Python 2.7 ha raggiunto la fine del supporto
e verrà ritirato
il 31 gennaio 2026. Dopo il ritiro, non potrai eseguire il deployment di applicazioni Python 2.7, anche se la tua organizzazione ha utilizzato in precedenza un criterio dell'organizzazione per riattivare i deployment di runtime legacy. Le tue applicazioni Python 2.7 esistenti continueranno a essere eseguite e a ricevere traffico dopo la
data di ritiro. Ti consigliamo di eseguire la migrazione all'ultima versione supportata di Python.
Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
I servizi in uscita, come le API URL Fetch, Sockets e Mail, utilizzano
un ampio pool di indirizzi IP. Gli intervalli di indirizzi IP in questo pool sono soggetti a
modifiche di routine. Infatti, due chiamate API sequenziali dalla stessa applicazione potrebbero
sembrare provenire da due indirizzi IP diversi.
Se devi conoscere gli indirizzi IP associati al traffico in uscita dal tuo servizio, puoi trovare gli intervalli di indirizzi IP attuali per il tuo servizio o configurare un indirizzo IP statico per il tuo servizio.
Indirizzi IP per i servizi App Engine
Puoi trovare gli intervalli di indirizzi IP attuali per i tuoi servizi App Engine
in base alle informazioni sugli intervalli IP pubblicate da Google:
Google pubblica l'elenco completo degli intervalli IP che mette a disposizione degli utenti su internet in goog.json.
Google pubblica anche un elenco di intervalli di indirizzi IP esterni globali e regionali disponibili per le risorse Google Cloud dei clienti in cloud.json.
Gli indirizzi IP utilizzati dalle API e dai servizi Google rientrano
nell'elenco degli intervalli calcolati sottraendo tutti gli intervalli in cloud.json
da quelli in goog.json. Questi elenchi vengono aggiornati di frequente.
Puoi utilizzare il seguente script Python per creare un elenco di intervalli di indirizzi IP
che includono quelli utilizzati dalle API e dai servizi Google.
Per informazioni sull'esecuzione di questo script, vedi Come
eseguire.
from__future__importprint_functionimportjsontry:fromurllibimporturlopenexceptImportError:fromurllib.requestimporturlopenfromurllib.errorimportHTTPErrorimportnetaddrIPRANGE_URLS={"goog":"https://www.gstatic.com/ipranges/goog.json","cloud":"https://www.gstatic.com/ipranges/cloud.json",}defread_url(url):try:returnjson.loads(urlopen(url).read())except(IOError,HTTPError):print("ERROR: Invalid HTTP response from %s"%url)exceptjson.decoder.JSONDecodeError:print("ERROR: Could not parse HTTP response from %s"%url)defget_data(link):data=read_url(link)ifdata:print("{} published: {}".format(link,data.get("creationTime")))cidrs=netaddr.IPSet()foreindata["prefixes"]:if"ipv4Prefix"ine:cidrs.add(e.get("ipv4Prefix"))if"ipv6Prefix"ine:cidrs.add(e.get("ipv6Prefix"))returncidrsdefmain():cidrs={group:get_data(link)forgroup,linkinIPRANGE_URLS.items()}iflen(cidrs)!=2:raiseValueError("ERROR: Could process data from Google")print("IP ranges for Google APIs and services default domains:")foripin(cidrs["goog"]-cidrs["cloud"]).iter_cidrs():print(ip)if__name__=="__main__":main()
Configura un indirizzo IP in uscita statico
Per configurare un indirizzo IP statico per il servizio dell'ambiente standard App Engine, utilizza
l'accesso VPC serverless
con router Cloud e Cloud NAT. Utilizzando
l'accesso VPC serverless, puoi inviare il traffico in uscita alla tua
rete Virtual Private Cloud (VPC). Utilizzando un gateway di conversione degli indirizzi di rete (NAT) sul tuo VPC, puoi instradare il traffico App Engine tramite un indirizzo IP dedicato.
Il routing del traffico tramite Cloud NAT non causa un hop aggiuntivo nello stack di rete, poiché il gateway Cloud NAT e il router Cloud forniscono solo un control plane e i pacchetti non passano attraverso il gateway Cloud NAT o il router Cloud.
Non è possibile configurare indirizzi IP statici in uscita per il traffico inviato utilizzando il servizio
URL Fetch. Il traffico inviato utilizzando il servizio URL Fetch continuerà a utilizzare
il pool di indirizzi IP pubblici. Se vuoi che tutto il traffico in uscita utilizzi un indirizzo IP statico,
disattiva il recupero URL predefinito
e interrompi qualsiasi utilizzo esplicito della libreria urlfetch.
