You recently developed an application. You need to call the Cloud Storage API from a Compute Engine instance that doesn't have a public IP address. What should you do?
Private Google Access allows your Compute Engine instances to access Google Cloud APIs and services without requiring a public IP address. It enables outbound connectivity to Google APIs and services using internal IP addresses.
A is not correct because Carrier Peering enables you to access Google applications, such as Google Workspace, by using a service provider to obtain enterprise-grade network services that connect your infrastructure to Google.
B is not correct because VPC Network Peering enables you to peer VPC networks so that workloads in different VPC networks can communicate in a private RFC 1918 space. Traffic stays within Google's network and doesn't traverse the public internet.
C is not correct because Shared VPC allows an organization to connect resources from multiple projects to a common VPC network so that they can communicate with each other securely and efficiently using internal IPs from that network.
D is correct because Private Google Access is an option available for each subnetwork. When it is enabled, instances in the subnetwork can communicate with public Google API endpoints even if the instances don't have external IP addresses.
D. Use Private Google Access
Private Google Access is a feature that enables access to Google Cloud APIs and services for instances that don't have a public IP address. With this feature, you can allow your Compute Engine instances in a VPC network to access Google services over the private IP addresses, without the need for a NAT gateway or VPN.
This feature is especially useful when you want to access Google APIs and services from an instance that doesn't have internet access or a public IP address. In this case, you can enable Private Google Access on the VPC network that your Compute Engine instances belong to, and they will be able to call the Cloud Storage API using the private IP address.
To enable Private Google Access, you can use the gcloud command-line tool, the Cloud Console, or the REST API. This feature is also available for other services like BigQuery and Cloud SQL as well, to access them from instances without a public IP address
D is the answer.
https://cloud.google.com/vpc/docs/private-google-access
VM instances that only have internal IP addresses (no external IP addresses) can use Private Google Access. They can reach the external IP addresses of Google APIs and services. The source IP address of the packet can be the primary internal IP address of the network interface or an address in an alias IP range that is assigned to the interface. If you disable Private Google Access, the VM instances can no longer reach Google APIs and services; they can only send traffic within the VPC network.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
__rajan__
7 months, 1 week agotelp
1 year, 3 months agoomermahgoub
1 year, 3 months agozellck
1 year, 4 months agotomato123
1 year, 8 months agoakshaychavan7
1 year, 8 months agoGCPCloudArchitectUser
2 years, 2 months agoscaenruy
2 years, 3 months agoBlueocean
2 years, 3 months ago