Connecting to a VPC network

This page shows how to use Serverless VPC Access to connect your App Engine standard environment app directly to your VPC network, allowing access to Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address.

To use Serverless VPC Access, you must first create a Serverless VPC Access connector to handle communication to your VPC network. After you create a connector, you configure your App Engine services to use the connector.

Creating a Serverless VPC Access connector

For detailed instructions on creating Serverless VPC Access connectors, refer to Creating a connector.

Configuring your app to use a connector

After you have created a Serverless VPC Access connector, you can configure the services in your App Engine app to use the connector.

To specify a connector for a service in your app:

1. Add the vpc_access_connector section to your service's app.yaml file:

   vpc_access_connector:
     name: projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME
   

   Where PROJECT_ID is your Cloud project ID, REGION is the region your connector is in, and CONNECTOR_NAME is the name of your connector.

2. Deploy the service:

   gcloud app deploy
   

After you deploy your service, it is able to send requests to internal IP addresses in order to access resources in your VPC network. To disconnect a service from a VPC network, remove the vpc_access_connector section from the app.yaml file and re-deploy the service.

Connecting to a Shared VPC network

If your organization uses Shared VPC, an app in a Shared VPC service project can connect to a Shared VPC network.

1. Make sure an administrator of the host project completes the setup described at Configuring the host project if using Shared VPC.

2. Create the Shared VPC connector following the instructions at Creating a connector.

3. Specify the connector in your app.yaml file using the connector's fully-qualified name:

   vpc_access_connector:
     name: projects/SERVICE_PROJECT_ID/locations/CONNECTOR_REGION/connectors/CONNECTOR_NAME
   

   Where SERVICE_PROJECT_ID is the ID of the service project, CONNECTOR_REGION is the region the connector is in, and CONNECTOR_NAME is the name of the connector.

   This connects your App Engine service to the Shared VPC network.

Next steps

• Learn more about Serverless VPC Access.
• Learn how to connect to Memorystore from the App Engine standard environment.