The following table lists products and services that are supported by Sovereign Controls by Partners for each data boundary. If a service isn't listed for a given data boundary, that service is unsupported and hasn't met the control requirements for the data boundary. Unsupported products aren't recommended for use by Sovereign Controls by Partners customers without due diligence and a thorough understanding of your responsibilities in the shared responsibility model . Unsupported products may share an API endpoint with supported products, making them available to all users.
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigquerydatatransfer.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Composer | composer.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Filestore | file.googleapis.com
|
| GKE Identity Service | anthosidentityservice.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Service Mesh | mesh.googleapis.com
meshconfig.googleapis.com
trafficdirector.googleapis.com
networkservices.google.com
|
| Cloud Interconnect | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Service Directory | servicedirectory.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Speech-to-Text | speech.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Backup for GKE | gkebackup.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Firestore | firestore.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigquerydatatransfer.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Composer | composer.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Filestore | file.googleapis.com
|
| GKE Identity Service | anthosidentityservice.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Service Mesh | mesh.googleapis.com
meshconfig.googleapis.com
trafficdirector.googleapis.com
networkservices.google.com
|
| Cloud Interconnect | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Service Directory | servicedirectory.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Speech-to-Text | speech.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Backup for GKE | gkebackup.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Firestore | firestore.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Access Context Manager | accesscontextmanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigquerydatatransfer.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Certificate Authority Service | privateca.googleapis.com
|
| Cloud Composer | composer.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Connect | gkeconnect.googleapis.com
connectgateway.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Filestore | file.googleapis.com
|
| GKE Identity Service | anthosidentityservice.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Memorystore for Redis | redis.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Interconnect | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Cloud Service Mesh | mesh.googleapis.com
meshconfig.googleapis.com
trafficdirector.googleapis.com
networkservices.google.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Service Directory | servicedirectory.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Speech-to-Text | speech.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Virtual Private Cloud (VPC) | compute.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Backup for GKE | gkebackup.googleapis.com
|
| Cloud Build | cloudbuild.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Firestore | firestore.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Essential Contacts | essentialcontacts.googleapis.com
|
| Filestore | file.googleapis.com
|
| Cloud Next Generation Firewall | compute.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Interconnect | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Service Directory | servicedirectory.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Virtual Private Cloud | compute.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
| Access Transparency | accessapproval.googleapis.com
|
| Artifact Registry | artifactregistry.googleapis.com
|
| BigQuery [2] | bigquery.googleapis.com
bigqueryconnection.googleapis.com
bigquerydatapolicy.googleapis.com
bigqueryreservation.googleapis.com
bigquerystorage.googleapis.com
|
| Bigtable | bigtable.googleapis.com
bigtableadmin.googleapis.com
|
| Compute Engine | compute.googleapis.com
|
| Sensitive Data Protection | dlp.googleapis.com
|
| Dataflow | dataflow.googleapis.com
datapipelines.googleapis.com
|
| Dataplex Universal Catalog | dataplex.googleapis.com
datalineage.googleapis.com
|
| Dataproc | dataproc-control.googleapis.com
dataproc.googleapis.com
|
| Cloud DNS | dns.googleapis.com
|
| Essential Contacts | essentialcontacts.googleapis.com
|
| Filestore | file.googleapis.com
|
| Cloud Next Generation Firewall | compute.googleapis.com
|
| Google Cloud Armor | compute.googleapis.com
|
| Identity and Access Management (IAM) | iam.googleapis.com
|
| Identity-Aware Proxy | iap.googleapis.com
|
| Cloud Key Management Service (Cloud KMS) | cloudkms.googleapis.com
|
| Cloud HSM | cloudkms.googleapis.com
|
| Cloud External Key Manager (Cloud EKM) | cloudkms.googleapis.com
|
| Google Kubernetes Engine | container.googleapis.com
containersecurity.googleapis.com
|
| GKE Hub | gkehub.googleapis.com
|
| Cloud Load Balancing | compute.googleapis.com
|
| Cloud Logging | logging.googleapis.com
|
| Cloud Monitoring [3] | monitoring.googleapis.com
|
| Network Connectivity Center | networkconnectivity.googleapis.com
|
| Cloud NAT | networkconnectivity.googleapis.com
|
| Cloud Router | networkconnectivity.googleapis.com
|
| Cloud Interconnect | networkconnectivity.googleapis.com
|
| Organization Policy Service | orgpolicy.googleapis.com
|
| Persistent Disk | compute.googleapis.com
|
| Pub/Sub | pubsub.googleapis.com
|
| Resource Manager | cloudresourcemanager.googleapis.com
|
| Cloud Run | run.googleapis.com
|
| Secret Manager | secretmanager.googleapis.com
|
| Service Directory | servicedirectory.googleapis.com
|
| Spanner | spanner.googleapis.com
|
| Cloud SQL | sqladmin.googleapis.com
|
| Cloud Storage | storage.googleapis.com
|
| Virtual Private Cloud | compute.googleapis.com
|
| VPC Service Controls | accesscontextmanager.googleapis.com
|
| Cloud VPN | compute.googleapis.com
|
| Firebase Security Rules | firebaserules.googleapis.com
|
| Cloud Workstations | workstations.googleapis.com
|
| Secure Source Manager | securesourcemanager.googleapis.com
|
Footnotes
1. Depending on the data boundary you choose, different API endpoint types may be available. The API endpoints listed on this page are global API endpoints, but regional or locational API endpoints may be available or required for a given data boundary.
2. BigQuery is supported, but it isn't automatically enabled when you create a new
Assured Workloads folder due to an internal configuration process. This process normally
finishes in ten minutes, but can take much longer in some circumstances. To check whether the
process is finished and to enable BigQuery, complete the following steps:
- In the Google Cloud console, go to the Assured Workloads page.
- Select your new Assured Workloads folder from the list.
- On the Folder Details page in the Allowed services section, click Review Available Updates .
- In the Allowed services
pane, review the services to be added to the Resource Usage Restriction
organization policy for the folder. If BigQuery services are listed, click Allow Services
to add them.
If BigQuery services are not listed, wait for the internal process to complete. If the services are not listed within 12 hours of folder creation, contact Cloud Customer Care .
After the enablement process is completed, you can use BigQuery in your Assured Workloads folder.
Gemini in BigQuery is not supported by Assured Workloads.
3. Cloud Monitoring's Synthetic monitoring and Uptime checks features are not supported in Sovereign Controls by Partners.
