A Shared Virtual Private Cloud (VPC) is a feature within Google Cloud that enables organizations to connect resources from multiple projects to a common network infrastructure. This shared network, hosted within a designated “host project,” allows secure and efficient communication among resources using internal IP addresses. Service projects, attached to the host project’s network, can utilize specific subnets for their instances.
This setup offers a balance between centralized control over network resources, such as subnets and firewalls, and decentralized administration of instances within individual service projects. By segregating administrative responsibilities, organizations can enforce consistent access control policies, enhance security, and manage costs effectively.
Configuration
- Enable host project:
Permission compute.organizations.enableXpnHost is required to configure a project as “host”.
- select subnets to share:
- attach service project(s):
The Compute Engine API should be enable for a “service” project attach to a “host” project.
Testing
- shared vpc view from the service account:
- when creating a compute instance, the “networks shared with me” option is available:
