About accessing regional endpoints through Private Service Connect endpoints
This page provides an overview of using Private Service Connect endpoints to access regional endpoints for supported Google APIs in supported regions.
Consider using regional endpoints if you want to ensure that in-transit data remains in a particular region.
For information about other Private Service Connect configurations, see Private Service Connect overview.
Features and compatibility
This table summarizes the features that are supported by endpoints that are used to access regional endpoints for Google APIs.
| Configuration | Details |
|---|---|
| Consumer configuration (endpoint) | |
| Global reachability | If global access is enabled |
| Access through VLAN attachments | |
| Access through Cloud VPN | |
| DNS configuration | Manual DNS configuration |
| IP version | IPv4 |
| Producer | |
| Supported services | Supported regional Google APIs |
Specifications
Regional endpoint hostnames have two forms:
- Public hostnames:
SERVICE.REGION.rep.DOMAIN Private hostnames:
SERVICE.REGION.p.rep.DOMAINThe private hostname adds a
psubdomain betweenREGIONandrep. Use this format to create DNS records in private DNS zones.
- Public hostnames:
The subnet that you specify when you create a endpoint is a regular subnet. The IP address assigned to the endpoint is a regional internal IP address.
If you're using Shared VPC, you can create the endpoint in either the host project or a service project.
By default, endpoints can be accessed only by clients that are in the same region and the same VPC network (or Shared VPC network) as the endpoint. For information about making endpoints available in other regions, see Global access.
Architecture
Private Service Connect endpoints that have a regional endpoint target point to a service attachment that has been created by Google to direct traffic to the regional service endpoint.
Clients in the same region as the endpoint can send traffic to the endpoint. You can also access the endpoint from connected networks in the same region. If you want to access the endpoint from other regions, configure global access.
Figure 1. An endpoint lets service consumers send traffic from the consumer's VPC network to regional service endpoints for supported Google APIs through a service attachment that is managed by Google (click to enlarge).
Global access
When you create an endpoint, you can configure global access. Global access lets clients in other regions access the endpoint. The endpoint is also accessible from connected networks.
Figure 2. An endpoint with global access enabled can be accessed by clients in another region, including by clients in connected networks (click to enlarge).
Supported regions and services
For a list of supported regions and services, see Regional service endpoints.
Pricing
For pricing information, see Virtual Private Cloud pricing.
Quotas
See the Number of Regional Endpoints per project per region quota in Quotas and limits.
What's next
- Create a Private Service Connect endpoint to access regional Google APIs.
- Learn more about Private Service Connect.