See the supported connectors for Application Integration.

Manage regions

Application Integration is regional, which means the infrastructure that runs your integrations is located in a specific region, and Google manages it so that it is available redundantly across all of the zones within that region. Apart from selecting the initial provisioning region for Application Integration during the setup process, you can also enable or provision new regions to create and manage your integrations within the same Google Cloud project.

This page describes the steps needed to successfully provision a new Application Integration region and edit an exiting region in your Google Cloud project.

Before you begin

Enable the following APIs:

Provision new region

To provision a new region for Application Integration in your Google Cloud project, select one of the options:

Console

  1. Go to the Application Integration page.

    Go to Application Integration

  2. In the navigation menu, click Regions

    The Regions page appears listing all the regions provisioned in your project.

  3. Click Provision new region.
  4. Configure the following fields in the Provision new region page:
    1. Region: Select the new regional location that you want to provision.

      For information about the supported Application Integration regions, see Application Integration locations.

    2. Advanced settings: Optionally, expand and select the encryption method that you want to use in the selected region. You can choose one of the following methods:
      • Google-managed encryption key: This is the default encryption method. Use this method if you want Google to manage the encryption keys that protect your data in the selected region.
      • Customer-managed encryption key (CMEK): Use this method if you want to control and manage the encryption keys that protect your data in the selected region.
        1. Click Select a customer-managed key and choose an existing CMEK key available in the selected region. You can also create a new key or use the Key resource ID of your existing key.
        2. Click Verify to check if your default service account has cryptokey access to the selected CMEK key.
        3. If the verification for the selected CMEK key fails, click Grant to assign the CryptoKey Encrypter/Decrypter IAM role to the default service account.
        For more information about CMEK, see Customer-managed encryption keys.
  5. Click Done.

Terraform

Use the google_integrations_client resource. The following example provisions the us-east1 region:

resource "random_id" "default" {
  byte_length = 8
}

resource "google_kms_key_ring" "default" {
  name     = "${random_id.default.hex}-example-keyring"
  location = "us-east1"
}

resource "google_kms_crypto_key" "default" {
  name            = "crypto-key-example"
  key_ring        = google_kms_key_ring.default.id
  rotation_period = "7776000s"
}

resource "google_kms_crypto_key_version" "default" {
  crypto_key = google_kms_crypto_key.default.id
}

resource "google_service_account" "default" {
  account_id   = "service-account-id"
  display_name = "Service Account"
}

resource "google_integrations_client" "example" {
  location                   = "us-east1"
  create_sample_integrations = true
  run_as_service_account     = google_service_account.default.email
  cloud_kms_config {
    kms_location   = "us-east1"
    kms_ring       = basename(google_kms_key_ring.default.id)
    key            = basename(google_kms_crypto_key.default.id)
    key_version    = basename(google_kms_crypto_key_version.default.id)
    kms_project_id = data.google_project.default.project_id
  }
}

Edit region

You can edit an existing region to enable or disable integration governance, and to update the data encryption method for the region.

To edit an existing region in Application Integration, perform the following steps:

  1. In the Google Cloud console, go to the Application Integration page.

    Go to Application Integration

  2. In the navigation menu, click Regions.

    The Regions page appears, listing the provisioned regions in Application Integration.

  3. For the existing region that you want to edit, in the Actions column, click Region actions and select Edit.

    The Edit region pane appears.

  4. Expand Advanced settings.
  5. To enable or disable integration governance for the selected region, click the Enable governance toggle.
  6. To enable masking for variables, in the Variable Masking section, click the Enable Variable Masking in logs toggle. This feature is in preview.

    For information about masking, see Mask sensitive data in logs.

  7. To enable CMEK encryption for selected region, select Customer-managed encryption key (CMEK), and do the following:
    1. Select a CMEK key from the available drop-down list. The CMEK keys listed in the drop-down are based on the provisioned region. To create a new key, see Create new CMEK key.
    2. Click Verify to check if your default service account has cryptokey access to the selected CMEK key.
    3. If the verification for the selected CMEK key fails, click Grant to assign the CryptoKey Encrypter/Decrypter IAM role to the default service account.
  8. Click Done to complete editing the region.