Log In

Google Cloud Private Service Connect

Private Service Connect (PSC) enables you to access Groq's API services through private network connections, eliminating exposure to the public internet. This guide explains how to set up Private Service Connect for secure access to Groq services.

Overview

Groq exposes its API endpoints in Google Cloud Platform as PSC published services. By configuring PSC endpoints, you can:

  • Access Groq services through private IP addresses within your VPC
  • Eliminate public internet exposure
  • Maintain strict network security controls
  • Minimize latency
  • Reduce data transfer costs
curl
Your VPC Network                 Google Cloud PSC                 Groq Network
+------------------+           +------------------+           +------------------+
|                  |           |                  |           |                  |
|  +-----------+   |           |                  |           |   +-----------+  |
|  |           |   |  Private  |     Service      |  Internal |   |   Groq    |  |
|  |   Your    |   | 10.0.0.x  |                  |           |   |   API     |  |
|  |   App     +---+--> IP <---+---> Connect <----+--> LB <---+---+ Service   |  |
|  |           |   |           |                  |           |   |           |  |
|  +-----------+   |           |                  |           |   +-----------+  |
|                  |           |                  |           |                  |
|  DNS Resolution  |           |                  |           |                  |
|  api.groq.com    |           |                  |           |                  |
|  -> 10.0.0.x     |           |                  |           |                  |
|                  |           |                  |           |                  |
+------------------+           +------------------+           +------------------+

Prerequisites

  • A Google Cloud project with Private Service Connect enabled
  • VPC network where you want to create the PSC endpoint
  • Appropriate IAM permissions to create PSC endpoints and DNS zones
  • Enterprise plan with Groq
  • Provided Groq with your GCP Project ID
  • Groq has accepted your GCP Project ID to our Private Service Connect

Setup

The steps below use us-central-1 as an example. Make sure you configure your system according to the region(s) you want to use.

1. Connect an endpoint

  1. Navigate to Network services > Private Service Connect in your Google Cloud Console
  2. Go to the Endpoints section and click Connect endpoint
    • Under Target, select Published service
    • For Target service, enter a published service target name.
    • For Endpoint name, enter a descriptive name (e.g., groq-api-psc)
    • Select your desired Network and Subnetwork
    • For IP address, create and select an internal IP from your subnet
    • Enable Global access if you need to connect from multiple regions
  3. Click Add endpoint and verify the status shows as Accepted

2. Configure Private DNS

  1. Go to Network services > Cloud DNS in your Google Cloud Console

  2. Create the first zone for groq.com:

    • Click Create zone
    • Set Zone type to Private
    • Enter a descriptive Zone name (e.g., groq-api-private)
    • For DNS name, enter groq.com.
    • Create an A record:
      • DNS name: api
      • Resource record type: A
      • Enter your PSC endpoint IP address
    • Link the private zone to your VPC network

  3. Create the second zone for groqcloud.com:

    • Click Create zone
    • Set Zone type to Private
    • Enter a descriptive Zone name (e.g., groqcloud-api-private)
    • For DNS name, enter groqcloud.com.
    • Create an A record:
      • DNS name: api.us-central-1
      • Resource record type: A
      • Enter your PSC endpoint IP address
    • Link the private zone to your VPC network

3. Validate the Connection

To verify your setup:

  1. SSH into a VM in your VPC network

  2. Test DNS resolution for both endpoints:

    curl
    dig +short api.groq.com
dig +short api.us-central-1.groqcloud.com

    Both should return your PSC endpoint IP address

  3. Test API connectivity (using either endpoint):

    curl
    curl -i https://api.groq.com
# or
curl -i https://api.us-central-1.groqcloud.com

    Should return a successful response through your private connection

Published Services

ServicePSC Target NamePrivate DNS Names
APIprojects/groq-pe/regions/me-central2/serviceAttachments/groqcloudapi.groq.com, api.me-central-1.groqcloud.com
APIprojects/groq-pe/regions/us-central1/serviceAttachments/groqcloudapi.groq.com, api.us-central-1.groqcloud.com

Troubleshooting

If you encounter connectivity issues:

  1. Verify DNS resolution is working correctly for both domains
  2. Check that your security groups and firewall rules allow traffic to the PSC endpoint
  3. Ensure your service account has the necessary permissions
  4. Verify the PSC endpoint status is Accepted
  5. Confirm the model you are requesting is operating in the target region

Further Reading

Was this page helpful?