1. I am using following serverless resources in my solution design  - Cloud Storage,Cloud Dataflow, BigQuery and Cloud Composer. I believe Bigquery and Cloud storage (GCS Bucket) are PaaS model where they need not to be part of any VPC Network . They are associated with region and accessible using API endpoints and doesnt not have any IP address .Where as resources/Services like Cloud DataFlow, Cloud Composer has to be associated with some VPC Network when you configure it.

2.In order to access these services from your "GCP Project" on Internal network you need to enable "Private Google Access" on your Subnet !!

If my above statement is correct where and how should I represent these resources in Architecture diagram . I assume they are not part of my Shared VPC network (Host Project) or Service Project or google Managed VPC  ? They must be part of overall Global VPC though !

I show resources like GCP compute, NLBs in internal zone project VPC , CloudSQL like services in Google managed VPC.But could no figure out of these serverless services. !! Please advice