Skip to content

Instantly share code, notes, and snippets.

@thesaravanakumar

thesaravanakumar/vpc_connector.md

Last active November 10, 2022 14:47
Show Gist options
  • Save thesaravanakumar/838810307666079931b67d99436307b5 to your computer and use it in GitHub Desktop.
Save thesaravanakumar/838810307666079931b67d99436307b5 to your computer and use it in GitHub Desktop.
Download ZIP
Short overview for serverless vpc-connector (GCP)
Raw
vpc_connector.md

Serverless VPC Access

Connect directly to your VPC network from serverless environments such as Cloud Run, App Engine, or Cloud Functions. Configuring Serverless VPC Access allows your serverless environment to send requests to your VPC network using internal DNS and internal IP addresses

There are two main benefits to using Serverless VPC Access:

  • Requests sent to your VPC network are never exposed to the internet.
  • Communication through Serverless VPC Access can have less latency compared to the internet.

Private Google Access (sending over internal IP)

VM instances that only have internal IP addresses (no external IP addresses) can use Private Google Access. Private Google Access has no effect on instances that have external IP addresses.

How it works

Serverless VPC Access is based on a resource called a connector. A connector handles traffic between your serverless environment and your VPC network. When you create a connector in your Google Cloud project, you attach it to a specific VPC network and region.

Supported

  • services -> VPC, Shared VPC, Networks connected to Cloud Interconnect, Cloud VPN, VPC Network Peering.
  • serverless environments -> Cloud Run, Cloud Functions, App Engine standard environment (except PHP 5)
  • networking protocols -> TCP, UDP
  • regions -> All region

Throughput and scaling

A Serverless VPC Access connector consists of connector instances. Connector instances can use one of several machine types. Larger machine types provide more throughput. minimum is atleast 2 and maximum is atmost 10 (must be larger than the minimum)

Machine type Estimated throughput range in Mbps
f1-micro 100-500
e2-micro 200-1000
e2-standard-4 3200-16000

Use cases

  • Need to access a serverless service.
  • Your serverless workloads use third-party software that you run on a Compute Engine VM.
  • Need your serverless environment in a VM to communicate with this backend without exposure to the internet.
  • Your serverless environment needs to access data from your on-premises database through Cloud VPN.

Network tags

Every Serverless VPC Access connector automatically receives two network tags (sometimes called instance tags):

  • Universal network tag -> vpc-connector Applies to all existing connectors and any connectors made in the future
  • Unique network tag: vpc-connector-REGION-CONNECTOR_NAME -> Applies to the connector CONNECTOR_NAME in REGION

These network tags cannot be deleted. New network tags cannot be added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment