Supported services
This page lists all the Google Cloud services that write Access Transparency logs.
GA indicates that a log type is generally available for a service. Preview indicates that a log type is available, but might be changed in backward-incompatible ways and is not subject to any SLA or deprecation policy.
Access Transparency logs for products in Preview are disabled by default. To opt in to Access Transparency for Preview products on your organization, contact Cloud Customer Care.
If you want to enable Access Transparency logs, see Enabling Access Transparency.
Supported Google Cloud services
Access Transparency supports the following Google Cloud services:
| Supported service | Launch stage | Notes | 
|---|---|---|
| Access Context Manager | GA | None | 
| Access Transparency | GA | None | 
| Agent Assist | GA | None | 
| AlloyDB for PostgreSQL | GA | None | 
| Anti Money Laundering AI | GA | None | 
| Apigee | GA | The following Apigee features are not supported by Access Transparency: 
 | 
| App Engine | GA | Cloud Storage and Cloud SQL are the only compatible storage backends for App Engine supported by Access Transparency. | 
| App Hub | GA | None | 
| Application Integration | GA | None | 
| Artifact Registry | GA | None | 
| Backup for GKE | GA | None | 
| BigQuery | GA | Some information about your queries, tables, and datasets might not generate an
Access Transparency log entry if viewed by Cloud Customer Care. Viewing query text, table names,
dataset names, and dataset access control lists might not generate Access Transparency log
entries; this access pathway gives read-only access. Viewing query results and table or dataset
data generates Access Transparency log entries. Data in queries residing in non-Google regions for BigQuery Omni does not generate an Access Transparency log entry. Gemini in BigQuery is not supported in Assured Workloads. Access Transparency supports BigQuery data preparation. | 
| Bigtable | GA | None | 
| BigQuery Data Transfer Service | GA | None | 
| Binary Authorization | GA | None | 
| Certificate Authority Service | GA | None | 
| Certificate Manager | GA | None | 
| Chrome Enterprise Premium | GA | Access Transparency supports Chrome Enterprise Premium secure gateway. | 
| Cloud Asset Inventory | GA | None | 
| Cloud Build | GA | None | 
| Cloud Composer | GA | None | 
| Cloud Data Fusion | GA | None | 
| Cloud Deploy | GA | None | 
| Cloud DNS | GA | None | 
| Cloud External Key Manager (Cloud EKM) | GA | None | 
| Cloud Run functions | GA | None | 
| Cloud Healthcare API | GA | Features within Cloud Healthcare API that are not yet generally available might not generate Access Transparency logs. For more information, see the Cloud Healthcare API documentation. | 
| Cloud Interconnect | GA | None | 
| Cloud Key Management Service (Cloud KMS) | GA | None | 
| Cloud Logging | GA | None | 
| Cloud NAT | GA | None | 
| Cloud OS Login API | GA | None | 
| Cloud Router | GA | None | 
| Cloud Run | GA | None | 
| Cloud SQL | GA | None | 
| Cloud Service Mesh | GA | None | 
| Cloud Storage | GA | None | 
| Cloud Tasks | GA | None | 
| Cloud TPU | GA | None | 
| Cloud Trace | GA | None | 
| Cloud VPN | GA | None | 
| Cloud Vision API | GA | None | 
| Cloud Workstations | GA | None | 
| Colab Enterprise | GA | None | 
| Compute Engine | GA | None | 
| Container Registry | Preview | None | 
| Conversational Insights | GA | None | 
| Database Center | GA | None | 
| Dataflow | GA | None | 
| Dataform | GA | None | 
| Dataplex Universal Catalog | GA | None | 
| Dataproc | GA | None | 
| Dialogflow CX | GA | None | 
| Google Distributed Cloud | GA | None | 
| Document AI | GA | Requests that use the features exposed through the alpha-documentai.googleapis.comendpoint won't generate Access Transparency logs. | 
| Eventarc | GA | None | 
| External passthrough Network Load Balancer | GA | None | 
| Filestore | GA | None | 
| Firebase Data Connect | GA | None | 
| Firebase Security Rules | GA | None | 
| Firestore | GA | None | 
| GKE Connect | GA | None | 
