The GCP cloud sandbox provides a real Google Cloud Platform environment where you can learn through hands-on practice. This article details levels of support, limits, and restrictions to GCP services in the sandbox.
Tip: See our AI sandboxes article for a list of supported services in the GCP AI cloud sandbox. See Cloud sandboxes: getting started for specific instructions on how to start and sign in to the sandbox of your choice.
Global restrictions
The GCP cloud sandbox is compatible with a variety of tools and services within GCP. While we strive to offer you the most comprehensive training opportunity possible, there are some limits to what we can provide in a sandbox environment.
We enforce the following restrictions on our GCP sandbox. If you don’t have access to perform an action in the sandbox, you’ll be notified according to our Hands-on playground and labs abuse protocol.
GCP cloud sandboxes are restricted to these regions:
- US-East-1
- US-West-1
- US-Central-1
- Europe-West-1
- Australia-Southeast-1
Additional restrictions include:
- Cannot set/change quotas
- Cannot assign permissions to roles or users
Supported GCP services
Reference the table below to determine whether a GCP service is supported in the sandbox and to see additional limits and restrictions.
Note: This list is subject to change. We reserve the right to add, remove, or modify support for cloud services at any time.
| Service name | Level of support |
|---|---|
| AI and Machine Learning | |
| Vertex AI | Not supported |
| Vertex AI Workbench | Conditionally supported in GCP AI cloud sandbox |
| Vertex Explainable API | Not supported |
| AutoML | Supported |
| Dialogflow | Supported |
| Media Translation | Supported |
| Natural Language AI | Supported |
| Recommendations AI | Supported |
| Speech-to-Text | Supported |
| Text-to-Speech | Supported |
| Translation AI | Supported |
| Video AI | Supported |
| Vision AI | Supported |
| AI Infrastructure | Supported |
| Cloud GPUs | Supported |
| Cloud TPUs | Supported |
| Deep Learning VM Image | Supported |
| Deep Learning Containers | Supported |
| TensorFlow Enterprise | Supported |
| Contact Center AI | Supported |
| Document AI | Supported |
| Intelligent products (preview) | Supported |
| Product Discovery | Supported |
| Notebook LM | Not supported |
| API Management | |
| Apigee API Management | Not supported |
| Apigee Integration | Not supported |
| Apigee Hybrid | Not supported |
| AppSheet Automation | Supported |
| AppSheet | Supported |
| Apigee Open Banking APIx | Not supported |
| Apigee Sense | Not supported |
| HealthAPIx | Supported |
| Cloud Healthcare API | Supported |
| API Gateway | Supported |
| Compute | |
| App Engine |
Conditionally supported: Limits
Note: This limit applies to creating Compute instances outside of the normal Compute service, as well as with Vertex Workbenches in the GCP AI sandbox. Restrictions
|
| Bare Metal Solution | |
| Batch | |
| Compute Engine | |
| Migrate to Virtual Machines | |
| Spot VMs | |
| Recommender | |
| Shielded VMs | |
| Sole-tenant Nodes | |
| SQL Server on Google Cloud | |
| VMware Engine | |
| Cloud Run |
Conditionally supported (in addition to the above):
|
| Containers | |
| Artifact Registry | Supported |
| Cloud Build |
Conditionally supported:
|
| Container Registry | Supported |
| Container Security | Supported |
| Google Kubernetes Engine (GKE) |
Conditionally supported:
|
| Knative | Supported |
| Kubernetes applications on Google Cloud Marketplace | Supported |
| Data Analytics | |
| BigQuery | Supported |
| Looker | |
| Dataproc | |
| Dataflow | |
| Pub/Sub | |
| Cloud Data Fusion | |
| Data Catalog | |
| Cloud Composer | |
| Dataprep | |
| Dataplex | |
| Analytics Hub | |
| Looker Studio | |
| Google Marketing Platform | |
| Cloud Life Sciences (beta) | |
| Earth Engine | |
| BigLake | |
| Databases | |
| AlloyDB for PostgreSQL | Supported |
| Cloud Bigtable | Supported |
| Cloud Spanner |
Conditionally supported:
|
| Cloud SQL |
Conditionally supported:
See instructions to create compliant SQL instances. |
| Database Migration Service | Supported |
| Firestore | Supported |
| Firebase Realtime Database | Supported |
| Memorystore | Supported |
| Datastream | Supported |
| Developer Tools | |
| Assured Open Source Software | Supported |
| Cloud Code | |
| Cloud Scheduler | |
| Cloud SDK | |
| Cloud Source Repositories | |
| Cloud Tasks | |
| Cloud Workstations | |
| Firebase Crashlytics | |
| Firebase Test Lab | |
| Google Cloud Deploy | |
| Gradle App Engine Plugin | |
| Maven App Engine Plugin | |
| Tekton | |
| Tools for Eclipse | |
| Tools for PowerShell | |
| Financial Services | |
| Payment Gateway | Supported |
| Healthcare and Life Sciences | |
| Apigee healthcare APIx | Not supported |
| Device Connect for FitBit | Supported |
| Healthcare Natural Language AI | Supported |
| Medical Image Suite | Supported |
| Hybrid and Multicloud | |
| Anthos |
Conditionally supported:
|
| Cloud Run for Anthos | Not supported |
| Migrate to Containers | Supported |
| Google Distributed Cloud | Supported |
| Internet of Things (IoT) | |
| Edge TPU | Supported |
| IoT Core | |
| Management Tools | |
| Anthos Config | Not supported |
