The following table lists products and services that are supported by Sovereign Controls by Partners for each data boundary. If a service isn't listed for a given data boundary, that service is unsupported and hasn't met the control requirements for the data boundary. Unsupported products aren't recommended for use by Sovereign Controls by Partners customers without due diligence and a thorough understanding of your responsibilities in the shared responsibility model. Unsupported products may share an API endpoint with supported products, making them available to all users.
| Data boundary | Supported products | API services 1 |
|---|---|---|
| France Data Boundary by S3NS | Access Context Manager |
accesscontextmanager.googleapis.com |
| Access Transparency |
accessapproval.googleapis.com |
|
| Artifact Registry |
artifactregistry.googleapis.com |
|
| Backup for GKE |
gkebackup.googleapis.com |
|
| BigQuery [2] |
bigquery.googleapis.combigqueryconnection.googleapis.combigquerydatapolicy.googleapis.combigqueryreservation.googleapis.combigquerystorage.googleapis.com |
|
| BigQuery Data Transfer Service [2] |
bigquerydatatransfer.googleapis.com |
|
| Bigtable |
bigtable.googleapis.combigtableadmin.googleapis.com |
|
| Binary Authorization |
binaryauthorization.googleapis.com |
|
| Certificate Authority Service |
privateca.googleapis.com |
|
| Cloud Build |
cloudbuild.googleapis.com |
|
| Cloud DNS |
dns.googleapis.com |
|
| Cloud External Key Manager (Cloud EKM) |
cloudkms.googleapis.com |
|
| Cloud HSM |
cloudkms.googleapis.com |
|
| Cloud Interconnect |
compute.googleapis.com |
|
| Cloud Key Management Service (Cloud KMS) |
cloudkms.googleapis.com |
|
| Cloud Load Balancing |
compute.googleapis.com |
|
| Cloud Logging |
logging.googleapis.com |
|
| Cloud Monitoring [3] |
monitoring.googleapis.com |
|
| Cloud NAT |
networkconnectivity.googleapis.com |
|
| Cloud Router |
networkconnectivity.googleapis.com |
|
| Cloud Run |
run.googleapis.com |
|
| Cloud SQL |
sqladmin.googleapis.com |
|
| Cloud Service Mesh |
mesh.googleapis.commeshca.googleapis.commeshconfig.googleapis.comtrafficdirector.googleapis.comnetworkservices.googleapis.com |
|
| Cloud Storage |
storage.googleapis.com |
|
| Cloud VPN |
compute.googleapis.com |
|
| Cloud Workstations |
workstations.googleapis.com |
|
| Compute Engine |
compute.googleapis.com |
|
| Connect |
gkeconnect.googleapis.comconnectgateway.googleapis.com |
|
| Dataflow |
dataflow.googleapis.comdatapipelines.googleapis.com |
|
| Filestore |
file.googleapis.com |
|
| Firebase Security Rules |
firebaserules.googleapis.com |
|
| Firestore |
firestore.googleapis.com |
|
| GKE Hub |
gkehub.googleapis.com |
|
| GKE Identity Service |
anthosidentityservice.googleapis.com |
|
| Google Cloud Armor |
compute.googleapis.comnetworksecurity.googleapis.com |
|
| Google Kubernetes Engine |
container.googleapis.comcontainersecurity.googleapis.com |
|
| Identity and Access Management (IAM) |
iam.googleapis.compolicytroubleshooter.googleapis.com |
|
| Identity-Aware Proxy |
iap.googleapis.com |
|
| Knowledge Catalog |
dataplex.googleapis.comdatalineage.googleapis.com |
|
| Managed Service for Apache Airflow |
composer.googleapis.com |
|
| Managed Service for Apache Spark |
dataproc-control.googleapis.comdataproc.googleapis.com |
|
| Memorystore for Redis |
redis.googleapis.com |
|
| Network Connectivity Center |
networkconnectivity.googleapis.com |
|
| Organization Policy Service |
orgpolicy.googleapis.com |
|
| Persistent Disk |
compute.googleapis.com |
|
| Pub/Sub |
pubsub.googleapis.com |
|
| Resource Manager |
cloudresourcemanager.googleapis.com |
|
| Secret Manager |
