google-cloud-platform google-bigquery google-cloud-iam aaa-security-protocol

Google Managed Services (BigQuery,Cloud Storage etc) via a VPC/VPN

We are planning to use Big Query and Cloud Storage but have questions regarding access via VPN/VPC.

As Big Query, GCS are managed services is it correct to assume that it is not possible to restrict access to project level buckets and data sets to connections inbound to the VPC.

As we understand it, these services authenticate against Googles Global API Infrastructure and by definition are publicly exposed.

Is it possible to restrict access to Google Managed Services to a inbound VPC connection and remove public / internet based authentication and authorization for our projects?

Solution

I think this can be achieved through something now called "Private Service Connect" under GCP

https://cloud.google.com/vpc/docs/private-service-connect

https://medium.com/google-cloud/private-service-connect-c99e3e94537b

Pyspark on GCP Dataproc - Partial reading of data for gzip encoded Cloud Storage files
Google Cloud Functions - ImportError: cannot import name 'InvalidKeyError' from 'jwt.exceptions'
_CHANGE_TYPE not working when streaming Google Big Query rows from Pub/Sub
Realtime database `onValueWritten` event does not trigger in emulator
Error 400: invalid_scope with Postman and Google OAuth2
Firebase Firestore REST Request - Query and Filter
`IAM_PERMISSION_DENIED` on a deployed service on GCP, but no errors on localhost
Error 400 invalid JSON Payload Unknown name generationConfig on an AI API Curl command
Restricting usage for an Android key for a Google API
Google Cloud Function The request was aborted because there was no available instance
How to properly create URL Masking for Cloud Functions to create a NEG?
Deploying an Angular app on Google Cloud with minimal costs
Cloud Run For Anthos With Terraform
Flagging a row in new column based on conditions on previous and current rows
Cant access Firebase Admin SDK via Node.js on my VPS, but I can on my local machine
TypeError: __call__() missing 1 required positional argument: 'context' error when deploying on GCP
Why GCP loadbalancer frontend has only two ports enabled?
New Google place api using google OAuth, ask failed to refresh token
Is it possible to display context of the search result in gcp logging
Is there float32 precision on Google TPU?
BigQuery : is it possible to iterate over an array?
oauth 2 parameters can only have a single value: scope
Correct use of gcloud --sort-by combined with --limit
Is PIVOT Operator supported in Big Query Materialized view?
App attestation failed with Firebase App check in release on Android
Why doesn't the offline cloud firestore documentation have code for offline query indexes for flutter?
Migrating from legacy Google FCM to HTTP v1 for push notifications
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Can we update a field due to its value without reading it in firebase?
Use process.env variables inside next.config.js