Service Health | servicehealth.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
servicenetworking.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
Footnotes
1. Depending on the data boundary you choose, different API endpoint types may be available. The API endpoints listed on this page are global API endpoints, but regional or locational API endpoints may be available or required for a given data boundary.
2. BigQuery is supported, but it isn't automatically enabled when you create a new
Assured Workloads folder due to an internal configuration process. This process normally
finishes in ten minutes, but can take much longer in some circumstances. To check whether the
process is finished and to enable BigQuery, complete the following steps:
- In the Google Cloud console, go to the Assured Workloads page.
- Select your new Assured Workloads folder from the list.
- On the Folder Details page in the Allowed services section, click Review Available Updates .
- In the Allowed services
pane, review the services to be added to the Resource Usage Restriction
organization policy for the folder. If BigQuery services are listed, click Allow Services
to add them.
If BigQuery services are not listed, wait for the internal process to complete. If the services are not listed within 12 hours of folder creation, contact Cloud Customer Care .
After the enablement process is completed, you can use BigQuery in your Assured Workloads folder.
Gemini in BigQuery is not supported by Assured Workloads.
3. Cloud Monitoring's Synthetic monitoring and Uptime checks features are not supported in Sovereign Controls by Partners.
