Using core Virtual Private Cloud (VPC) functionality
Firewall
-
Using VPC firewall rules
Create and modify VPC firewall rules. Specify these rules at the network level.
-
Using hierarchical firewall policies
Create and modify hierarchical firewall policies. Specify these policy rules at the organization and folder levels.
-
Using Firewall Rules Logging
See which firewall rules affected your traffic.
VPC network sharing and peering
-
Provisioning Shared VPC
Set up a Shared VPC host project, assign service projects, and set up permissions for sharing a network with other projects.
-
Deprovisioning Shared VPC
Disassociate Shared VPC service projects from a host project. Disable a project as a host project.
-
Using VPC Network Peering
Configure two networks as peers or disconnect existing peers.
Configuring VM IP addresses and interfaces
-
Reserving static internal IP addresses
Reserve a static internal IP address. Assign a particular internal IP address to a Google Cloud resource. (Docs are hosted in the Compute Engine documentation.)
-
Reserving static external IP addresses
Reserve a static external IP address. Assign a particular external IP address to a Google Cloud resource. (Docs are hosted in the Compute Engine documentation.)
-
Configuring alias IP ranges
Assign a range of IP addresses to a Compute Engine virtual machine (VM) instance for use by containers or other services running on the VM.
-
Creating instances with multiple network interfaces
Configure a Compute Engine VM instance with more than one network interface so that it can be used as a virtual appliance that links VPC networks.
Packet Mirroring
Logging and monitoring
-
Using VPC Flow Logs
View traffic flow logs and metrics.
-
Using Firewall Rules Logging
See which firewall rules affected your traffic.
-
Viewing VPC audit logs
View audit logs for VPC resources.
-
Using Serverless VPC Access audit logging
View the audit logs created by Serverless VPC Access as part of Cloud Audit Logs.
Special configurations
-
Configuring Private Google Access
Allow VM instances in your VPC network subnet to reach Google APIs even if the VMs don't have external IP addresses.
-
Configuring Private Google Access for on-premises hosts
Enable your on-premises hosts to reach Google APIs and services through a Cloud VPN tunnel or Cloud Interconnect connection. Hosts don't need an external IP address.
-
Configuring private services access
Establish a private connection to services made available to your VPC network on internal IP addresses.
-
Configuring Serverless VPC Access
Connect from Cloud Run, Cloud Functions, and the App Engine standard environment directly to your VPC network.
-
Configuring VMs for networking use cases
Set up a Compute Engine VM instance as a network appliance.