Configuring Private Google Access on subnetworks
TypeScriptTo configure Private Google Access on Google Cloud Platform (GCP) subnetworks, you would use Pulumi to provision a
Subnetwork
resource and enable theprivateIpGoogleAccess
property. Private Google Access allows VM instances on a subnetwork to reach Google APIs and services using an internal IP address rather than going through the public internet.Explanation
The following Pulumi program in TypeScript creates a new subnetwork in a specific region within an existing VPC network on GCP and configures it with Private Google Access enabled. We use the
gcp.compute.Subnetwork
resource from the Pulumi GCP provider which allows us to manage subnetworks within GCP.-
Subnetwork: The
Subnetwork
resource is created within a given VPC network and region. It includes theprivateIpGoogleAccess
property set totrue
to enable Private Google Access. The IP range for the subnetwork is defined in theipCidrRange
property. -
IP CIDR Range: The IP range provided must be a valid private IP range and must not overlap with other subnetworks in the same network.
Before running this Pulumi program, ensure you have selected the correct GCP project and have the necessary permissions to create and modify networking resources. This program assumes that the VPC network already exists and we are adding a new subnetwork to it.
Pulumi Program
import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; // Create a new Subnetwork with Private Google Access enabled const privateSubnet = new gcp.compute.Subnetwork("privateSubnet", { // The name of the subnetwork name: "my-private-subnet", // The region where the subnetwork will be created region: "us-central1", // The VPC network to which this subnetwork belongs network: "YOUR_EXISTING_VPC_NETWORK_NAME", // The range of internal addresses that are owned by this subnetwork ipCidrRange: "10.2.0.0/16", // Enable Private Google Access privateIpGoogleAccess: true, // Optionally, you can provide a description for the subnetwork description: "Subnetwork with Private Google Access enabled", // If you are setting up flow logs, uncomment the following and customize as needed // logConfig: { // aggregationInterval: "INTERVAL_5_SEC", // flowSampling: 0.5, // metadata: "INCLUDE_ALL_METADATA", // }, }); // Export the subnetwork self-link to access it later if needed export const subnetworkSelfLink = privateSubnet.selfLink;
In this example, replace
"YOUR_EXISTING_VPC_NETWORK_NAME"
with the name of your existing VPC network where you wish to create the new subnetwork. Also, make sure theipCidrRange
does not overlap with other ranges within the same VPC network.After running this Pulumi program, the output will provide you with the self-link of the created subnetwork, which you can use to reference this resource in subsequent operations or in other Pulumi programs.
For more information on the properties you can set on a
Subnetwork
, and what each property means, refer to the Pulumi GCP Provider documentation.-