You can find and edit information about a project's Looker (Google Cloud core) instances in the Google Cloud console.

Viewing instance information

Looker (Google Cloud core) instances that are associated with the selected Google Cloud project are listed on theInstances page in the Google Cloud console — including instances that are created by other users in your organization.

Required role

To view information on theInstances page, you must have theLooker Admin (roles/looker.admin) or theLooker Viewer (roles/looker.viewer) role.

You might also be able to get this permission withcustom roles or otherpredefined roles.

The Instances page

TheInstances page displays this information about each instance:

• Status:
  • A green circle with a check mark is shown if the instance was created successfully and is active.
  • A loading icon is shown if the instance creation is in progress.
• Name: The name of the instance that was provided by the instance creator when the instance was created. Click the name to navigate to theDetails tab, which shows additional information about the selected instance.

• Instance URL: The URL at which an instance using public secure connections can be accessed. By default, instance URLs take the formhttps://hostname.looker.app, where the hostname is randomly assigned. Click the URL to navigate to the instance.

  Note: If a Looker (Google Cloud core) instance uses private connections, a URL won't appear in this column. You must create acustom domain and then you can view the URL on theCustom domain tab.

• Version: The Looker version that's running on the instance.

• Region: The region in which the instance is hosted.

• Created Date: The date on which the instance was created.

Instance tabs

From theInstances page, click an instance's name to view more information about the instance. After you click the name, an instance configuration page appears with information in the following tabs:

• Details
• Custom domain
• Looker Studio Pro

Details tab

TheDetails tab shows additional instance metadata:

• Platform Edition: The instance'sedition. Options areStandard,Enterprise, andEmbed.
• Create Time: The time at which the instance was created.
• Update Time: The time at which the instance was most recently updated.
• Public IP Enabled: Whether the instance's network connection is enabled for public secure connections. If it's enabled,true is shown. If it's not enabled,false is shown.
• Private IP Enabled: Whether the instance's network connection is enabled forprivate connections (private services access) connection. If it's enabled,true is shown. If it's not enabled,false is shown. This setting showsfalse if the instance's network connection uses Private Service Connect.
• PSC Enabled: Whether the instance's network connection is enabled forPrivate Service Connect. If it's enabled,true is shown. If it's not enabled,false is shown.

• PSC Configuration: This setting appears ifPSC Enabled istrue, along with the following subsettings:

  • Looker Service Attachment URI: This setting displays the URI for the Private Service Connectservice attachment for Looker (Google Cloud core).
  • Allowed VPCs: This setting contains a list of the VPCs that haveauthorized northbound access into the Private Service Connect instance.

  • PSC Endpoint: This setting appears if the Looker (Google Cloud core) instance is using Private Service Connect to makeoutbound (egress) connections to published services. These subsettings are available:

    • Local FQDN: The fully qualified domain name of the published service that the instance is connecting to.
    • Target Service Attachment URI: Theservice attachment URI for the published service that the Looker (Google Cloud core) instance is connecting to.

    • Connection Status: The status of the connection, which can be one of the following:

      • ACCEPTED: Connection is established and functioning normally.
      • PENDING: Connection is not established (Looker tenant project hasn't been allowlisted).
      • NEEDS ATTENTION: Issue with target service attachment, such at NAT subnet is exhausted.
      • REJECTED: Connection is not established (Looker tenant project is explicitly in the reject list).
      • CLOSED: Target service attachment doesn't exist. This status is a terminal state.
      • UNKNOWN: Connection status is unspecified.

  • Controlled Egress Enabled: This field displaystrue if the Looker (Google Cloud core) instance is using the HTTPS protocol to connect to the Looker Marketplace or to an external service with a global FQDN. Otherwise, the field displaysfalse.

  • Controlled Egress Configuration: This section appears if a connection has been enabled to the Looker Marketplace or to a global FQDN. The following fields appear:

    • Marketplace Enabled: This field displaystrue if an egress connection to Looker Marketplace has been created; otherwise, it displaysfalse.
    • Egress FQDNs: This field displays the fully qualified domain names of any global FQDNs for which egress connections have been set up.
    • Egress IPs: This field displays the IP addresses that are used for internet egress traffic.

• Egress Public IP: This field provides information about instances with a public secure connection. It shows the egress public IP address, which was automatically assigned when the instance was created. If no value has been assigned,No value is shown.

• Ingress Public IP: This field provides information about instances with a public secure connection. It shows the ingress public IP address, which was automatically assigned when the instance was created.

• Ingress Private IP: This field provides information about instances with private connections that use private services access. It shows the ingress private IP address for the instance. If the instance was created with a public secure connection or with Private Service Connect,No value is shown.

• Associated Network: This field provides information about instances with private connections that use private services access. It shows the network that was selected to make a private connection. If the instance was created with public secure connections,No value is shown.

• Allocated IP Range: This field provides information about instances with private connections that use private services access. It shows the range of IP addresses that was assigned by the instance creator or by Google when the instance was created. If the instance was created with Private Service Connect or with a public secure connection,No value is shown.

