Manage endpoints used to access published services

After you have created a Private Service Connect endpoint to access managed services, you can turn global access on or off. If you need to update other fields, delete the endpoint, and then create a new one.

Roles

The following IAM role provides the permissions needed to perform the tasks in this guide.

Task Roles
Update a Private Service Connect endpoint Compute Network Admin (roles/compute.networkAdmin)

Configure global access

You can turn global access on or off after an endpoint is created.

Turn on global access

You can turn on global access when you create an endpoint, or you can turn on global access at any time after the endpoint is created. Turning on global access does not cause traffic disruption for existing connections.

Console

  1. In the Google Cloud console, go to the Private Service Connect page.

    Go to Private Service Connect

  2. Click the Connected endpoints tab.

  3. Click the endpoint that you want to update.

  4. Click Edit.

  5. Select Enable global access.

  6. Click Save.

gcloud

gcloud compute forwarding-rules update ENDPOINT_NAME \
    --allow-psc-global-access \
    --region=REGION

Turn off global access

You can turn off global access, which terminates any connections from regions other than the region where the endpoint is located.

Console

  1. In the Google Cloud console, go to the Private Service Connect page.

    Go to Private Service Connect

  2. Click the Connected endpoints tab.

  3. Click the endpoint that you want to update.

  4. Click Edit.

  5. Clear Enable global access.

  6. Click Save.

gcloud

gcloud compute forwarding-rules update ENDPOINT_NAME \
    --no-allow-psc-global-access \
    --region=REGION