With the ability to specify a region in which to perform your Cloud Data Loss Prevention operations, you can control where your potentially sensitive data is processed. This topic explains the concept of Cloud DLP processing location and shows you how to specify a region.
About regions and multi-regions
A region is a specific geographic place, such as the western United States or northeast Asia. A multi-region location (or just multi-region) is a large geographic area, such as the European Union, that contains two or more geographic regions.
Location considerations
A good location balances latency, availability, and bandwidth costs.
Use a region to help optimize latency and network bandwidth.
Use a multi-region when you want to process data from outside of the Google network and distributed across large geographic areas, or when you want the higher availability that comes with being geo-redundant.
Generally, you should process your data in a location that is convenient or contains the majority of the users of your data.
Specify a region
To specify a region in which Cloud DLP will process your request:
Console
Choose a region when setting up your Cloud DLP operation.
For example, when creating a job trigger, choose a location from the Resource location menu, as shown here:
If data residency is not a concern, use the Global region and Google chooses the location where processing should take place. Global is the default region choice.
Protocol
Insert region information into the request endpoint URL. If data residency is
not a concern, use the global region and Google chooses the location where
processing should take place. Note that any resources created by a request that
specifies the global region are stored under the global region.
Following are some example requests, sent first to the global region, and then
to a region for the west coast of the United States.
Global region request:
The following two requests have the same effect. Not including a region is the
same as specifying locations/global/.
POST https://www.googleapis.com/dlp/v2/projects/PROJECT_ID/locations/global/content:inspect
POST https://www.googleapis.com/dlp/v2/projects/PROJECT_ID/content:inspect
Region-specific request:
To specify a region for processing, within the resource URL, insert
locations/ and then the region name.
POST https://www.googleapis.com/dlp/v2/projects/PROJECT_ID/locations/us-west2/content:inspect
Co-location considerations
When you scan a storage repository such as Cloud Storage or
BigQuery, you should specify the same location in your
Cloud DLP request as the location of the repository you're
scanning. For example, if the BigQuery dataset is in the European
Union multi-region location, specify the European Union multi-region (europe)
when configuring the Cloud DLP job.
If you do not co-locate your Cloud DLP request with the storage repository you're scanning, processing of your request may be split between the location of the data and the location specified in the request.
What's next
- Learn more about geography and zones.
- See a list of supported regions and multi-regions.