41
votes

I would like to develop a Google Cloud Function that will subscribe to file changes in a Google Cloud Storage bucket and upload the file to a third party FTP site. This FTP site requires whitelisted IP addresses of clients.

As such, it is possible to get a static IP address for Google Cloud Functions containers?

6

6 Answers

7
votes

See answer below -- it took a number of years, but this is now supported.

https://cloud.google.com/functions/docs/networking/network-settings#associate-static-ip

48
votes

Update: This feature is now available in GCP https://cloud.google.com/functions/docs/networking/network-settings#associate-static-ip


First of all this is not an unreasonable request, don't get gaslighted. AWS Lambdas already support this feature and have for awhile now. If you're interested in this feature please star this feature request: https://issuetracker.google.com/issues/112629904

Secondly, we arrived at a work-around which I also posted to that issue as well, maybe this will work for you too:

  • Setup a VPC Connector
  • Create a Cloud NAT on the VPC
  • Create a Proxy host which does not have a public IP, so the egress traffic is routed through Cloud NAT
  • Configure a Cloud Function which uses the VPC Connector, and which is configured to use the Proxy server for all outbound traffic

A caveat to this approach:

  • We wanted to put the proxy in a Managed Instance Group and behind a GCP Internal LB so that it would dynamically scale, but GCP Support has confirmed this is not possible because the GCP ILB basically whitelists the subnet, and the cloud function CIDR is outside that subnet

I hope this is helpful.

Update: Just the other day, they announced an early-access beta for this exact feature!!

"Cloud Functions PM here. We actually have an early-access preview of this feature if you'd like to test it out.

Please complete this form so we can add you..."

The form can be found in the Issue linked above.

4
votes

This functionality is now natively part of Google Cloud Functions (see here)

It's a two-step process according to the GCF docs:

Associating function egress with a static IP address In some cases, you might want traffic originating from your function to be associated with a static IP address. For example, this is useful if you are calling an external service that only allows requests from whitelisted IP addresses.

Route your function's egress through your VPC network. See the previous section, Routing function egress through your VPC network.

Set up Cloud NAT and specify a static IP address. Follow the guides at Specify subnet ranges for NAT and Specify IP addresses for NAT to set up Cloud NAT for the subnet associated with your function's Serverless VPC Access connector.

3
votes

For those wanting to associate cloud functions to a static IP address in order to whitelist the IP for an API or something of the sort I recommend checking out this step by step guide which helped me a lot: https://dev.to/alvardev/gcp-cloud-functions-with-a-static-ip-3fe9 .

I also want to specify that this solution works for Google Cloud Functions and Firebase Functions (as it is based on GCP).

2
votes
1
votes

It's not possible to assign a static IP for Google Cloud Functions, as it's pretty much orthogonal to the nature of the architecture being 'serverless' i.e. allocate and deallocate servers on demand.

You can, however, leverage a HTTP proxy to achieve a similar effect. Setup a Google Compute Engine instance, assign it a static IP and install a proxy library such as https://www.npmjs.com/package/http-proxy. You can then route all your external API calls etc through this proxy.

However, this probably reduces scale and flexibility, but it might be a workaround.