Traffic towards Google API server to Internal VMs are supported by Private Google Access or not

0
votes

I have a GCE VM without external IP but Private Google Access enabled for that subnet where this VM deployed. Hence this VM can access Google APIs without external IP but does the Google API's will be able to find the VM's IP or hostname to post / get the data via HTTP/HTTPS.

The service account which we used to create this GCE VM has access to Google cloud service API(ex: cloud functions API) from which it expecting the data / API request.

So the questions is , Traffic towards Google API server to Internal VMs are supported by Private Google Access or not .

2
apigoogle-cloud-platformgoogle-apigoogle-cloud-functionsgoogle-cloud-networking

2 Answers

1
votes

Just found this feature from Google cloud that is Serverless VPC access, it solves this issue and it enables cloud function or any serverless environments to access Compute Engine VM instances and any other resources with an internal IP address .

https://cloud.google.com/vpc/docs/configure-serverless-vpc-access

0
votes

Yes, traffic towards Google API server to Internal VMs are supported by Private Google Access. By default, when a Compute Engine VM lacks an external IP address assigned to its network interface, it can only send packets to other internal IP address destinations. You can allow these VMs to connect to the set of external IP addresses used by Google APIs and services by enabling Private Google Access on the subnet used by the VM's network interface. Keep in mind Private Google Access has the following requirements