This lab walks you through GCP Virtual Private Cloud (VPC) creation using Custom subnet creation mode.
Make sure, you have completed the previous lab about Building VPC using Auto subnet creation mode. This lab is in continuation of the previous lab. If you have not completed the previous lab, we recommend you complete the previous lab first.
In this lab, we will create and use Firewall rules manually.
Duration: 45 minutes
Whenever any custom mode VPC network is created, no subnets are created automatically. This type of network setup helps you with customized settings over its subnets and IP ranges. You can decide the regions in which subnet has to be created and the range of IP Address.
VM instances that only have internal IP addresses and no external IP address, can use Private Google Access to reach the external IP address of Google services. Enabling Private Google Access helps you save your egress traffic costs.
In case you have disabled the Private Google Access, now VM instances can no longer access Google services, they will be able to send traffic within the VPC network, if you still want to access Google services then you have to configure external IP Address.
Private Google Access has no impact on instances that have external IP addresses too. Instances with an external IP address will access the web. They do not need any explicit setup to send requests to the external IP address of Google Apis and services.
You can enable Private Google Access on a subnet by subnet basis, not on the whole network, it is a setting for subnets in a VPC network.
A Firewall Rule has been created to allow egress to
0.0.0.0/0 mainly for Google APIs and services.
VM A1 located in the subnet-a can access the Google APIs and services because subnet-a has Private Google Access enabled and it has no external IP address which can be disabled while configuring Networking Interface for VM Instance, You can set the external IP address to None. By default, it is set to Ephemeral.
VM B1 located in subnet-b cannot access Google APIs and services because it only has an internal IP address and Private Google Access is disabled for subnet-b.
VM A2 and VM B2 can both access Google APIs and services because they each have external IP addresses. Turning on Private Google Access will have no effect because both already have external IP addresses.
Login into GCP Console.
Creating a VPC using the Custom mode.
Choosing Private Google Access.
Creating a VM Instance and Test.