I seguenti passaggi mostrano come configurare un indirizzo IP statico in uscita per il servizio
dell'ambiente standard di App Engine.
Assicurati di disporre del ruolo
roles/compute.networkAdmin
o di un ruolo personalizzato con le stesse autorizzazioni.
Crea una subnet all'interno della rete VPC per il traffico
di App Engine. Ciò garantisce che altre risorse nella tua rete VPC non possano utilizzare l'indirizzo IP statico.
ROUTER_NAME con un nome per la risorsa
router Cloudr che vuoi creare.
NETWORK_NAME con il nome della tua rete VPC.
REGION con la regione in cui vuoi creare un gateway NAT.
Prenota un indirizzo IP statico.
Questo è l'indirizzo che il tuo servizio utilizzerà per inviare il traffico in uscita. Una risorsa
indirizzo IP riservato conserva l'indirizzo IP sottostante quando la risorsa a cui è associata viene eliminata e ricreata. Questo indirizzo IP
viene conteggiato ai fini delle quote di indirizzi IP statici nel tuo progetto Google Cloud .
ORIGIN_IP_NAME con il nome che vuoi assegnare
alla risorsa indirizzo IP.
REGION con la regione in cui verrà eseguito il router Cloud NAT. Idealmente, la stessa regione del servizio App Engine per ridurre al minimo la latenza e i costi di rete.
Crea un gateway Cloud NAT e specifica il tuo indirizzo IP.
Il traffico proveniente dalla tua subnet passerà attraverso questo gateway e utilizzerà
l'indirizzo IP statico che hai prenotato nel passaggio precedente.
Per impostazione predefinita, i servizi App Engine che utilizzano l'accesso VPC serverless inviano solo il traffico interno alla tua rete VPC. Per inviare traffico con destinazioni esterne alla tua rete VPC in modo che abbia l'indirizzo IP statico che hai specificato, devi modificare l'impostazione di uscita.
Specifica l'impostazione di uscita nel file
app.yaml
per il tuo servizio:
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-04 UTC."],[[["\u003cp\u003eOutbound traffic from App Engine services uses a pool of IP addresses that change routinely, and sequential API calls might originate from different IP addresses.\u003c/p\u003e\n"],["\u003cp\u003eYou can find the current IP address ranges for your App Engine services from two Google-published lists: \u003ccode\u003egoog.json\u003c/code\u003e for all Google IPs and \u003ccode\u003ecloud.json\u003c/code\u003e for Google Cloud resources.\u003c/p\u003e\n"],["\u003cp\u003eTo use a static IP address for your App Engine service's outbound traffic, configure Serverless VPC Access with Cloud Router and Cloud NAT.\u003c/p\u003e\n"],["\u003cp\u003eSetting up a static outbound IP involves creating a subnet, connecting your service to it, creating a Cloud Router, reserving a static IP, and then creating a Cloud NAT gateway, with the caveat that URL Fetch services cannot use this method.\u003c/p\u003e\n"],["\u003cp\u003eAfter setting up the correct cloud components, the egress setting must be changed to \u003ccode\u003eall-traffic\u003c/code\u003e in your \u003ccode\u003eapp.yaml\u003c/code\u003e to ensure all external traffic is sent through your VPC network.\u003c/p\u003e\n"]]],[],null,["# Outbound IP addresses for App Engine services\n\nOutbound services, such as the URL Fetch, Sockets, and Mail APIs, make use of\na large pool of IP addresses. The IP address ranges in this pool are subject to\nroutine changes. In fact, two sequential API calls from the same application may\nappear to originate from two different IP addresses.\n\n\nIf you need to know the IP addresses associated with outbound traffic from your\nservice, you can either find the current IP address ranges for your service, or\nset up a static IP address for your service.\n\nIP addresses for App Engine services\n------------------------------------\n\n\u003cbr /\u003e\n\nYou can find the current IP address ranges for your App Engine services\nbased on IP range information that Google publishes:\n\n- Google publishes the complete list of IP ranges that it makes available to\n users on the internet in [goog.json](https://www.gstatic.com/ipranges/goog.json).\n\n- Google also publishes a list of global and regional external IP addresses\n ranges available for customers' Google Cloud resources in\n [cloud.json](https://www.gstatic.com/ipranges/cloud.json).\n\nThe IP addresses used by Google APIs and services fit\nwithin the list of ranges computed by taking away all ranges in `cloud.json`\nfrom those in `goog.json`. These lists are updated frequently.