The GCP cloud sandbox provides a real Google Cloud Platform environment where you can learn through hands-on practice. This article details levels of support, limits, and restrictions to GCP services in the sandbox.
Tip: See our AI sandboxes article for a list of supported services in the GCP AI cloud sandbox. See Cloud sandboxes: getting started for specific instructions on how to start and sign in to the sandbox of your choice.
Global restrictions
The GCP cloud sandbox is compatible with a variety of tools and services within GCP. While we strive to offer you the most comprehensive training opportunity possible, there are some limits to what we can provide in a sandbox environment.
We enforce the following restrictions on our GCP sandbox. If you don’t have access to perform an action in the sandbox, you’ll be notified according to our Hands-on playground and labs abuse protocol.
GCP cloud sandboxes are restricted to these regions:
- US-East-1
- US-West-1
- US-Central-1
- Europe-West-1
- Australia-Southeast-1
Additional restrictions include:
- Cannot set/change quotas
- Cannot assign permissions to roles or users
Supported GCP services
Reference the table below to determine whether a GCP service is supported in the sandbox and to see additional limits and restrictions.
Note: This list is subject to change. We reserve the right to add, remove, or modify support for cloud services at any time.
| Service name | Level of support |
|---|---|
| AI and Machine Learning | |
| Vertex AI | Not supported |
| Vertex AI Workbench | Conditionally supported in GCP AI cloud sandbox |
| Vertex Explainable API | Not supported |
| AutoML | Supported |
| Dialogflow | Supported |
| Media Translation | Supported |
| Natural Language AI | Supported |
| Recommendations AI | Supported |
| Speech-to-Text | Supported |
| Text-to-Speech | Supported |
| Translation AI | Supported |
| Video AI | Supported |
| Vision AI | Supported |
| AI Infrastructure | Supported |
| Cloud GPUs | Supported |
| Cloud TPUs | Supported |
| Deep Learning VM Image | Supported |
| Deep Learning Containers | Supported |
| TensorFlow Enterprise | Supported |
| Contact Center AI | Supported |
| Document AI | Supported |
| Intelligent products (preview) | Supported |
| Product Discovery | Supported |
| Notebook LM | Not supported |
| API Management | |
| Apigee API Management | Not supported |
| Apigee Integration | Not supported |
| Apigee Hybrid | Not supported |
| AppSheet Automation | Supported |
| AppSheet | Supported |
| Apigee Open Banking APIx | Not supported |
| Apigee Sense | Not supported |
| HealthAPIx | Supported |
| Cloud Healthcare API | Supported |
| API Gateway | Supported |
| Compute | |
| App Engine |
Conditionally supported: Limits
Note: This limit applies to creating Compute instances outside of the normal Compute service, as well as with Vertex Workbenches in the GCP AI sandbox. Restrictions
|
| Bare Metal Solution | |
| Batch | |
| Compute Engine | |
| Migrate to Virtual Machines | |
| Spot VMs | |
| Recommender | |
| Shielded VMs | |
| Sole-tenant Nodes | |
| SQL Server on Google Cloud | |
| VMware Engine | |
| Cloud Run |
Conditionally supported (in addition to the above):
|
| Containers | |
| Artifact Registry | Supported |
| Cloud Build |
Conditionally supported:
|
| Container Registry | Supported |
| Container Security | Supported |
| Google Kubernetes Engine (GKE) |
Conditionally supported:
|
| Knative | Supported |
| Kubernetes applications on Google Cloud Marketplace | Supported |
| Data Analytics | |
| BigQuery | Supported |
| Looker | |
| Dataproc | |
| Dataflow | |
| Pub/Sub | |
| Cloud Data Fusion | |
| Data Catalog | |
| Cloud Composer | |
| Dataprep | |
| Dataplex | |
| Analytics Hub | |
| Looker Studio | |
| Google Marketing Platform | |
| Cloud Life Sciences (beta) | |
| Earth Engine | |
| BigLake | |
| Databases | |
| AlloyDB for PostgreSQL | Supported |
| Cloud Bigtable | Supported |
| Cloud Spanner |
Conditionally supported:
|
| Cloud SQL |
Conditionally supported:
See instructions to create compliant SQL instances. |
| Database Migration Service | Supported |
| Firestore | Supported |
| Firebase Realtime Database | Supported |
| Memorystore | Supported |
| Datastream | Supported |
| Developer Tools | |
| Assured Open Source Software | Supported |
| Cloud Code | |
| Cloud Scheduler | |
| Cloud SDK | |
| Cloud Source Repositories | |
| Cloud Tasks | |
| Cloud Workstations | |
| Firebase Crashlytics | |
| Firebase Test Lab | |
| Google Cloud Deploy | |
| Gradle App Engine Plugin | |
| Maven App Engine Plugin | |
| Tekton | |
| Tools for Eclipse | |
| Tools for PowerShell | |
