Bucket, KMS, and other APIs of google are not comm...

zaryabeocean · 02-10-2025 10:49 PM

Hello Team,

Hope you all are doing well.

Currently we are facing an issue that is breaking our compliance.

We have deployed our GCP VM in Damam Region (me-central2) and our Bucket and kMS service are also in same region Damam Region (me-central2) but when i try to connect from my VM to Bucket or KMS service or any google apis its leaving the damam, me-central2 region.
what is the alternative as i have very strict compliance that data should not leave the region in transit or in rest both.
we have observed this behaviour in logs of fortigate that is deployed through GCP market place.
Please guide how can i restrict communication within the damam region with all of the GCP APIs.

mokit

Hi, @zaryabeocean.

Do you have enable the Private Google Access on your VPC Subnet? If not, you can follow this steps to enable Private Google Access on your VPC Subnet:

Go to VPC Network in the Google Cloud Console.
Select the subnet that your VM is in.
Ensure Private Google Access is enabled on the subnet.

This will route traffic to Google services (including KMS and Cloud Storage) over the private network, within the region.

Regards,
Mokit

zaryabeocean

Thanks for the reply @mokit

Private Google Access is already enable on all subnets of VPC. After analyzing the logs in FortiGate Firewall that we have deployed from market place of GCP in same region (DAMMAM, me-central2), its still showing the different location.

Thanks

Bucket, KMS, and other APIs of google are not communicating in specific region