According to several sources I found on the internet it is not possible to connect google cloud functions to a restricted Compute Engine Instance via internal IP only (e.g. https://groups.google.com/forum/#!topic/gce-discussion/HEn5P9PJzYQ ). Is this really still the case? My setup looks as follows:
I now restricted via firewall rules the compute engine instance to only internal traffic (10.128.0.0/9). My app engine still could connect to the compute engine instance, my cloud functions though, now were not able to connect anymore. I tried to find further information on how to use this with VPC but couldn't find anything which led me to the solution. I switched back to public IP usage and using redis auth to protect the data, but I am still not happy with this solution (in AWS it is far more easy - I can select a VPC which is able to communicate via lambda). Not only I see security issues, but also unnecessary network traffic [not sure if I get charged - in AWS this would be case]. Did I miss something or does this "feature" is really missing?
Thanks a lot in advance!
Google Cloud uses the following labels to describe different IP address types. For example, an internal IP address is not publicly routed. An external IP address is a publicly routed IP address. You can assign an external IP address to the network interface of a Google Cloud VM.
To connect to an instance without an external IP address, use the gcloud compute ssh command with the --internal-ip flag. In the Google Cloud console, go to the VM Instances page and find the internal IP address for the instance that you want to connect to. Connect to the instance.
Related products and services. Google Cloud is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for their own consumer products, such as Google Search, Gmail, and YouTube. The list of available Google Cloud services is long—and it keeps growing.
You must be running your App Engine app as a flexible environment app, which is built on top of Compute Engine instances. App Engine standard environment and Cloud Functions are on different networks than Compute Engine currently and cannot use VPN or VPC functionality to connect between them.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With