This page shows how to use Serverless VPC Access to connect Cloud Functions directly to your VPC network, allowing access to Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address.
To use Serverless VPC Access, you must first create a Serverless VPC Access connector to handle communication to your VPC network. After you create a connector, you configure your Cloud Functions to use the connector.
Creating a Serverless VPC Access connector
For detailed instructions on creating Serverless VPC Access connectors, refer to Creating a connector.
Configuring a function to use a connector
You can configure a function to use a connector from the Google Cloud Console
gcloud command-line tool:
Go to the Cloud Functions overview page in the Cloud Console:
Click Create function. Alternatively, click an existing function to go to its details page, and click Edit.
Expand the advanced settings by clicking Variables, networking and advanced settings.
In the Connections tab, enter the name of your connector in the VPC connector field, or clear the field to disconnect your service from a VPC network.
gcloud functions deploy command to deploy the function
and specify the
gcloud functions deploy FUNCTION_NAME \ --vpc-connector CONNECTOR_NAME \ FLAGS...
FUNCTION_NAMEis the name of your function.
CONNECTOR_NAMEis the name of your connector.
FLAGS...refers to other flags you pass during function deployment.
flag to to disconnect your function from a VPC network:
gcloud functions deploy FUNCTION_NAME \ --clear-vpc-connector \ FLAGS...
For more control over which requests are routed through the connector, see Egress settings.
Connecting to a Shared VPC network
- Make sure an administrator of the host project completes the setup described at Using a Shared VPC network. This setup includes creating a Serverless VPC Access connector in the host project and attaching it to the Shared VPC network.
Enable the Serverless VPC Access API in your service project:
After the host project setup is complete, when you deploy a function in your service project, you can specify the host project's connector using the connector's fully-qualified name:
gcloud functions deploy FUNCTION_NAME \ --vpc-connector projects/HOST_PROJECT_ID/locations/CONNECTOR_REGION/connectors/CONNECTOR_NAME \ FLAGS...
This connects your function to the Shared VPC network.
- Learn more about Serverless VPC Access.
- Learn how to connect to Memorystore from Cloud Functions.
- Learn more about Cloud Functions network settings.
- Learn how to use VPC Service Controls with Cloud Functions.