| Anthos Service Mesh | Not supported |
| Carbon Footprint | Supported |
| Cloud APIs |
Conditionally supported: Restricted APIs
|
| Cloud Console | Supported |
| Cloud Mobile App | Supported |
| Cloud Shell | Supported |
| Config Connector | Supported |
| Cost Management | Supported |
| Deployment Manager | Deprecated |
| Service Catalog | Supported |
| Terraform on Google Cloud | Supported |
| Media and Gaming | |
| Live Stream API | Supported |
| OpenCue | |
| Transcoder API | |
| Video Stitcher API | |
| Migration | |
| Application migration | Supported |
| BigQuery Data Transfer Service | |
| Cloud Foundation Toolkit | |
| Migration Center | |
| Transfer Appliance | |
| Networking | |
| Cloud Armor | Supported |
| Cloud CDN | |
| Cloud Domains | |
| Cloud DNS | |
| Cloud IDS | |
| Cloud Load Balancing | |
| Cloud NAT | |
| Hybrid Connectivity | |
| Media CDN | |
| Network Connectivity Center | |
| Network Intelligence Center | |
| Network Service Tiers | |
| Private Service Connect | |
| Service Directory | |
| Spectrum Access Systems (SAS) | |
| Traffic Director | |
| Virtual Private Cloud (VPC) | |
| Operations | |
| Cloud Logging | Supported |
| Cloud Monitoring | |
| Cloud Profiler | |
| Cloud Trace | |
| Cloud Error Reporting | |
| Security and Identity | |
| Access Transparency | Supported |
| Assured Workloads | Supported |
| Cloud Asset Inventory | Supported |
| Cloud Data Loss | Supported |
| Cloud Key Management | Supported |
| Confidential Computing | Supported |
| Cloud Firewall | Supported |
| Secret Manager | Supported |
| VPC Service Controls | Supported |
| Security Command Center | Supported |
| Cloud Identity | Supported |
| Identity-Aware Proxy | Not supported |
| Identity and Access Management | Not supported |
| Managed Service for Microsoft Active Directory | Supported |
| Policy Intelligence | Supported |
| Software Delivery Shield | Supported |
| BeyondCorp Enterprise | Supported |
| Certificate Authority Service | Supported |
| Titan Security Key | Supported |
| reCAPTCHA Enterprise | Supported |
| Identity Platform | Supported |
| Web Risk | Supported |
| Mandiant Threat Intelligence | Supported |
| Mandiant Attack Surface Management | Supported |
| Mandiant Digital Threat Monitoring | Supported |
| Mandiant Security Validation | Supported |
| Mandiant Ransomware Defense Validation | Supported |
| Virus Total | Supported |
| Chronicle SIEM | Supported |
| Chronicle SOAR | Supported |
| Mandiant Automated Defense | Supported |
| Mandiant Managed Detection and Response | Supported |
| Mandiant Breach Analytics for Chronicle | Supported |
| Mandiant Incident Response Services | Supported |
| Mandiant Consulting Services | Supported |
| Mandiant Expertise on Demand | Supported |
| Mandiant Academy | Supported |
| Serverless Computing | |
| Cloud Functions |
Conditionally supported:
|
| Workflows | Supported |
| Storage | |
| Storage Transfer Service | Supported |
| Cloud Storage | |
| Cloud Storage for Firebase | |
| Filestore | |
| Google Workspace Essentials Local SSD | |
| Persistent Disk | |
| Google Cloud Backup and DR | |
| Additional Google products | |
| Google Workspace | Supported |
| Google Maps Platform | Supported |
| Chrome Enterprise | Supported |
| Other | |
| Google Cloud Support | Not supported |
| Billing | Not supported |
Google SQL instances
The Google default machine type does not comply with our Terms of Use (opens in new tab). You are permitted to run a maximum of four Google SQL instances. When creating a SQL instance, follow these steps to ensure your instance complies with our terms:
- On the Google Cloud dashboard, click Cloud SQL in the navigation menu.
- Click Create instance and choose your database engine.
- For MySQL or PostgreSQL, under Choose a Cloud SQL edition, select Enterprise.
- Scroll down to Customize your instance and click Show configuration options.
- Expand Machine configuration. Under Machine shapes, choose 2vCPU, 8 GB or smaller.
- Expand Storage. Under Storage capacity, you may choose up to 100 GB of storage.
- Click Create instance.
Hands-on playground abuse
We actively monitor the Hands-on playground for abusive, prohibited, or otherwise unacceptable behavior that goes against the educational purpose of these tools. Abuse of the Hands-on playground is enforced by our Hands-on playground and labs abuse protocol to ensure compliance with the Terms of Use (opens in new tab) you agreed to at sign-up.
To avoid workarounds, we don’t provide specifics of what we look for to identify abuse or how we identify it, but a few general examples of misuse and abuse are listed below:
- Incorrect instance type
- Ten or more instances created at a time
- Ten or more vCPU across all instances
- Any individual instance with memory exceeding 8 GB
- More than four SQL instances
- Attempting to use resources for crypto mining
- Excessive network traffic
- DDoS or port scanning external hosts
- Using an Accelerator
This list is not comprehensive, so if you have questions, requests, or want to check whether an activity is allowed in the sandbox, contact Support prior to starting the activity.
Learn, have fun, and please respect the playground.