Python 2 is no longer supported by the community. We recommend that you migrate Python 2 apps to Python 3.

Connecting to a VPC network

Serverless VPC Access enables you to connect from your App Engine app directly to your VPC network, allowing access to Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address.

Serverless VPC Access supports communication to VPC networks connected via Cloud VPN and VPC Network Peering. Serverless VPC Access does not support legacy networks or Shared VPC.

Connecting to your VPC network

Connecting an App Engine app to your VPC network involves two steps:

  1. Create a Serverless VPC Access connector.
  2. Configure your App Engine services to use the connector.

Creating a connector

A Serverless VPC Access connector handles communication to your VPC network. A connector must be in the same project and region as the app that uses it, but the connector can send traffic to resources in different regions. Multiple App Engine services can use the same connector.

See Configuring Serverless VPC Access for step-by-step instructions on how to create a Serverless VPC Access connector.

Configuring your app to use a connector

After you have created a Serverless VPC Access connector, you can configure the services in your App Engine app to use the connector. Multiple services can use the same connector.

To connect your connector to a service in your app:

  1. Add the vpc_access_connector section to your service's app.yaml file:

    vpc_access_connector:
      name: "projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME"
    

    Where PROJECT_ID is your Google Cloud project's ID, and REGION and CONNECTOR_NAME are the region and name you chose when you created the connector. Note that your connector and app must be in the same region.

  2. Deploy the service:

    gcloud app deploy
    

After you deploy your service, it is able to send requests to internal IP addresses in order to access resources in your VPC network.

Disconnecting your app from a connector

If your app no longer needs to connect to your VPC network, you can disconnect the Serverless VPC Access connector.

  1. Remove the vpc_access_connector section from your service's app.yaml file.

  2. Re-deploy the service:

    gcloud app deploy
    

Next steps