Cloud KMS locations

Within a project, Cloud KMS resources can be created in one of many locations. These represent the geographical regions where requests to Cloud KMS regarding a given resource are handled, and where the corresponding cryptographic keys are stored. You should consider the network performance implications of the Location you choose to host Cloud KMS resources.

Types of locations for Cloud KMS

There are four types of locations where you can create Cloud KMS resources.

  • Regional locations: A regional location consists of zones in a specific geographical place, such as Iowa.

  • Dual-regional locations: A dual-regional location consists of zones in two specific geographical places, such as Iowa and South Carolina.

  • Multi-regional locations: A multi-regional location consists of zones spread across a general geographical area, such as the United States.

  • The global location: There is a special location for Cloud KMS resources called "global". When created in the global location, your Cloud KMS resources are available from zones spread around the world.

Interactions with resources in a location close to you are more likely to be fast and reliable. Choose a specific region if the users and services that depend on a Cloud KMS resource are geographically concentrated. Remember that users and services who are far away from the location chosen may experience higher latency.

When you use dual-regional locations, multi-regional locations, or the global location, read operations, like keyRings.list will be served by a data center close to the requesting user or service. However, write operations, like keyRings.create, must propagate to multiple data centers when performed on multi-region or global resources, and will be slower as a result. If your usage of Cloud KMS involves many read operations from users and services around the world, or involves very few write operations, consider creating dual-region, multi-region, or global resources.

Regional locations

Cloud KMS resources can be created in the following regional locations:

Region Name Region Description
Asia Pacific
asia-east1 Taiwan
asia-east2 Hong Kong
asia-northeast1 Tokyo
asia-northeast2 Osaka
asia-south1 Mumbai
asia-southeast1 Singapore
australia-southeast1 Sydney
europe-north1 Finland
europe-west1 Belgium
europe-west2 London
europe-west3 Frankfurt
europe-west4 Netherlands
europe-west6 Zürich
North America
northamerica-northeast1 Montréal
us-central1 Iowa
us-east1 South Carolina
us-east4 Northern Virginia
us-west1 Oregon
us-west2 Los Angeles
South America
southamerica-east1 São Paulo

Dual-regional locations

Cloud KMS resources can be created in the following dual-regional locations:

Dual-Region Name Dual-Region Description
eur4 Finland and Netherlands
nam4 Iowa and South Carolina

Multi-regional locations

Cloud KMS resources can be created in the following multi-regional locations:

Multi-Region Name Multi-Region Description
asia Asia Pacific
europe Europe
us United States

Supported regions for Cloud HSM

Cloud HSM resources can be created in the following regional locations:

  • asia-southeast1
  • europe-west2
  • europe-west3
  • us-central1
  • us-east1
  • us-west1

Cloud HSM resources can be created in the following multi-regional location:

  • us

You can use the Locations.get and Locations.list methods to determine if a location supports Cloud HSM. The response from these methods contains an hsmAvailable field. The hsmAvailable field is a bool that indicates whether the location supports hardware security modules.

More about locations

หน้านี้มีประโยชน์ไหม โปรดแสดงความคิดเห็น