Methods to Prevent External IP Addresses for Compute Engine Application Instances
Question
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage.
You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F. G.BE.
To ensure that none of the application instances have external IP addresses while accessing BigQuery and Cloud Storage, we can use the following two methods:
A. Enable Private Google Access on all the subnets: Private Google Access allows instances to access Google Cloud services like BigQuery and Cloud Storage using internal IP addresses instead of external IP addresses. By enabling Private Google Access on all the subnets where the application instances are running, we can ensure that they use only internal IP addresses to communicate with the required services, and no external IP addresses are assigned to them.
B. Enable Private Services Access on the VPC: Private Services Access enables us to create private connections between VPC networks and Google APIs and services using internal IP addresses. By enabling Private Services Access on the VPC where the application instances are running, we can ensure that they use only internal IP addresses to communicate with the required services, and no external IP addresses are assigned to them.
C. Create network peering between your VPC and BigQuery: Network peering enables VPC networks to communicate with each other using private IP addresses. By creating network peering between the VPC where the application instances are running and the VPC where BigQuery is running, we can ensure that the communication between the two networks happens using private IP addresses, and no external IP addresses are assigned to the application instances.
D. Create a Cloud NAT, and route the application traffic via NAT gateway: Cloud NAT enables instances that do not have external IP addresses to access the internet or other Google Cloud services. By creating a Cloud NAT and routing the application traffic via the NAT gateway, we can ensure that the application instances do not have external IP addresses and can still access the required services.
In summary, the two methods that can be used to ensure that none of the application instances have external IP addresses are enabling Private Google Access on all the subnets and enabling Private Services Access on the VPC.
