只有內部 IP 位址 (沒有外部 IP 位址) 的 VM 執行個體可以使用私人 Google 存取權。這些執行個體可以連線至 Google API 與服務的外部 IP 位址。封包的來源 IP 位址可以是網路介面的主要內部 IP 位址,也可以是分配給介面的別名 IP 範圍中的位址。如果您停用私人 Google 存取權,VM 執行個體無法再連線至 Google API 與服務,只能在虛擬私人雲端網路內傳送流量。
私人 Google 存取權不影響具有外部 IP 位址的執行個體。根據網際網路存取需求條件,具有外部 IP 位址的執行個體可存取網際網路。這些執行個體不需要任何特殊設定,即可將要求傳送至 Google API 和服務的外部 IP 位址。
您可以根據不同的子網路來決定是否啟用該子網路的私人 Google 存取權;這是虛擬私人雲端網路中的子網路設定。如要啟用子網路的私人 Google 存取權以及查看需求條件,請參閱「設定私人 Google 存取權」。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-05 (世界標準時間)。"],[],[],null,["# Private Google Access\n=====================\n\nVM instances that only have internal IP addresses (no external IP addresses) can\nuse Private Google Access. They can reach the external IP addresses of Google\nAPIs and services. The source IP address of the packet can be the primary\ninternal IP address of the network interface or an address in an alias IP range\nthat is assigned to the interface. If you disable Private Google Access, the\nVM instances can no longer reach Google APIs and services; they can only send\ntraffic within the VPC network.\n\nPrivate Google Access has no effect on instances that have external IP\naddresses. Instances with external IP addresses can access the internet,\naccording to the [internet access\nrequirements](/vpc/docs/vpc#internet_access_reqs). They don't need any special\nconfiguration to send requests to the external IP addresses of Google APIs and\nservices.\n\nYou enable Private Google Access on a subnet by subnet basis; it's a setting\nfor subnets in a VPC network. To enable a subnet for\nPrivate Google Access and to view the requirements, see [Configure\nPrivate Google Access](/vpc/docs/configure-private-google-access).\n\nSupported services\n------------------\n\nPrivate Google Access lets you access [Google APIs and\nservices](/vpc/docs/configure-private-google-access#domain-options)\nthat are hosted in Google's production infrastructure.\n\nOther Google services are hosted in VPC networks and can be\naccessed by using the following methods:\n\n- To connect to services that are published using the\n [Service Networking API](/service-infrastructure/docs/service-networking/reference/rest),\n see [private services access](/vpc/docs/private-services-access).\n\n- To connect to services that are published using\n [Private Service Connect](/vpc/docs/configure-private-service-connect-producer), see [Access managed services](/vpc/docs/configure-private-service-connect-services).\n\nExample\n-------\n\nThe following diagram shows an implementation of Private Google Access.\n[](/static/vpc/images/private-google-access.svg) Implementation of Private Google Access (click to enlarge).\n\nThe VPC network has been configured to meet the [DNS, routing,\nand firewall network requirements](/vpc/docs/configure-private-google-access#config)\nfor Google APIs and services. Private Google Access has been enabled on\n`subnet-a`, but not on `subnet-b`.\n\n- `VM A1` can access Google APIs and services, including Cloud Storage,\n because its network interface is located in `subnet-a`, which has\n Private Google Access enabled. Private Google Access applies to the instance\n because it only has an internal IP address.\n\n- `VM B1` **cannot** access Google APIs and services because it only has an\n internal IP address and Private Google Access is disabled for `subnet-b`.\n\n- `VM A2` and `VM B2` can both access Google APIs and services, including\n Cloud Storage, because they each have external IP addresses.\n Private Google Access has no effect on whether or not these instances can\n access Google APIs and services because both have external IP addresses.\n\nWhat's next\n-----------\n\n- To configure Private Google Access, see [Configure\n Private Google Access](/vpc/docs/configure-private-google-access)."]]