Manage endpoints used to access published services
After you have created a Private Service Connect endpoint to access managed services, you can turn global access on or off. If you need to update other fields, delete the endpoint, and then create a new one.
Roles
The following IAM role provides the permissions needed to perform the tasks in this guide.
Task | Roles |
---|---|
Update a Private Service Connect endpoint |
Compute
Network Admin (roles/compute.networkAdmin )
|
Configure global access
You can turn global access on or off after an endpoint is created.
Turn on global access
You can turn on global access when you create an endpoint, or you can turn on global access at any time after the endpoint is created. Turning on global access does not cause traffic disruption for existing connections.
Console
In the Google Cloud console, go to the Private Service Connect page.
Click the Connected endpoints tab.
Click the endpoint that you want to update.
Click Edit.
Select Enable global access.
Click Save.
gcloud
gcloud compute forwarding-rules update ENDPOINT_NAME \ --allow-psc-global-access \ --region=REGION
Turn off global access
You can turn off global access, which terminates any connections from regions other than the region where the endpoint is located.
Console
In the Google Cloud console, go to the Private Service Connect page.
Click the Connected endpoints tab.
Click the endpoint that you want to update.
Click Edit.
Clear Enable global access.
Click Save.
gcloud
gcloud compute forwarding-rules update ENDPOINT_NAME \ --no-allow-psc-global-access \ --region=REGION