2019 : Networking secrets in Google cloud
1 min readJun 20, 2019
- Private Google Access enables VM instances with only internal (private) IP addresses (no external IP addresses) to reach the public IP addresses of Google Services
- The DNS records for Google APIs and services always point to external IP addresses.
- Private Google access : allow VMs with internal IP addresses to reach the external IP addresses of Google APIs and services.
- The traffic path from VM that is using Private Google Access to the Google APIs remains within Google’s network.
- Private Google Access requires a default internet gateway route.
- Look for a route whose destination is
0.0.0.0/0and whose next hop is default internet gateway. - Stackdriver Logging captures all API requests made from VM instances.
- Log entries identify the source of API request using Private IP of VM.
- Enabling or disabling Private Google Access has no effect on instances with External IP addresses.
- With Private Google Access turned off, the default internet gateway route only applies to instances that have external IP addresses.
- When you enable Private Google Access for a subnet, instances in the subnet use the route to send traffic to Google APIs and GCP services.
