Optionally, if you want to use Virtual Private Cloud (VPC) in the environment in which your product's service runs, you must complete the following steps to integrate Google Cloud Marketplace reporting with VPC. By default, the Compute Engine virtual machines (VMs) in your VPC can only communicate internally. You must configure one of the VMs to communicate externally, so that the rest of the VMs in your VPC can use it for reporting.
Before you begin
- Set up your preferred implementation of VPC in your service environment. For steps to set up VPC, visit Create and modify Virtual Private Cloud (VPC) networks.
- Ensure that you have the Compute Network Admin Identity and Access Management (IAM) role for your Google Cloud project.
Set up Private Google Access
To enable your product's Compute Engine virtual machines (VMs) to communicate externally for reporting purposes, you must set up Private Google Access. For more information about configuring Private Google Access, refer to Configuring Private Google Access.
Enable Private Google Access for your service environment.
Configure DNS to resolve requests to
private.googleapis.com
.Create a custom route for Google APIs:
- For Name, specify
route-google-apis-services
. - For Network, select your VPC.
- For Destination IP range, specify
199.36.153.8/30
. - For Priority, specify
0
. - For Instance tags, specify
google-apis-services
. - For Next hop, select Default internet gateway.
- For Name, specify
Create a VPC firewall rule to enable your product to communicate with Google APIs:
- For the Name, specify
google-apis-services
. - For the Description, specify
Allow egress traffic to Google APIs and services
. - Enable firewall rules logging.
- For Network, select your VPC.
- For Direction of traffic, select Egress.
- For the Action on match, select Allow.
- For Targets, select
Specified target tags
, and then for Target tags, specifygoogle-apis-services
. - For the Destination filter, select
IPv4 ranges
, and for the Destination IPv4 ranges, specify199.36.153.8/30
. - For Protocols and ports, select
Allow all
.
- For the Name, specify
In Google Cloud console, select the VM you want to use to report your product's usage. Under Network tags, add
google-apis-services
, and click SAVE.Under Network interfaces, locate your VPC's network interface.
In the Subnetwork column, click the subnet link. From the Subnet details page, click Edit, and set Private Google Access to On.
Click Save.