View and edit the details of a Looker (Google Cloud core) instance

You can find and edit information about a project's Looker (Google Cloud core) instances in the Google Cloud console.

Viewing instance information

Looker (Google Cloud core) instances that are associated with the selected Google Cloud project are listed on the Instances page in the Google Cloud console — including instances that are created by other users in your organization.

Required role

To view information on the Instances page, you must have the Looker Admin (roles/looker.admin) or the Looker Viewer (roles/looker.viewer) role.

You might also be able to get this permission with custom roles or other predefined roles.

The Instances page

The Instances page displays this information about each instance:

  • Status:
    • A green circle with a check mark is shown if the instance was created successfully and is active.
    • A loading icon is shown if the instance creation is in progress.
  • Name: The name of the instance that was provided by the instance creator when the instance was created. Click the name to navigate to the Details tab, which shows additional information about the selected instance.
  • Instance URL: The URL at which an instance using public IP can be accessed. By default, instance URLs take the form https://hostname.looker.app, where the hostname is randomly assigned. Click the URL to navigate to the instance.

  • Version: The Looker version that's running on the instance.

  • Region: The region in which the instance is hosted.

  • Created Date: The date on which the instance was created.

Instance tabs

From the Instances page, click an instance's name to view more information about the instance. After you click the name, an instance configuration page appears with information in the following tabs:

Details tab

The Details tab shows additional instance metadata:

  • Platform Edition: The instance's edition. Options are Standard, Enterprise, and Embed.
  • Create Time: The time at which the instance was created.
  • Update Time: The time at which the instance was most recently updated.
  • Public IP Enabled: Whether the instance's network connection is enabled for public IP. If it's enabled, true is shown. If it's not enabled, false is shown.
  • Private IP Enabled: Whether the instance's network connection is enabled for private IP (private services access) connection. If it's enabled, true is shown. If it's not enabled, false is shown. This setting shows false if the instance's network connection uses Private Service Connect.
  • PSC Enabled: Whether the instance's network connection is enabled for Private Service Connect. If it's enabled, true is shown. If it's not enabled, false is shown.
  • Looker Service Attachment URI: This setting appears if PSC Enabled is true. It displays the URI for the Private Service Connect service attachment for Looker (Google Cloud core).
  • Allowed VPCs: This setting appears if PSC Enabled is true. It contains a list of the VPCs that have authorized northbound access into the Private Service Connect instance.
  • Service Attachments: This setting appears if PSC Enabled is true. It contains a list of the southbound (egress) connections for the Private Service Connect instance.
  • Egress Public IP: The egress public IP address, which was automatically assigned when the instance was created (for instances with a public IP network connection). If no value has been assigned, No value is shown.
  • Ingress Public IP: The ingress public IP address, which was automatically assigned when the instance was created (for instances with a public IP network connection).
  • Ingress Private IP: The ingress private IP address for the instance (for instances with a private IP (private services access) network connection). If the instance was created with only a public IP network connection or with Private Service Connect, No value is shown.
  • Associated Network: The network selected to make a private connection (for instances with a private IP network connection). If the instance was created with only a public IP network connection, No value is shown.
  • Allocated IP Range: The range of IP addresses assigned by the instance creator or by Google when the instance was created (for instances with a private IP network connection). If the instance was created with only a public IP network connection, No value is shown.
  • Maintenance Window: The day of the week and the hour in which Looker (Google Cloud core) schedules maintenance, if a maintenance window has been defined for your instance. Maintenance windows last for one hour. If a maintenance window has not been defined, No value is shown.
  • Scheduled Maintenance: The scheduled date and time of upcoming maintenance for your instance. If maintenance has not been scheduled, No value is shown.
  • Deny Maintenance Period: A time period during which Looker (Google Cloud core) does not schedule maintenance, if a deny maintenance period has been configured for your instance.
    • Start Date: The start date for the deny maintenance period. If a deny maintenance period has not been scheduled, No value is shown.
    • End Date: The end date for the deny maintenance period. If a deny maintenance period has not been scheduled, No value is shown.
    • Time: The time at which the deny maintenance period begins and ends on the start date and end date you specified. If a deny maintenance period has not been scheduled, No value is shown.
  • Last Deny Maintenance Period: The start date and end date for the most recent deny maintenance period. You must allow at least 14 days of maintenance availability between any two deny maintenance periods.
    • Start Date: The start date for the most recent deny maintenance period. If a deny maintenance period was not scheduled previously, No value is shown.
    • End Date: The end date for the deny maintenance period. If a deny maintenance period was not scheduled previously, No value is shown.
    • Time: The time at which the previous deny maintenance period began and ended on the start date and end date for that deny maintenance period. If a deny maintenance period was not scheduled previously, No value is shown.
  • Encryption: The type of encryption for the Looker (Google Cloud core) instance. If the instance was created with the default Google-managed encryption, Google-managed encryption key is shown. If the instance was created with CMEK, Customer-managed encryption key (CMEK) is shown, along with the key identifier and a link to the key. You may need a Cloud KMS IAM role or permission on the key being used to see the status of the CMEK encryption key.
  • Email Domain Allowlist: The Email Domain Allowlist setting defines the email domains to which your Looker (Google Cloud core) users can deliver Looker content — Looks, dashboards, queries with visualizations — or alert notifications through email. By default, there are no domains in the allowlist at the time of instance creation and Looker (Google Cloud core) users with appropriate Looker permissions to email content can email content to any domain. To limit content deliveries and alert notifications to email addresses with a specific domain, edit the instance configuration to restrict the domain(s) to which users can send emails. To learn more about the email domain allowlist and how it interacts with permissions and user attributes, see the Email domain allowlist for scheduled content documentation.