| Financial Services | |
| Payment Gateway | Supported |
| Healthcare and Life Sciences | |
| Apigee healthcare APIx | Not supported |
| Device Connect for FitBit | Supported |
| Healthcare Natural Language AI | Supported |
| Medical Image Suite | Supported |
| Hybrid and Multicloud | |
| Anthos |
Conditionally supported:
|
| Cloud Run for Anthos | Not supported |
| Migrate to Containers | Supported |
| Google Distributed Cloud | Supported |
| Internet of Things (IoT) | |
| Edge TPU | Supported |
| IoT Core | |
| Management Tools | |
| Anthos Config | Not supported |
| Anthos Service Mesh | Not supported |
| Carbon Footprint | Supported |
| Cloud APIs |
Conditionally supported: Restricted APIs
|
| Cloud Console | Supported |
| Cloud Mobile App | Supported |
| Cloud Shell | Supported |
| Config Connector | Supported |
| Cost Management | Supported |
| Deployment Manager | Deprecated |
| Service Catalog | Supported |
| Terraform on Google Cloud | Supported |
| Media and Gaming | |
| Live Stream API | Supported |
| OpenCue | |
| Transcoder API | |
| Video Stitcher API | |
| Migration | |
| Application migration | Supported |
| BigQuery Data Transfer Service | |
| Cloud Foundation Toolkit | |
| Migration Center | |
| Transfer Appliance | |
| Networking | |
| Cloud Armor | Supported |
| Cloud CDN | |
| Cloud Domains | |
| Cloud DNS | |
| Cloud IDS | |
| Cloud Load Balancing | |
| Cloud NAT | |
| Hybrid Connectivity | |
| Media CDN | |
| Network Connectivity Center | |
| Network Intelligence Center | |
| Network Service Tiers | |
| Private Service Connect | |
| Service Directory | |
| Spectrum Access Systems (SAS) | |
| Traffic Director | |
| Virtual Private Cloud (VPC) | |
| Operations | |
| Cloud Logging | Supported |
| Cloud Monitoring | |
| Cloud Profiler | |
| Cloud Trace | |
| Cloud Error Reporting | |
| Security and Identity | |
| Access Transparency | Supported |
| Assured Workloads | Supported |
| Cloud Asset Inventory | Supported |
| Cloud Data Loss | Supported |
| Cloud Key Management | Supported |
| Confidential Computing | Supported |
| Cloud Firewall | Supported |
| Secret Manager | Supported |
| VPC Service Controls | Supported |
| Security Command Center | Supported |
| Cloud Identity | Supported |
| Identity-Aware Proxy | Not supported |
| Identity and Access Management | Not supported |
| Managed Service for Microsoft Active Directory | Supported |
| Policy Intelligence | Supported |
| Software Delivery Shield | Supported |
| BeyondCorp Enterprise | Supported |
| Certificate Authority Service | Supported |
| Titan Security Key | Supported |
| reCAPTCHA Enterprise | Supported |
| Identity Platform | Supported |
| Web Risk | Supported |
| Mandiant Threat Intelligence | Supported |
| Mandiant Attack Surface Management | Supported |
| Mandiant Digital Threat Monitoring | Supported |
| Mandiant Security Validation | Supported |
| Mandiant Ransomware Defense Validation | Supported |
| Virus Total | Supported |
| Chronicle SIEM | Supported |
| Chronicle SOAR | Supported |
| Mandiant Automated Defense | Supported |
| Mandiant Managed Detection and Response | Supported |
| Mandiant Breach Analytics for Chronicle | Supported |
| Mandiant Incident Response Services | Supported |
| Mandiant Consulting Services | Supported |
| Mandiant Expertise on Demand | Supported |
| Mandiant Academy | Supported |
| Serverless Computing | |
| Cloud Functions |
Conditionally supported:
|
| Workflows | Supported |
| Storage | |
| Storage Transfer Service | Supported |
| Cloud Storage | |
| Cloud Storage for Firebase | |
| Filestore | |
| Google Workspace Essentials Local SSD | |
| Persistent Disk | |
| Google Cloud Backup and DR | |
| Additional Google products | |
| Google Workspace | Supported |
| Google Maps Platform | Supported |
| Chrome Enterprise | Supported |
| Other | |
| Google Cloud Support | Not supported |
| Billing | Not supported |
Google SQL instances
The Google default machine type does not comply with our Terms of Use (opens in new tab). You are permitted to run a maximum of four Google SQL instances. When creating a SQL instance, follow these steps to ensure your instance complies with our terms:
- On the Google Cloud dashboard, click Cloud SQL in the navigation menu.
- Click Create instance and choose your database engine.
- For MySQL or PostgreSQL, under Choose a Cloud SQL edition, select Enterprise.
- Scroll down to Customize your instance and click Show configuration options.
- Expand Machine configuration. Under Machine shapes, choose 2vCPU, 8 GB or smaller.
- Expand Storage. Under Storage capacity, you may choose up to 100 GB of storage.
- Click Create instance.