Private networking for Google BigQuery now on by default
As part of our ongoing investment in private networking and secure access to additional data platforms, Immuta is introducing private networking for Google BigQuery.
What's changing
- Previously, Immuta's services connected to BigQuery via its public endpoints.
- Immuta has now enabled Private Service Connect (PSC) for all Google API traffic in our SaaS environment, including BigQuery.
Why this change?
The incoming caller IP seen by BigQuery will change from a public IP (e.g., 35.x.x.x) to an internal IP (e.g., 10.x.x.x). Existing allowlists that only look for public IPs will deny this new internal traffic.
Impact
If you manage a BigQuery dataset or project that uses VPC Service Controls (VPC-SC) or IAM Conditions to allow specific public IPs, the connection from Immuta will stop working unless updates are made.
In order to prevent this breakage from happening, we recommend that you update VPC-SC to allow our SaaS VPCs to access the BigQuery instance. This will allow a seamless way for both the public IPs and the VPC to connect so there is no loss of connectivity.
To get the VPC information for the new VPC-SC policy, please contact Immuta Support.