secretmanager.googleapis.com |
|
| Secure Source Manager |
securesourcemanager.googleapis.com |
|
| Sensitive Data Protection |
dlp.googleapis.com |
|
| Spanner |
spanner.googleapis.com |
|
| Speech-to-Text |
speech.googleapis.com |
|
| VPC Service Controls |
accesscontextmanager.googleapis.com |
|
| Virtual Private Cloud (VPC) |
compute.googleapis.com |
|
| Germany Data Boundary by T-Systems | Access Context Manager |
accesscontextmanager.googleapis.com |
| Access Transparency |
accessapproval.googleapis.com |
|
| Artifact Registry |
artifactregistry.googleapis.com |
|
| Backup for GKE |
gkebackup.googleapis.com |
|
| BigQuery [2] |
bigquery.googleapis.combigqueryconnection.googleapis.combigquerydatapolicy.googleapis.combigqueryreservation.googleapis.combigquerystorage.googleapis.com |
|
| BigQuery Data Transfer Service [2] |
bigquerydatatransfer.googleapis.com |
|
| Bigtable |
bigtable.googleapis.combigtableadmin.googleapis.com |
|
| Binary Authorization |
binaryauthorization.googleapis.com |
|
| Certificate Authority Service |
privateca.googleapis.com |
|
| Cloud Build |
cloudbuild.googleapis.com |
|
| Cloud DNS |
dns.googleapis.com |
|
| Cloud External Key Manager (Cloud EKM) |
cloudkms.googleapis.com |
|
| Cloud HSM |
cloudkms.googleapis.com |
|
| Cloud Interconnect |
compute.googleapis.com |
|
| Cloud Key Management Service (Cloud KMS) |
cloudkms.googleapis.com |
|
| Cloud Load Balancing |
compute.googleapis.com |
|
| Cloud Logging |
logging.googleapis.com |
|
| Cloud Monitoring [3] |
monitoring.googleapis.com |
|
| Cloud NAT |
networkconnectivity.googleapis.com |
|
| Cloud Router |
networkconnectivity.googleapis.com |
|
| Cloud Run |
run.googleapis.com |
|
| Cloud SQL |
sqladmin.googleapis.com |
|
| Cloud Service Mesh |
mesh.googleapis.commeshca.googleapis.commeshconfig.googleapis.comtrafficdirector.googleapis.comnetworkservices.googleapis.com |
|
| Cloud Storage |
storage.googleapis.com |
|
| Cloud VPN |
compute.googleapis.com |
|
| Cloud Workstations |
workstations.googleapis.com |
|
| Compute Engine |
compute.googleapis.com |
|
| Connect |
gkeconnect.googleapis.comconnectgateway.googleapis.com |
|
| Dataflow |
dataflow.googleapis.comdatapipelines.googleapis.com |
|
| Filestore |
file.googleapis.com |
|
| Firebase Security Rules |
firebaserules.googleapis.com |
|
| Firestore |
firestore.googleapis.com |
|
| GKE Hub |
gkehub.googleapis.com |
|
| GKE Identity Service |
anthosidentityservice.googleapis.com |
|
| Google Cloud Armor |
compute.googleapis.comnetworksecurity.googleapis.com |
|
| Google Kubernetes Engine |
container.googleapis.comcontainersecurity.googleapis.com |
|
| Identity and Access Management (IAM) |
iam.googleapis.compolicytroubleshooter.googleapis.com |
|
| Identity-Aware Proxy |
iap.googleapis.com |
|
| Knowledge Catalog |
dataplex.googleapis.comdatalineage.googleapis.com |
|
| Managed Service for Apache Airflow |
composer.googleapis.com |
|
| Managed Service for Apache Spark |
dataproc-control.googleapis.comdataproc.googleapis.com |
|
| Memorystore for Redis |
redis.googleapis.com |
|
| Network Connectivity Center |
networkconnectivity.googleapis.com |
|
| Organization Policy Service |
orgpolicy.googleapis.com |
|
| Persistent Disk |
compute.googleapis.com |
|
| Pub/Sub |
pubsub.googleapis.com |
|
| Resource Manager |
cloudresourcemanager.googleapis.com |
|
| Secret Manager |
secretmanager.googleapis.com |
|
| Secure Source Manager |
securesourcemanager.googleapis.com |
|
| Sensitive Data Protection |
dlp.googleapis.com |
|
| Spanner |
spanner.googleapis.com |
|
| Speech-to-Text |
speech.googleapis.com |
|
| VPC Service Controls |
accesscontextmanager.googleapis.com |
|
| Virtual Private Cloud (VPC) |
compute.googleapis.com |
|
| Italy Data Boundary by PSN | Access Context Manager |
accesscontextmanager.googleapis.com |
| Access Transparency |
accessapproval.googleapis.com |
|
| Artifact Registry |
artifactregistry.googleapis.com |
|
| Backup for GKE |
gkebackup.googleapis.com |
|
| BigQuery [2] |
bigquery.googleapis.combigqueryconnection.googleapis.combigquerydatapolicy.googleapis.combigqueryreservation.googleapis.combigquerystorage.googleapis.com |
|
| BigQuery Data Transfer Service [2] |
bigquerydatatransfer.googleapis.com |
|
| Bigtable |
bigtable.googleapis.combigtableadmin.googleapis.com |
|
| Binary Authorization |
binaryauthorization.googleapis.com |
|
| Certificate Authority Service |
privateca.googleapis.com |
|
| Cloud Build |
cloudbuild.googleapis.com |
|
| Cloud DNS |
dns.googleapis.com |
|
| Cloud External Key Manager (Cloud EKM) |
cloudkms.googleapis.com |
|
| Cloud HSM |
cloudkms.googleapis.com |
|
| Cloud Interconnect |
compute.googleapis.com |
|
| Cloud Key Management Service (Cloud KMS) |
cloudkms.googleapis.com |
|
| Cloud Load Balancing |
compute.googleapis.com |
|
| Cloud Logging |
logging.googleapis.com |
|
| Cloud Monitoring [3] |
monitoring.googleapis.com |
|
| Cloud NAT |
networkconnectivity.googleapis.com |
|
| Cloud Router |
networkconnectivity.googleapis.com |
|
| Cloud Run |
run.googleapis.com |
|
| Cloud SQL |
sqladmin.googleapis.com |
|
| Cloud Service Mesh |
mesh.googleapis.commeshca.googleapis.commeshconfig.googleapis.comtrafficdirector.googleapis.comnetworkservices.googleapis.com |
|
| Cloud Storage |
storage.googleapis.com |
|
| Cloud VPN |
compute.googleapis.com |
|
| Cloud Workstations |
workstations.googleapis.com |
|
| Compute Engine |
compute.googleapis.com |
|
| Connect |
gkeconnect.googleapis.comconnectgateway.googleapis.com |
|
| Dataflow |
dataflow.googleapis.comdatapipelines.googleapis.com |
|
| Filestore |
file.googleapis.com |
|
| Firebase Security Rules |
firebaserules.googleapis.com |
|
| Firestore |
firestore.googleapis.com |
|
| GKE Hub |
gkehub.googleapis.com |
|
| GKE Identity Service |
anthosidentityservice.googleapis.com |
|
| Google Cloud Armor |
compute.googleapis.comnetworksecurity.googleapis.com |
|
| Google Kubernetes Engine |
container.googleapis.comcontainersecurity.googleapis.com |
|
| Identity and Access Management (IAM) |
iam.googleapis.compolicytroubleshooter.googleapis.com |
|
| Identity-Aware Proxy |
iap.googleapis.com |
|
| Knowledge Catalog |
dataplex.googleapis.comdatalineage.googleapis.com |
|
| Managed Service for Apache Airflow |
composer.googleapis.com |
|
| Managed Service for Apache Spark |
dataproc-control.googleapis.comdataproc.googleapis.com |
|
| Memorystore for Redis |
redis.googleapis.com |
|
| Network Connectivity Center |
networkconnectivity.googleapis.com |
|
| Organization Policy Service |
orgpolicy.googleapis.com |
|
| Persistent Disk |
compute.googleapis.com |
|
| Pub/Sub |
pubsub.googleapis.com |
|
| Resource Manager |
cloudresourcemanager.googleapis.com |
|
| Secret Manager |
secretmanager.googleapis.com |
|
| Secure Source Manager |
securesourcemanager.googleapis.com |
|
| Sensitive Data Protection |
dlp.googleapis.com |
|
| Spanner |
spanner.googleapis.com |
|
| Speech-to-Text |
speech.googleapis.com |
|
| VPC Service Controls |
accesscontextmanager.googleapis.com |
|
| Virtual Private Cloud (VPC) |
compute.googleapis.com |
|
| Kingdom of Saudi Arabia Data Boundary Advanced by CNTXT | Access Context Manager |
accesscontextmanager.googleapis.com |
| Access Transparency |
accessapproval.googleapis.com |
|
| Artifact Registry |
artifactregistry.googleapis.com |
|