\n\nYou can use the following Python script to create a list of IP address ranges\nthat include those used by Google APIs and services.\n\nFor information about running this script, see [How to\nrun](https://github.com/GoogleCloudPlatform/networking-tools-python/tree/main/tools/cidr#how-to-run). \n\n from __future__ import print_function\n\n import json\n\n try:\n from urllib import urlopen\n except ImportError:\n from urllib.request import urlopen\n from urllib.error import HTTPError\n\n import netaddr\n\n IPRANGE_URLS = {\n \"goog\": \"https://www.gstatic.com/ipranges/goog.json\",\n \"cloud\": \"https://www.gstatic.com/ipranges/cloud.json\",\n }\n\n\n def read_url(url):\n try:\n return json.loads(urlopen(url).read())\n except (IOError, HTTPError):\n print(\"ERROR: Invalid HTTP response from %s\" % url)\n except json.decoder.JSONDecodeError:\n print(\"ERROR: Could not parse HTTP response from %s\" % url)\n\n\n def get_data(link):\n data = read_url(link)\n if data:\n print(\"{} published: {}\".format(link, data.get(\"creationTime\")))\n cidrs = netaddr.IPSet()\n for e in data[\"prefixes\"]:\n if \"ipv4Prefix\" in e:\n cidrs.add(e.get(\"ipv4Prefix\"))\n if \"ipv6Prefix\" in e:\n cidrs.add(e.get(\"ipv6Prefix\"))\n return cidrs\n\n\n def main():\n cidrs = {group: get_data(link) for group, link in IPRANGE_URLS.items()}\n if len(cidrs) != 2:\n raise ValueError(\"ERROR: Could process data from Google\")\n print(\"IP ranges for Google APIs and services default domains:\")\n for ip in (cidrs[\"goog\"] - cidrs[\"cloud\"]).iter_cidrs():\n print(ip)\n\n\n if __name__ == \"__main__\":\n main()\n\n| **Note:** In the past, Google Cloud published a list of IP address ranges in the `_spf.google.com` DNS TXT record (and the records it referenced). While this DNS TXT record continues to be accurate for [SPF\n| purposes](https://support.google.com/a/answer/33786), it does not contain the complete set of possible IP address ranges used by Google APIs and services.\n\n\u003cbr /\u003e\n\nSet up a static outbound IP address\n-----------------------------------\n\nTo set up a static IP address for your App Engine standard environment service, use\n[Serverless VPC Access](/vpc/docs/serverless-vpc-access)\nwith Cloud Router and [Cloud NAT](/nat/docs). By using\nServerless VPC Access, you can send egress traffic to your\nVirtual Private Cloud (VPC) network. By using a network address\ntranslation (NAT) gateway on your VPC, you can route\nthe App Engine traffic through a dedicated IP address.\n\nRouting your traffic through Cloud NAT does not cause an additional hop in\nyour networking stack since the Cloud NAT gateway and the Cloud Router\nprovide only a control plane and the packets do not pass through the\nCloud NAT gateway or the Cloud Router.\n\n\nStatic outbound IP addresses cannot be configured for traffic sent using the\nURL Fetch service. Traffic sent using the URL Fetch service will continue to use\nthe public IP address pool. If you want all of your outbound traffic to use a\nstatic IP address,\n[disable the URL Fetch default](/appengine/docs/legacy/standard/python/sockets#making_httplib_use_sockets)\nand discontinue any explicit use of the `urlfetch` library.\n| **Note:** Serverless VPC Access and Cloud NAT can both incur costs. Review [Serverless VPC Access pricing](/vpc/pricing#serverless-vpc-pricing) and [Cloud NAT pricing](/vpc/network-pricing#nat-pricing).\n\nThe following steps show how to set up a static outbound IP address for your\nApp Engine standard environment service.\n\n1. Make sure that you have the\n [roles/compute.networkAdmin](/iam/docs/understanding-roles#compute-engine-roles)\n role or a custom role with the same permissions.\n\n2. Create a subnetwork (subnet) inside your VPC network for\n App Engine traffic. This ensures that other resources in your\n VPC network cannot use the static IP address.\n\n ```bash\n gcloud compute networks subnets create SUBNET_NAME \\\n --range=RANGE \\\n --network=NETWORK_NAME \\\n --region=REGION\n ```\n\n In the command above, replace:\n - \u003cvar translate=\"no\"\u003eSUBNET_NAME\u003c/var\u003e with a name you want to give to the subnet.