Custom domain tab

The Custom domain tab provides an optional means to customize the URL to access the instance with a custom domain.

Looker Studio Pro tab

In the Looker Studio Pro tab, you can accept the complimentary Looker Studio Pro licenses that have been allocated to your Looker (Google Cloud core) instance. If the Accept Looker Studio Pro licenses toggle is enabled, you have accepted the complimentary licenses.

This tab also indicates the name of the Google Cloud project that hosts your Looker Studio Pro subscription content.

Edit Looker (Google Cloud core) instance settings

Required role

To get the permissions that you need to edit Looker (Google Cloud core) instance settings, ask your administrator to grant you the Looker Admin (roles/looker.admin) IAM role on the project in which the instance was created. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Editing settings

To modify instance settings, select one of the following options:

console

On the instance Details tab, click Edit to modify these settings:

  • OAuth Application Credentials: Before you edit this setting, be sure to set up the new credentials and add the instance's domain to the Authorized redirect URIs field in the OAuth client.

  • Network connection: Your instance configuration must specify a network connection. If you have an instance that uses private services access, you can add or remove a public IP connection. Otherwise, this setting cannot be edited.

  • Maintenance Window: You can optionally specify the day of the week and the hour in which Looker (Google Cloud core) schedules maintenance. Maintenance windows last for one hour. By default, the Preferred Window option in the Maintenance Window is set to Any window.

  • Deny Maintenance Period: You can optionally specify a block of days in which Looker (Google Cloud core) does not schedule maintenance. Deny maintenance periods can be up to 60 days long. You must allow at least 14 days of maintenance availability between deny maintenance windows.

  • Email Domain Allowlist: When there are no domains in the Email Domain Allowlist, email domains are not restricted. To restrict domains, enter the domain or domains to be allowed in the format domain.suffix and click Enter on your keyboard. If you make changes to the Email Domain Allowlist for an instance, the Looker (Google Cloud core) instance must restart, and, if there are any running persistent derived tables within the instance, they will be regenerated. To learn more about the email domain allowlist and how it interacts with permissions and user attributes, see the Email domain allowlist for scheduled content documentation.

When you have made your changes, click Save.

gcloud


gcloud looker instances update (INSTANCE_NAME : --region=REGION)
    [--allowed-email-domains=[ALLOWED_EMAIL_DOMAINS,...]] [--async]
    [--oauth-client-id=OAUTH_CLIENT_ID]
    [--oauth-client-secret=OAUTH_CLIENT_SECRET] [--public-ip-enabled]
    [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE
      --deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE
      --deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME]
    [--maintenance-window-day=MAINTENANCE_WINDOW_DAY
      --maintenance-window-time=MAINTENANCE_WINDOW_TIME]

Replace the following:

  • INSTANCE_NAME: the name for your Looker (Google Cloud core) instance; it is not associated with the instance URL.
  • REGION: the region in which your Looker (Google Cloud core) instance is hosted.
  • ALLOWED_EMAIL_DOMAINS: when there are no domains in --allowed-email-domains, email domains are not restricted. To restrict domains, add the domain or domains to be allowed in the format domain.suffix. If you make changes to the allowed email domains for an instance, the Looker (Google Cloud core) instance must restart, and, if there are any running persistent derived tables within the instance, they will be regenerated. To learn more about the email domain allowlist and how it interacts with permissions and user attributes, see the Email domain allowlist for scheduled content documentation.
  • OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET: the OAuth client ID and OAuth secret that you have set up with your OAuth client.
  • DENY_MAINTENANCE_PERIOD_START_DATE and DENY_MAINTENANCE_PERIOD_END_DATE: must be in the format YYYY-MM-DD.
  • MAINTENANCE_WINDOW_TIME and DENY_MAINTENANCE_PERIOD_TIME: must be in UTC time in 24-hour format (for example, 13:00, 17:45).
  • MAINTENANCE_WINDOW_DAY: must be one of the following: friday, monday, saturday, sunday, thursday, tuesday, wednesday. See the Manage maintenance policies for Looker (Google Cloud core) documentation page for more information about maintenance window settings.

You may also include the following flags:

  • --public-ip-enabled enables public IP.
  • --no-public-ip-enabled disables public IP.

If you have selected both public IP and private IP for your instance's network connection, you can disable the public IP option only. You cannot change your network connection from public IP to private IP or from private IP to public IP once the instance is created.

Before you update OAuth credentials, be sure to set up the new credentials and add the instance's domain to the Authorized redirect URIs field in the OAuth client.

What's next