Using data residency with Apigee hybrid

Overview

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored. With data residency, selecting the control plane location ensures that all customer content is stored within the specified region.

For an overview of data residency for Apigee, see Introduction to data residency.

Data residency with Apigee hybrid

Starting with hybrid version 1.12, you can use Data residency with new Apigee hybrid installations. You cannot convert an existing installation to use data residency.

When creating your Apigee org

Creating your Apigee organization using data residency requires the following differences. See Step 2: Create an organization.

  • Control plane location: You need to specify the location where customer core content like proxy bundles are stored. For a list see Available Apigee API control plane regions.

    The control plane location is the location of the service endpoint location, for example us for United States.

    The following table lists available hosting jurisdictions and regions for the Apigee control plane.

    Americas

    Control plane hosting jurisdiction description Control plane hosting jurisdiction name Details
    United States us (multiple regions in United States) Service endpoint: us-apigee.googleapis.com
    Canada ca (multiple regions in Canada) Service endpoint: ca-apigee.googleapis.com
    Consumer data region description Consumer data region name Details
    Iowa us-central1 leaf icon Low CO2
    Oregon us-west1 leaf icon Low CO2
    Los Angeles us-west2
    Salt Lake City us-west3
    Las Vegas us-west4
    South Carolina us-east1
    Northern Virginia us-east4
    Columbus us-east5
    Dallas us-south1
    Montréal northamerica-northeast1 leaf icon Low CO2
    Toronto northamerica-northeast2 leaf icon Low CO2

    Europe

    Control plane hosting jurisdiction description Control plane hosting jurisdiction name Details
    European Union eu (multiple regions in the European Union) Service endpoint: eu-apigee.googleapis.com
    Germany de (multiple regions in Germany) Service endpoint: de-apigee.googleapis.com
    France fr (single region europe-west9) Service endpoint: fr-apigee.googleapis.com
    Switzerland ch (single region europe-west6) Service endpoint: ch-apigee.googleapis.com
    Consumer data region description Consumer data region name Details
    Belgium europe-west1 leaf icon Low CO2
    Frankfurt europe-west3 leaf icon Low CO2
    Netherlands europe-west4
    Zurich europe-west6 leaf icon Low CO2
    Milan europe-west8
    Paris europe-west9 leaf icon Low CO2
    Turin europe-west12
    Warsaw europe-central2
    Madrid europe-southwest1 leaf icon Low CO2
    Finland europe-north1 leaf icon Low CO2

    Asia-Pacific

    Control plane hosting jurisdiction description Control plane hosting jurisdiction name Details
    Australia au (multiple regions in Australia) Service endpoint: au-apigee.googleapis.com
    India in (multiple regions in India) Service endpoint: in-apigee.googleapis.com
    Japan jp (multiple regions in Japan) Service endpoint: jp-apigee.googleapis.com
    Consumer data region description Consumer data region name Details
    Sydney australia-southeast1
    Melbourne australia-southeast2
    Mumbai asia-south1
    Delhi asia-south2
    Tokyo asia-northeast1
    Osaka asia-northeast2

    Middle East

    Control plane hosting juridiction description Control plane hosting jurisdiction name Details
    Saudi Arabia sa (single region me-central2) Service endpoint: sa-apigee.googleapis.com
    Israel il (single region me-west1) Service endpoint: il-apigee.googleapis.com
    Consumer data region description Consumer data region name Details
    Dammam me-central2
    Tel Aviv me-west1
  • Consumer data region: You need to specify a region where API consumer data is stored. This must be a sub-region of the control plane region. For a list of available consumer data regions, see Apigee locations.
  • Billing type: You can only use data residency with paid subscription orgs.

When creating environments

When creating environments in and installation using data residency, you must create them in the control plane location. See Step 3: Create an environment group.

Overrides file adjustments

When using data residency, you must add the contractProvider configuration property to each overrides file and point it to the path for APIs in the control plane location. For example:

instanceID: "my_hybrid_example"
namespace: apigee

gcp:
  projectID: hybrid-example
  region: us-central1

k8sCluster:
  name: apigee-hybrid
  region: us-central1

org: hybrid-example

contractProvider: https://us-apigee.googleapis.com

See Step 6: Create the overrides

When calling the Apigee APIs

When you make curl calls to Apigee APIs to perform tasks in your hybrid installation, you will need to call APIs from within the control plane location. For example:

curl -H "Authorization: Bearer $TOKEN" \
  "https://$CONTROL_PLANE_LOCATION-apigee.googleapis.com/v1/organizations/$ORG_NAME/envgroups"

or

curl -H "Authorization: Bearer $TOKEN" \
  "https://us-apigee.googleapis.com/v1/organizations/my-hybrid-org/envgroups"