Private Google access enables virtual machine (VM) instances on a subnetwork to reach Google APIs and Services using an internal IP address rather than an external IP address. External IP addresses are routable and reachable over the Internet. Internal (private) IP addresses are internal to Google Cloud Platform and are not routable or reachable over the Internet. The services that can be reached include, but are not limited to:
- Cloud Spanner
- Google BigQuery
- Google Cloud Bigtable
- Google Cloud Dataproc
- Google Cloud Datastore
- Google Cloud Pub/Sub
- Google Cloud Storage
Google virtual networks and subnetworks in Google Cloud Platform (GCP) provide a logically isolated and secure network partition of the Google Cloud where you can launch Google Cloud resources.
In addition to user-managed cloud resources that you launch and manage yourself, Google offers a comprehensive set of Google-managed services including Cloud Storage, database, big data, analytics and machine learning services that can be accessed from within your virtual networks.
Before the introduction of Private Google access, GCP virtual machine instances could only have access to Google-managed services from an external IP address. An external IP address is routable and reachable over the Internet.
With the introduction of Private Google access, VM instances in a subnetwork can reach Google APIs, such as BigQuery, Cloud Bigtable, Cloud Dataproc, Cloud Datastore, Cloud Pub/Sub, Cloud Spanner, and Cloud Storage, without needing an external IP address. Instead, they can use their internal IP addresses to access Google-managed services. Read the section below on Accessible Services for information on internally accessible Google services.
Instances with external IP addresses are not affected when you enable the ability to access Google services from internal IP addresses. These instances can still connect to Google APIs and managed services.
Google services that you can reach using Private Google access include:
- The APIs listed in https://developers.google.com/apis-explorer/#p/
- Container registry services, a private Docker image repository on Google Cloud Platform
- In general, Cloud APIs, Google services, and Google properties that are accessible over http(s)
The Network pricing page documents the current charging model for Private Google access. Access to Google managed services is the same whether from internal IPs or external IPs.