Google Cloud Function connection to Google Compute Engine via internal IP

Question

According to several sources I found on the internet it is not possible to connect google cloud functions to a restricted Compute Engine Instance via internal IP only (e.g. https://groups.google.com/forum/#!topic/gce-discussion/HEn5P9PJzYQ ). Is this really still the case? My setup looks as follows:

• google cloud functions as API (public)
• google app engine flexible for some python application (should be private)
• google compute engine instance with redis (should be private)

I now restricted via firewall rules the compute engine instance to only internal traffic (10.128.0.0/9). My app engine still could connect to the compute engine instance, my cloud functions though, now were not able to connect anymore. I tried to find further information on how to use this with VPC but couldn't find anything which led me to the solution. I switched back to public IP usage and using redis auth to protect the data, but I am still not happy with this solution (in AWS it is far more easy - I can select a VPC which is able to communicate via lambda). Not only I see security issues, but also unnecessary network traffic [not sure if I get charged - in AWS this would be case]. Did I miss something or does this "feature" is really missing?

Thanks a lot in advance!

Answer 1

You must be running your App Engine app as a flexible environment app, which is built on top of Compute Engine instances. App Engine standard environment and Cloud Functions are on different networks than Compute Engine currently and cannot use VPN or VPC functionality to connect between them.