1. Packages
  2. Packages
  3. Google Cloud (GCP) Classic
  4. How-to Guides
  5. GCP VM with Multiple NICs on Separate VPCs
Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
Schema (JSON)
pulumi/pulumi-gcp

GCP VM with Multiple NICs on Separate VPCs

gcp logo
Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
Schema (JSON)
pulumi/pulumi-gcp

    View Code

    This example provisions a Google Compute Engine VM with a configurable number of network interfaces, where each NIC is attached to its own dedicated VPC network and subnet. GCE requires that every NIC on a VM lives in a distinct VPC, so this example creates nicCount VPCs, one subnet per VPC, the matching firewall rules, and then wires all of them into a single gcp.compute.Instance via a dynamically-built networkInterfaces list.

    Use cases:

    • Multi-homed appliances (firewalls, NVAs, routers) that need a foot in several networks.
    • Connecting workloads that span a “management” VPC and one or more “data” VPCs.
    • Testing inter-VPC routing without VPC peering.

    Prerequisites

    1. Install Pulumi
    2. Configure GCP for Pulumi
    3. Install Node.js
    4. Access to the lumitorch Pulumi organization and the cloud-creds/gcp-dev-sandbox ESC environment (already referenced from Pulumi.yaml).

    Deploy

    Step 1: Install dependencies

    npm install

    Step 2: Initialize a stack in the lumitorch org

    pulumi stack init lumitorch/dev

    The stack inherits GCP credentials from the ESC environment cloud-creds/gcp-dev-sandbox declared in Pulumi.yaml, so you do not need to set gcp:project or run gcloud auth locally.

    Step 3 (optional): Tune the NIC count

    pulumi config set nicCount 4
pulumi config set machineType n2-standard-8   # n2-standard-8 supports up to 8 NICs

    GCE caps the number of NICs per VM by machine type — see Multiple network interfaces overview for the matrix.

    Step 4: Deploy

    pulumi up

    Outputs include the VM name, zone, and a nicSummary array showing each NIC’s network, subnetwork, internal IP, and (for NIC 0) external IP.

    Step 5: SSH in via IAP

    Only NIC 0 receives a public IP, and the firewall only opens port 22 to the IAP TCP forwarding range:

    gcloud compute ssh multi-nic-vm --zone $(pulumi stack output vmZone) --tunnel-through-iap

    Once inside, ip -br addr lists ens4, ens5, … — one interface per NIC.

    Clean Up

    pulumi destroy
pulumi stack rm

    Summary

    You built a GCE VM with a dynamic number of NICs, each on its own VPC, using Pulumi TypeScript and a Pulumi ESC environment for credentials. From here you can layer routes, add a second VM in any of the secondary VPCs, or swap the hardcoded Debian image for a network-appliance image.

    gcp logo
    Viewing docs for Google Cloud v9.23.0
    published on Thursday, May 7, 2026 by Pulumi
    Schema (JSON)
    pulumi/pulumi-gcp
      Try Pulumi Cloud free. Your team will thank you.