Connecting to a VPC network

This page shows how to use Serverless VPC Access to connect Cloud Functions directly to your VPC network, allowing access to Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address.

To use Serverless VPC Access, you must first create a Serverless VPC Access connector to handle communication to your VPC network. After you create a connector, you configure your Cloud Functions to use the connector.

Note that Serverless VPC Access connectors do not support the ICMP protocol.

Creating a Serverless VPC Access connector

For detailed instructions on creating Serverless VPC Access connectors, refer to Creating a connector.

Configuring a function to use a connector

You can configure a function to use a connector from the Google Cloud Console or the gcloud command-line tool:

Console

  1. Go to the Cloud Functions overview page in the Cloud Console:

    Go to Cloud Functions

  2. Click Create function. Alternatively, click an existing function to go to its details page, and click Edit.

  3. Expand the advanced settings by clicking RUNTIME, BUILD AND CONNECTIONS SETTINGS.

  4. In the Connections tab under Egress settings, enter the name of your connector in the VPC connector field, or clear the field to disconnect your service from a VPC network.

gcloud

Use the gcloud functions deploy command to deploy the function and specify the --vpc-connector flag:

gcloud functions deploy FUNCTION_NAME \
--vpc-connector CONNECTOR_NAME \
FLAGS...

where:

  • FUNCTION_NAME is the name of your function.
  • CONNECTOR_NAME is the name of your connector.
  • FLAGS... refers to other flags you pass during function deployment.

Use the --clear-vpc-connector flag to to disconnect your function from a VPC network:

gcloud functions deploy FUNCTION_NAME \
--clear-vpc-connector \
FLAGS...

For more control over which requests are routed through the connector, see Egress settings.

Connecting to a Shared VPC network

If your organization uses Shared VPC, a Cloud Function in a Shared VPC service project can connect to a Shared VPC.

  1. Make sure an administrator of the host project completes the setup described at Configuring the host project if using Shared VPC.

  2. Create the Shared VPC connector following the instructions at Creating a connector.

  3. Deploy a function in your service project specifying the connector name:

    gcloud functions deploy FUNCTION_NAME \
    --vpc-connector CONNECTOR_NAME \
    FLAGS...
    

    This connects your function to the Shared VPC network.

Next steps