According to several sources I found on the internet it is not possible to connect google cloud functions to a restricted Compute Engine Instance via internal IP only (e.g. https://groups.google.com/forum/#!topic/gce-discussion/HEn5P9PJzYQ ). Is this really still the case? My setup looks as follows:
- google cloud functions as API (public)
- google app engine flexible for some python application (should be private)
- google compute engine instance with redis (should be private)
I now restricted via firewall rules the compute engine instance to only internal traffic (10.128.0.0/9). My app engine still could connect to the compute engine instance, my cloud functions though, now were not able to connect anymore. I tried to find further information on how to use this with VPC but couldn't find anything which led me to the solution. I switched back to public IP usage and using redis auth to protect the data, but I am still not happy with this solution (in AWS it is far more easy - I can select a VPC which is able to communicate via lambda). Not only I see security issues, but also unnecessary network traffic [not sure if I get charged - in AWS this would be case]. Did I miss something or does this "feature" is really missing?
Thanks a lot in advance!
