About accessing regional endpoints through Private Service Connect endpoints

This page provides an overview of using Private Service Connect endpoints to access regional endpoints for supported Google APIs in supported regions.

Consider using regional endpoints if you want to ensure that in-transit data remains in a particular region.

For information about other Private Service Connect configurations, see Private Service Connect overview.

Specifications

  • Regional endpoint hostnames have two forms:

    • Public hostnames: SERVICE.REGION.rep.DOMAIN

    • Private hostnames: SERVICE.REGION.p.rep.DOMAIN

      The private hostname adds a p subdomain between REGION and rep.

  • The subnet that you specify when you create a endpoint is a regular subnet. The IP address assigned to the endpoint is a regional internal IP address.

  • By default, endpoints can be accessed only by clients that are in the same region and the same VPC network as the endpoint. For information about making endpoints available in other regions, see Global access.

  • You can create endpoints in a Shared VPC network. VMs from different projects share the same subnets, and can reach endpoints in Shared VPC networks.

  • Endpoints with global access can be created in a Shared VPC host project or service project. The client VM, Cloud VPN tunnel, or VLAN attachment for Cloud Interconnect does not need to be in the same project as the endpoint.

Architecture

Private Service Connect endpoints that have a regional endpoint target point to a service attachment that has been created by Google to direct traffic to the regional service endpoint.

Clients in the same region as the endpoint can send traffic to the endpoint. You can also access the endpoint from connected networks in the same region. If you want to access the endpoint from other regions, configure global access.

Figure 1. An endpoint lets service consumers send traffic from the consumer's VPC network to regional service endpoints for supported Google APIs through a service attachment that is managed by Google.

Global access

When you create an endpoint, you can configure global access. Global access lets clients in other regions access the endpoint.

The endpoint is also accessible from connected networks.

Figure 2. An endpoint with global access enabled can be accessed by clients in another region, including by clients in connected networks.

Supported regions and services

Regional endpoints are supported in the following regions:

Region name Location
me-central2 Dammam, Kingdom of Saudi Arabia (KSA)

Regional endpoints are supported by the following services:

Service name Regional endpoint
Artifact Registry artifactregistry.me-central2.rep.googleapis.com
apt.me-central2.rep.pkg.dev
docker.me-central2.rep.pkg.dev
go.me-central2.rep.pkg.dev
googet.me-central2.rep.pkg.dev
kfp.me-central2.rep.pkg.dev
maven.me-central2.rep.pkg.dev
npm.me-central2.rep.pkg.dev
python.me-central2.rep.pkg.dev
yum.me-central2.rep.pkg.dev
BigQuery bigquery.me-central2.rep.googleapis.com
bigquerystorage.me-central2.rep.googleapis.com
bigqueryreservation.me-central2.rep.googleapis.com
Bigtable bigtable.me-central2.rep.googleapis.com
Cloud Key Management Service (Cloud KMS) cloudkms.me-central2.rep.googleapis.com
Cloud Logging logging.me-central2.rep.googleapis.com
Spanner spanner.me-central2.rep.googleapis.com
Cloud Storage storage.me-central2.rep.googleapis.com
Dataflow dataflow.me-central2.rep.googleapis.com
Dataproc dataproc.me-central2.rep.googleapis.com
Pub/Sub pubsub.me-central2.rep.googleapis.com

Pricing

For pricing information, see Virtual Private Cloud pricing.

What's next