Accessing regional API endpoints

This page explains how to use regional API endpoints (regional endpoints) in Google Cloud, which are available for the me-central2 (KSA) region.

Regional endpoints provide in-transit data residency capabilities by routing and serving traffic in the same Google Cloud region as the client. When a client calls a service using a regional endpoint, the client's TLS session terminates in the region indicated in the endpoint name. As a result, regional endpoints should only be used for workloads that have no dependencies outside of a single region or jurisdiction.

You can connect over the internet to public regional endpoints. For internet ingress traffic, these endpoints use best-effort routing to keep in-transit traffic local to the region (or jurisdiction) because they don't use the global Google Front End (GFE). Instead, they resolve to IP addresses that are announced only on the peering points closest to the selected region.

For example, a data engineer working in KSA can configure their client to use BigQuery in the me-central2 region (Dammam) by using the regional service endpoint bigquery.me-central2.rep.googleapis.com. Traffic is routed using Standard Tier, and the TLS session from their client will be terminated in me-central2.

In this scenario, the public VIP corresponding to the regional service endpoint will originate from an IP prefix announced by Google on the region's peering points. Thus, if the user is connected to a local ISP in KSA, traffic can be routed within its jurisdiction.

Regional endpoint format

Regional endpoints use the following format:

SERVICE_NAME.REGION.rep.googleapis.com

The placeholder values are defined as follows:

• SERVICE_NAME: A supported service endpoint name, such as bigquery.
• REGION: A supported Google Cloud region, such as me-central2.

The following example is a complete regional endpoint for BigQuery:

bigquery.me-central2.rep.googleapis.com

Supported regions and services

Regional endpoints are supported in the following regions:

Regional endpoints are supported by the following services:

Configuring a client to access regional endpoints from the public internet

To use regional endpoints from the public internet, you must first configure your client (such as the Google Cloud CLI or a Google Cloud SDK client library) to connect to a specific regional endpoint.

Configure the gcloud CLI

By default, the gcloud CLI uses global service endpoints, such as bigquery.googleapis.com. To use a regional service endpoint, you must configure the gcloud CLI to use them by completing the following steps.

1. If a supported service has not yet been enabled, enable it using the following command:

   gcloud services enable SERVICE_NAME

   Replace SERVICE_NAME with the name of a supported service you want to use. For example:

   gcloud services enable cloudkms

2. To use a regional service endpoint, you must configure the gcloud CLI by using the gcloud config set api_endpoint_overrides command:

   gcloud config set api_endpoint_overrides/SERVICE_NAME REGIONAL_API_URL

   Replace the following values with your own:

   • SERVICE_NAME: The name of the supported service you want to use. For example: cloudkms

   • REGIONAL_API_URL: The URL for the specific endpoint. For example:

     https://SERVICE_NAME.REGION_NAME.rep.googleapis.com/SERVICE_NAME/API_VERSION

     Replace the following values with your own:

     • REGION_NAME: The name of the required Google Cloud region. For example: me-central2
     • API_VERSION: The API version of the service you want to use. For example: v1. Note: Some services may not require this parameter.

     The following is an example REGIONAL_API_URL value:

     https://cloudkms.me-central2.rep.googleapis.com/cloudkms/v1

   Put together, the following is an example gcloud config set api_endpoint_overrides command for Cloud KMS:

   gcloud config set api_endpoint_overrides/cloudkms https://cloudkms.me-central2.rep.googleapis.com/cloudkms/v1

Now that gcloud CLI has been configured to use a regional service endpoint, future commands will use it as the default instead of the global service endpoint.

Configure Google Cloud SDK client libraries

By default, Google Cloud SDK client libraries use global service endpoints, such as pubsub.googleapis.com. To use a regional service endpoint, you must configure Google Cloud SDK client libraries to use them.

Python

Set the api_endpoint parameter in the ClientOptions class of the google-api-core package:

from google.api_core.client_options import ClientOptions

options = ClientOptions(api_endpoint = "pubsub.me-central2.rep.googleapis.com")
client = pubsub_v1.PublisherClient(client_options=options)

// Alternatively
client = pubsub_v1.PublisherClient(client_options={"api_endpoint": "pubsub.me-central2.rep.googleapis.com")

Java

Use the newBuilder method of the ImageAnnotatorSettings class in the com.google.cloud.vision package:

ImageAnnotatorSettings settings = ImageAnnotatorSettings.newBuilder()
  .setEndpoint("pubsub.me-central2.rep.googleapis.com")
  .build();
ImageAnnotatorClient client = ImageAnnotatorClient.create(settings);

Go

Use the WithEndpoint function in the ClientOptions package of the api package:

client, err := pubsub.NewClient(ctx, projID,
    option.WithEndpoint("pubsub.me-central2.rep.googleapis.com"), // Override endpoint

.NET

Set the Endpoint property in the client's ClientBuilder class in the Google.Cloud package of the library you are using:

string region = "me-central2";
var client = new DatasetServiceClientBuilder
{
    Endpoint = $"pubsub.{region}.rep.googleapis.com"
}.Build();