Stay organized with collectionsSave and categorize content based on your preferences.
In this page, you learn how to create a private connectivity configuration.
This type of configuration contains information that Datastream uses to
communicate with a data source over a private network (internally within
Google Cloud, or with external sources connected over VPN or
Interconnect). This communication happens through aPrivate Service Connect interfaceconnection or aVirtual Private Cloud (VPC) peeringconnection.
APrivate Service Connect interfaceconnection uses a virtual
machine (VM) with a network interface that Datastream creates.
The network interface then connects to your VPC network using the network
attachment that you supply, with the IP address assigned from the network
attachment subnetwork.
AVPC peeringconnection is a networking connection between two VPCs that
lets you route traffic between them using internal, private IPv4 addresses. You
need to provide the private IP addresses when setting up the private connectivity
configuration because Datastream doesn't support Domain Name System
(DNS) resolution in private connections.
Before you begin
Before you create your private connectivity configuration, review the
prerequisites:
Use the following table to populate the fields of theConfigure private connectivitysection of theCreate private connectivity configurationpage:
Field
Description
Configuration name
Enter the display name of the private
connectivity configuration.
Configuration ID
Datastream populates this field
automatically based on the configuration name that you enter. You can keep the
ID that's auto-generated or change it.
Region
Select the region where the private connectivity
configuration is stored.
In theSet up connectionsection, select an option from thePrivate connectivity methoddrop-down:
PSC interfaces: select this option to use Private Service Connect
interface as your private connectivity method:
Field
Description
Project ID
Select the identifier of the project where the
network attachment that you want to use is. By default, this is your current
project. To change the value, clickChangeand select a
different project.
Network attachment
Select the network attachment that
you created for your VPC.
Update allowlist
Click this button to allow connections from
the Datastream IP addresses. You need to have thecompute.networkAdminrole assigned to connect to the network
attachment.
VPC peering: select this option to use VPC peering as your private
connectivity method:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003ePrivate connectivity configurations enable Datastream to communicate with data sources over a private network via a Virtual Private Cloud (VPC) peering connection.\u003c/p\u003e\n"],["\u003cp\u003eCreating a private connectivity configuration requires a VPC network that can peer with Datastream's private network and an available IP range (with a /29 CIDR block) within the VPC.\u003c/p\u003e\n"],["\u003cp\u003eDatastream does not support DNS resolution in private connections, so private IP addresses must be provided when setting up the configuration.\u003c/p\u003e\n"],["\u003cp\u003eIf using a Shared VPC, the Datastream service account needs \u003ccode\u003ecompute.networkAdmin\u003c/code\u003e IAM role permission in the host project, and the service project must have the Datastream API enabled.\u003c/p\u003e\n"],["\u003cp\u003eUnused private connectivity configurations are automatically deleted after six consecutive months of inactivity, so they need to be used in an active connection profile to be retained.\u003c/p\u003e\n"]]],[],null,["# Create a private connectivity configuration\n\nIn this page, you learn how to create a private connectivity configuration.\nThis type of configuration contains information that Datastream uses to\ncommunicate with a data source over a private network (internally within\nGoogle Cloud, or with external sources connected over VPN or\nInterconnect). This communication happens through a\n*Private Service Connect interface* connection or a\n*Virtual Private Cloud (VPC) peering* connection.\n\nA **Private Service Connect interface** connection uses a virtual\nmachine (VM) with a network interface that Datastream creates.\nThe network interface then connects to your VPC network using the network\nattachment that you supply, with the IP address assigned from the network\nattachment subnetwork.\n\nA **VPC peering** connection is a networking connection between two VPCs that\nlets you route traffic between them using internal, private IPv4 addresses. You\nneed to provide the private IP addresses when setting up the private connectivity\nconfiguration because Datastream doesn't support Domain Name System\n(DNS) resolution in private connections.\n| Datastream automatically deletes private connectivity configurations that haven't been used for a period of six consecutive months. To retain your private connectivity configurations, make sure they are used in at least one active connection profile.\n\nBefore you begin\n----------------\n\nBefore you create your private connectivity configuration, review the\nprerequisites:\n\n- For VPC peering, see [VPC peering prerequisites](/datastream/docs/vpc-peering#vpc-prereqs).\n- For Shared VPC, see [Shared VPC prerequisites](/datastream/docs/vpc-peering#shared-vpc).\n- For Private Service Connect interfaces, see [Private Service Connect prerequisites](/datastream/docs/psc-interfaces#psci-prereqs).\n\nCreate the configuration\n------------------------\n\nTo create a private connectivity configuration, perform the following steps:\n\n1. Go to the **Private connectivity configurations** page in the Google Cloud console.\n\n [Go to the Private connectivity configurations page](https://console.cloud.google.com/datastream/private-connections)\n2. Click **Create configuration**.\n\n3. Use the following table to populate the fields of the\n **Configure private connectivity** section of the\n **Create private connectivity configuration** page:\n\n4. In the **Set up connection** section, select an option from the\n **Private connectivity method** drop-down:\n\n - **PSC interfaces** : select this option to use Private Service Connect interface as your private connectivity method:\n\n - **VPC peering** : select this option to use VPC peering as your private connectivity method:\n\n5. Click **CREATE**.\n\n | It takes a few minutes for your private connectivity configuration to be created. Background resources need to be created so that the configuration can be created.\n\nAfter creating a private connectivity configuration, you can\n[view high-level and detailed information](/datastream/docs/view-a-private-connectivity-configuration)\nabout it.\n\nWhat's next\n-----------\n\n- Learn how to [view your private connectivity configuration](/datastream/docs/create-a-private-connectivity-configuration).\n- Find out how to [delete a private connectivity configuration](/datastream/docs/delete-a-private-connectivity-configuration).\n- Learn about the [Private Service Connect interfaces](/datastream/docs/psc-interfaces) private connectivity method.\n- Learn about the [VPC peering](/datastream/docs/vpc-peering) private connectivity method."]]
