I am planning to implement VPC Service Control perimeter on my GCP project, allowing access to Google APIs. Based on documentation, I need to set up DNS records to restricted.googleapis.com with specific IP range (199.36.153.4, 199.36.153.5, 199.36.153.6, 199.36.153.7).
To my understanding, this traffic does not reach internet and stays in Google's network.
My question is - how about using VPC Service Control together with Private Service Connect? I was thinking of creating an endpoint for Google services (type VPC-SC) and then have *.googleapis.com and even restricted.googleapis.com DNS records pointing to the private IP of that endpoint within my VPC.
I am just wondering if that makes sense and if it brings any benefit compared to just using DNS records and routing to route traffic toward restricted.googleapis.com?
Thank you and best regards, Bostjan
