Private networking for Google BigQuery
As part of our ongoing investment in private networking and secure access to additional data platforms, Immuta is introducing private networking for Google BigQuery.
What's changing
- Today, Immuta's services connect to BigQuery via its public endpoints.
- Starting February 23, we will enable Private Service Connect (PSC) for all Google API traffic in our SaaS environment, including BigQuery.
Why this change?
The incoming caller IP seen by BigQuery will change from a public IP (e.g., 35.x.x.x) to an internal IP (e.g., 10.x.x.x). Existing allowlists that only look for public IPs will deny this new internal traffic.
Impact and timeline
If you manage a BigQuery dataset or project that uses VPC Service Controls (VPC-SC) or IAM Conditions to allow specific public IPs, the connection from Immuta will stop working on February 23 unless updates are made.
In order to prevent this breakage from happening, we recommend that you update VPC-SC to allow our SaaS VPCs to access the BigQuery instance. This will allow a seamless way for both the public IPs and the VPC to connect so there is no loss of connectivity. To get the VPC information for the new VPC-SC policy, please contact Immuta Support.
This release will follow Immuta’s behavior change release process. The specific dates for each phase in that process are outlined below.
- On by default: February 23 - March 17. Contact your Immuta representative before February 23 if you need to opt out during this period.
- Enabled for all production global segments: March 18. You will not be able to opt out.
👉 Please contact your Immuta representative as soon as possible to review next steps and avoid disruption.