\n - \u003cvar translate=\"no\"\u003eRANGE\u003c/var\u003e with the [IP range](/vpc/docs/subnets#manually_created_subnet_ip_ranges) in CIDR format you want to assign to this subnet (e.g. `10.124.0.0/28`)\n - \u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e with the name of your VPC network.\n - \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e with the region of your App Engine service.\n3. Connect your App Engine service to the subnet.\n\n Follow the guide\n [Connecting to a VPC network](/appengine/docs/legacy/standard/python/connecting-vpc),\n and specify the name of the subnet you created in the previous step for the\n connector subnet.\n4. Create a new Cloud Router. Cloud Router is a necessary control plane\n component for Cloud NAT.\n\n ```bash\n gcloud compute routers create ROUTER_NAME \\\n --network=NETWORK_NAME \\\n --region=REGION\n ```\n\n In the command above, replace:\n - \u003cvar translate=\"no\"\u003eROUTER_NAME\u003c/var\u003e with a name for the Cloud Router resource you want to create.\n - \u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e with the name of your VPC network.\n - \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e with the region in which you want to create a NAT gateway.\n5. Reserve a static IP address.\n\n This is the address that your service will use to send outgoing traffic. A\n reserved IP address resource retains the underlying IP address when the\n resource it is associated with is deleted and re-created. This IP address\n counts towards the static IP address quotas in your Google Cloud project. \n\n ```bash\n gcloud compute addresses create ORIGIN_IP_NAME \\\n --region=REGION\n ```\n\n In the command above, replace:\n - \u003cvar translate=\"no\"\u003eORIGIN_IP_NAME\u003c/var\u003e with the name you want to assign to the IP address resource.\n - \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e with the region that will run the Cloud NAT router. Ideally the same region as your App Engine service to minimize latency and network costs.\n\n Use the [`compute addresses describe` command](/sdk/gcloud/reference/compute/addresses/describe)\n to view the result: \n\n ```\n gcloud compute addresses describe ORIGIN_IP_NAME\n ```\n6. Create a Cloud NAT gateway and specify your IP address.\n\n Traffic originating from your subnet will go through this gateway and use\n the static IP address that you reserved in the previous step. \n\n ```bash\n gcloud compute routers nats create NAT_NAME \\\n --router=ROUTER_NAME \\\n --region=REGION \\\n --nat-custom-subnet-ip-ranges=SUBNET_NAME \\\n --nat-external-ip-pool=ORIGIN_IP_NAME\n \n ```\n\n In the command above, replace:\n - \u003cvar translate=\"no\"\u003eNAT_NAME\u003c/var\u003e with a name for the Cloud NAT gateway resource you want to create.\n - \u003cvar translate=\"no\"\u003eROUTER_NAME\u003c/var\u003e with the name of your Cloud Router.\n - \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e with the region in which you want to create a NAT gateway.\n - \u003cvar translate=\"no\"\u003eORIGIN_IP_NAME\u003c/var\u003e with the name of the reserved IP address resource you created in the previous step.\n7. Set the Serverless VPC Access\n [egress setting](/appengine/docs/legacy/standard/python/connecting-vpc#egress)\n to `all-traffic`.\n\n By default, App Engine services that use\n Serverless VPC Access only send internal traffic to your\n VPC network. In order to send traffic with external\n destinations to your VPC network so that it will have the\n static IP address that you specified, you must change the egress setting.\n\n\n Specify the egress setting in the\n [`app.yaml`](/appengine/docs/legacy/standard/python/config/appref)\n file for your service:\n\n \u003cbr /\u003e\n\n ```yaml\n vpc_access_connector:\n name: projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/locations/\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e/connectors/\u003cvar translate=\"no\"\u003eCONNECTOR_NAME\u003c/var\u003e\n egress_setting: all-traffic\n ```\n\n \u003cbr /\u003e\n\n Replace:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with your Google Cloud project ID.\n - \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e with the region your connector is in.\n - \u003cvar translate=\"no\"\u003eCONNECTOR_NAME\u003c/var\u003e with the name of your connector.\n\n Deploy the service: \n\n ```bash\n gcloud app deploy\n ```"]]