| BigQuery [2] |
bigquery.googleapis.combigqueryconnection.googleapis.combigquerydatapolicy.googleapis.combigqueryreservation.googleapis.combigquerystorage.googleapis.com |
|
| Bigtable |
bigtable.googleapis.combigtableadmin.googleapis.com |
|
| Certificate Authority Service |
privateca.googleapis.com |
|
| Cloud Build |
cloudbuild.googleapis.com |
|
| Cloud DNS |
dns.googleapis.com |
|
| Cloud External Key Manager (Cloud EKM) |
cloudkms.googleapis.com |
|
| Cloud HSM |
cloudkms.googleapis.com |
|
| Cloud Interconnect |
compute.googleapis.com |
|
| Cloud Key Management Service (Cloud KMS) |
cloudkms.googleapis.com |
|
| Cloud Load Balancing |
compute.googleapis.com |
|
| Cloud Logging |
logging.googleapis.com |
|
| Cloud Monitoring [3] |
monitoring.googleapis.com |
|
| Cloud NAT |
networkconnectivity.googleapis.com |
|
| Cloud Next Generation Firewall |
compute.googleapis.com |
|
| Cloud Router |
networkconnectivity.googleapis.com |
|
| Cloud Run |
run.googleapis.com |
|
| Cloud SQL |
sqladmin.googleapis.com |
|
| Cloud Storage |
storage.googleapis.com |
|
| Cloud VPN |
compute.googleapis.com |
|
| Cloud Workstations |
workstations.googleapis.com |
|
| Compute Engine |
compute.googleapis.com |
|
| Connect |
gkeconnect.googleapis.comconnectgateway.googleapis.com |
|
| Dataflow |
dataflow.googleapis.comdatapipelines.googleapis.com |
|
| Essential Contacts |
essentialcontacts.googleapis.com |
|
| Filestore |
file.googleapis.com |
|
| Firebase Security Rules |
firebaserules.googleapis.com |
|
| Google Cloud Armor |
compute.googleapis.comnetworksecurity.googleapis.com |
|
| Google Kubernetes Engine |
container.googleapis.comcontainersecurity.googleapis.com |
|
| GKE Hub |
gkehub.googleapis.com |
|
| Identity and Access Management (IAM) |
iam.googleapis.compolicytroubleshooter.googleapis.com |
|
| Identity-Aware Proxy |
iap.googleapis.com |
|
| Knowledge Catalog |
dataplex.googleapis.comdatalineage.googleapis.com |
|
| Managed Service for Apache Spark |
dataproc-control.googleapis.comdataproc.googleapis.com |
|
| Memorystore for Redis |
redis.googleapis.com |
|
| Network Connectivity Center |
networkconnectivity.googleapis.com |
|
| Organization Policy Service |
orgpolicy.googleapis.com |
|
| Persistent Disk |
compute.googleapis.com |
|
| Personalized Service Health |
servicehealth.googleapis.com |
|
| Pub/Sub |
pubsub.googleapis.com |
|
| Resource Manager |
cloudresourcemanager.googleapis.com |
|
| Secret Manager |
secretmanager.googleapis.com |
|
| Secure Source Manager |
securesourcemanager.googleapis.com |
|
| Sensitive Data Protection |
dlp.googleapis.com |
|
| Spanner |
spanner.googleapis.com |
|
| VPC Service Controls |
accesscontextmanager.googleapis.comservicenetworking.googleapis.com |
|
| Virtual Private Cloud (VPC) |
compute.googleapis.com |
|
| Kingdom of Saudi Arabia Data Boundary Foundation by CNTXT | Access Context Manager |
accesscontextmanager.googleapis.com |
| Access Transparency |
accessapproval.googleapis.com |
|
| Artifact Registry |
artifactregistry.googleapis.com |
|
| BigQuery [2] |
bigquery.googleapis.combigqueryconnection.googleapis.combigquerydatapolicy.googleapis.combigqueryreservation.googleapis.combigquerystorage.googleapis.com |
|
| Bigtable |
bigtable.googleapis.combigtableadmin.googleapis.com |
|
| Certificate Authority Service |
privateca.googleapis.com |
|
| Cloud Build |
cloudbuild.googleapis.com |
|
| Cloud DNS |
dns.googleapis.com |
|
| Cloud External Key Manager (Cloud EKM) |
cloudkms.googleapis.com |
|
| Cloud HSM |
cloudkms.googleapis.com |
|
| Cloud Interconnect |
compute.googleapis.com |
|
| Cloud Key Management Service (Cloud KMS) |
cloudkms.googleapis.com |