• Email Domain Allowlist: TheEmail Domain Allowlist setting displays the email domains to which your Looker (Google Cloud core) users candeliver Looker content —Looks,dashboards,queries with visualizations — oralert notifications through email. By default, there are no domains in the allowlist at the time of instance creation, and Looker (Google Cloud core) users who have theappropriate Looker permissions to email content can email content to any domain. To limit content deliveries and alert notifications to email addresses from a specific domain,edit the instance configuration to restrict the domain(s) to which users can send emails. To learn more about the email domain allowlist and how it interacts with permissions and user attributes, see theEmail domain allowlist for scheduled content documentation.

  Note: By default, Looker (Google Cloud core) instances that use private connections or hybrid connections allow email deliveries to external domains. To restrict the domains to which Looker users can send email deliveries, set up an email domain allowlist.

• Maintenance Window: The day of the week and the hour in which Looker (Google Cloud core) schedules maintenance, if amaintenance window has been defined for your instance. Maintenance windows last for one hour. If a maintenance window has not been defined,No value is shown.

• Scheduled Maintenance: The scheduled date and time of upcomingmaintenance for your instance. If maintenance has not been scheduled,No value is shown.

• Deny Maintenance Period: A time period during which Looker (Google Cloud core) does not schedule maintenance, if adeny maintenance period has been configured for your instance.

  • Start Date: The start date for the deny maintenance period. If a deny maintenance period has not been scheduled,No value is shown.
  • End Date: The end date for the deny maintenance period. If a deny maintenance period has not been scheduled,No value is shown.
  • Time: The time at which the deny maintenance period begins and ends on the start date and end date you specified. If a deny maintenance period has not been scheduled,No value is shown.

• Last Deny Maintenance Period: The start date and end date for the most recent deny maintenance period. You must allow at least 14 days of maintenance availability between any two deny maintenance periods.

  • Start Date: The start date for the most recent deny maintenance period. If a deny maintenance period was not scheduled previously,No value is shown.
  • End Date: The end date for the deny maintenance period. If a deny maintenance period was not scheduled previously,No value is shown.
  • Time: The time at which the previous deny maintenance period began and ended on the start date and end date for that deny maintenance period. If a deny maintenance period was not scheduled previously,No value is shown.

• Encryption: This setting appears only if the instance was created withCMEK. When visible, it displays "Customer-managed encryption key (CMEK)" along with the key identifier and a link to the key. If the instance uses thedefault Google-managed encryption, this field is not shown. You may need aCloud KMS IAM role or permission onthe key that's being used to see the status of the CMEK encryption key.

• Export schedule: This field appears if ascheduled export job is configured for the instance. If it is configured, the daily start time appears in theStart time field. The time is represented as your local time.

• FIPS 140-2 Validated Encryption Enabled: This setting appears only if the instance is anEnterprise or anEmbed edition. When visible, it displays whether the Looker (Google Cloud core) in Looker instance is compliant with theFederal Information Processing Standard Publication (FIPS) 140-2 standard. If it's compliant,true is shown. If it's not compliant,false is shown.

• Gemini: Whether the Gemini in Looker is enabled for the instance. If it's enabled,true is shown. If it's not enabled,false is shown.

• Gemini AI Configuration: This setting appears ifGemini is enabled, along with the following subsettings:

  • Trusted Tester features: If it's enabled,true is shown. If it's not enabled,false is shown.
  • Trusted Tester data use: If it's enabled,true is shown. If it's not enabled,false is shown.

Custom domain tab

TheCustom domain tab provides an optional means to customize the URL to access the instance with acustom domain.

Looker Studio Pro tab

In theLooker Studio Pro tab, you canaccept the complimentary Looker Studio Pro licenses that have been allocated to your Looker (Google Cloud core) instance. If theAccept Looker Studio Pro licenses toggle is enabled, you have accepted the complimentary licenses.

This tab also indicates the name of the Google Cloud project that hosts your Looker Studio Pro subscription content.

Edit Looker (Google Cloud core) instance settings

Required role

To get the permissions that you need to edit Looker (Google Cloud core) instance settings, ask your administrator to grant you theLooker Admin (roles/looker.admin) IAM role on the project in which the instance was created. For more information about granting roles, seeManage access to projects, folders, and organizations.

You might also be able to get the required permissions throughcustom roles or otherpredefined roles.

Editing settings

To modify instance settings, select one of the following options:

gcloud looker instances update (INSTANCE_NAME : --region=REGION)    [--allowed-email-domains=[ALLOWED_EMAIL_DOMAINS,...]] [--async]    [--oauth-client-id=OAUTH_CLIENT_ID]    [--oauth-client-secret=OAUTH_CLIENT_SECRET] [--public-ip-enabled] [--no-public-ip-enabled]    [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE      --deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE      --deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME]    [--maintenance-window-day=MAINTENANCE_WINDOW_DAY      --maintenance-window-time=MAINTENANCE_WINDOW_TIME]    [--psc-service-attachment  domain=DOMAIN_1,attachment=SERVICE_ATTACHMENT_URI_1 \    --psc-service-attachment domain=DOMAIN_2,attachment=SERVICE_ATTACHMENT_URI_2 \]    [--psc-allowed-vpcs=ALLOWED_VPC_1,ALLOWED_VPC_2 ]    [--clear-psc-allowed-vpcs]

What's next

• Looker (Google Cloud core) admin settings
• One-time data import or export for a Looker (Google Cloud core) instance
• Delete or restart a Looker (Google Cloud core) instance