| GKE Hub | GA | None | 
| GKE Identity Service | GA | None | 
| Google Cloud Armor | GA | Access Transparency logs are generated for regional Google Cloud Armor security policies. Global Google Cloud Armor security policies won't generate logs. | 
| Google Cloud NetApp Volumes | Preview | None | 
| Google Distributed Cloud | GA | None | 
| Google Kubernetes Engine | GA | Access Transparency supports Image streaming. | 
| Google Security Operations SIEM | GA | None | 
| Google Security Operations SOAR | GA | None | 
| Cloud HSM | GA | None | 
| Identity and Access Management (IAM) | GA | None | 
| Identity-Aware Proxy | GA | None | 
| Image streaming | GA | None | 
| Infrastructure Manager | GA | None | 
| Integration Connectors | GA | None | 
| Internal passthrough Network Load Balancer | GA | None | 
| Jurisdictional Google Cloud console | GA | None | 
| Looker (Google Cloud core) | GA | None | 
| Looker Studio | GA | None | 
| Memorystore for Redis | GA | None | 
| Memorystore for Redis Cluster | GA | None | 
| Memorystore for Valkey | GA | None | 
| Model Armor | GA | None | 
| Cloud Monitoring | GA | None | 
| NCC Gateway | GA | None | 
| Network Connectivity Center | GA | None | 
| Org Lifecycle API | GA | None | 
| Organization Policy Service | GA | None | 
| Parameter Manager | GA | None | 
| Persistent Disk | GA | None | 
| Pub/Sub | GA | None | 
| regional external Application Load Balancer | GA | None | 
| regional external proxy Network Load Balancer | GA | None | 
| regional internal Application Load Balancer | GA | None | 
| regional internal proxy Network Load Balancer | GA | None | 
| Resource Manager | GA | None | 
| Secret Manager | GA | None | 
| Secure Source Manager | GA | None | 
| Sensitive Data Protection | GA | None | 
| Serverless VPC Access | GA | None | 
| Spanner | GA | None | 
| Speaker ID | GA | None | 
| Speech-to-Text | GA | None | 
| Storage Intelligence | GA | None | 
| Storage Transfer Service | GA | None | 
| Text-to-Speech | GA | |
| Vertex AI | GA | Access to your data in Vertex AI by Google personnel isn't always logged. See Limitations of Access Transparency in Vertex AI for more information. | 
| Vertex AI Agent Engine | GA | |
| Vector Search | GA | Access to your data in Vertex AI by Google personnel isn't always logged. See Limitations of Access Transparency in Vertex AI for more information. | 
| Vertex AI Feature Store | GA | None | 
| Vertex AI Search | GA | Access to your data in Vertex AI by Google personnel isn't always logged. See Limitations of Access Transparency in Vertex AI for more information. | 
| Vertex AI Workbench instances | GA | None | 
| Vertex AI Workbench managed notebooks | GA | None | 
| Vertex AI Workbench user-managed notebooks | GA | None | 
| Virtual Private Cloud (VPC) | GA | None | 
| Web Risk | GA | None | 
| Workforce Identity Federation | GA | None | 
| Workload Identity Federation | GA | None | 
Support for Google Workspace
Several Google Workspace services such as Gmail, Google Docs, Google Calendar, and Google Drive record the actions that Google personnel take when accessing Customer Data.
Access Transparency logs help ensure that Google personnel access Customer Data with a valid business justification. Access Transparency logs can also help security information and event management (SIEM) tools identify data exfiltration and exposure to external malicious actors targeting your Google Workspace resources. You can use the Google Cloud console to access the Access Transparency logs that Google Workspace services generate.
For more information about Access Transparency logs for Google Workspace, including the list of Google Workspace services that support Access Transparency, see Access Transparency: View logs on Google access to user content.
For information about viewing and understanding the Access Transparency logs that Google Workspace services generate, see Viewing Access Transparency logs for Google Workspace.
For information about the audit logs that Google Workspace services generate, see Cloud Audit Logs for Google Workspace.