Serverless VPC Access enables you to connect from your App Engine app directly to your VPC network, allowing access to Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address.
Serverless VPC Access supports communication to VPC networks connected via Cloud VPN and VPC Network Peering. Serverless VPC Access does not support legacy networks or Shared VPC.
Connecting to your VPC network
Connecting an App Engine app to your VPC network involves two steps:
Creating a connector
A Serverless VPC Access connector handles communication to your VPC network. A connector must be in the same project and region as the app that uses it, but the connector can send traffic to resources in different regions. Multiple App Engine services can use the same connector.
See Configuring Serverless VPC Access for step-by-step instructions on how to create a Serverless VPC Access connector.
Configuring your app to use a connector
After you have created a Serverless VPC Access connector, you can configure the services in your App Engine app to use the connector. Multiple services can use the same connector.
To connect your connector to a service in your app:
Add the
vpc_access_connectorsection to your service'sapp.yamlfile:vpc_access_connector: name: "projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME"
Where
PROJECT_IDis your Google Cloud project's ID, andREGIONandCONNECTOR_NAMEare the region and name you chose when you created the connector. Note that your connector and app must be in the same region.Deploy the service:
gcloud app deploy
After you deploy your service, it is able to send requests to internal IP addresses in order to access resources in your VPC network.
Disconnecting your app from a connector
If your app no longer needs to connect to your VPC network, you can disconnect the Serverless VPC Access connector.
Remove the
vpc_access_connectorsection from your service'sapp.yamlfile.Re-deploy the service:
gcloud app deploy