|
| Cloud Load Balancing |
compute.googleapis.com |
|
| Cloud Logging |
logging.googleapis.com |
|
| Cloud Monitoring [3] |
monitoring.googleapis.com |
|
| Cloud NAT |
networkconnectivity.googleapis.com |
|
| Cloud Next Generation Firewall |
compute.googleapis.com |
|
| Cloud Router |
networkconnectivity.googleapis.com |
|
| Cloud Run |
run.googleapis.com |
|
| Cloud SQL |
sqladmin.googleapis.com |
|
| Cloud Storage |
storage.googleapis.com |
|
| Cloud VPN |
compute.googleapis.com |
|
| Cloud Workstations |
workstations.googleapis.com |
|
| Compute Engine |
compute.googleapis.com |
|
| Connect |
gkeconnect.googleapis.comconnectgateway.googleapis.com |
|
| Dataflow |
dataflow.googleapis.comdatapipelines.googleapis.com |
|
| Essential Contacts |
essentialcontacts.googleapis.com |
|
| Filestore |
file.googleapis.com |
|
| Firebase Security Rules |
firebaserules.googleapis.com |
|
| Google Cloud Armor |
compute.googleapis.comnetworksecurity.googleapis.com |
|
| Google Kubernetes Engine |
container.googleapis.comcontainersecurity.googleapis.com |
|
| GKE Hub |
gkehub.googleapis.com |
|
| Identity and Access Management (IAM) |
iam.googleapis.compolicytroubleshooter.googleapis.com |
|
| Identity-Aware Proxy |
iap.googleapis.com |
|
| Knowledge Catalog |
dataplex.googleapis.comdatalineage.googleapis.com |
|
| Managed Service for Apache Spark |
dataproc-control.googleapis.comdataproc.googleapis.com |
|
| Memorystore for Redis |
redis.googleapis.com |
|
| Network Connectivity Center |
networkconnectivity.googleapis.com |
|
| Organization Policy Service |
orgpolicy.googleapis.com |
|
| Persistent Disk |
compute.googleapis.com |
|
| Personalized Service Health |
servicehealth.googleapis.com |
|
| Pub/Sub |
pubsub.googleapis.com |
|
| Resource Manager |
cloudresourcemanager.googleapis.com |
|
| Secret Manager |
secretmanager.googleapis.com |
|
| Secure Source Manager |
securesourcemanager.googleapis.com |
|
| Sensitive Data Protection |
dlp.googleapis.com |
|
| Spanner |
spanner.googleapis.com |
|
| VPC Service Controls |
accesscontextmanager.googleapis.comservicenetworking.googleapis.com |
|
| Virtual Private Cloud (VPC) |
compute.googleapis.com |
Footnotes
1. Depending on the data boundary that you choose, different API endpoint types may be available. The API endpoints listed on this page are global API endpoints, but regional or locational API endpoints may be available or required for a given data boundary.
2. BigQuery is supported, but it isn't automatically enabled when you create a new
Assured Workloads folder due to an internal configuration process. This process normally
finishes in ten minutes, but can take much longer in some circumstances. To check whether the
process is finished and to enable BigQuery, complete the following steps:
- In the Google Cloud console, go to the Assured Workloads page.
- Select your new Assured Workloads folder from the list.
- On the Folder Details page in the Allowed services section, click Review Available Updates.
- In the Allowed services pane, review the services to be added to the
Resource Usage Restriction
organization policy for the folder. If BigQuery services are listed, click
Allow Services to add them.
If BigQuery services are not listed, wait for the internal process to complete. If the services are not listed within 12 hours of folder creation, contact Cloud Customer Care.
After the enablement process is completed, you can use BigQuery in your Assured Workloads folder.
Gemini in BigQuery is not supported by Assured Workloads.
3. Cloud Monitoring's Synthetic monitoring and Uptime checks features are not supported in Sovereign Controls by Partners.