Thanks Dan! Great info, and answers my questions. Just to clarify on the last question and your response, I understand that you can peer VPCs, but I don't believe you can share a VPN this way. E.g.,
- Project A VPC is peered to Project B VPC - Project B has a VPN - Project A cannot access the VPN via the peered VPC connection >From the last link you sent: > > - Only directly peered networks can communicate. Transitive peering is > not supported. In other words, if VPC network N1 is peered with N2 and N3, > but N2 and N3 are not also directly connected, VPC network N2 cannot > communicate with VPC network N3 over the peering. > > So for now it looks like I need to run a Cloud VPN connection to every project that needs VPN, since you cannot route to a VPN over peered VPCs, and App Engine Flexible environments cannot use shared VPCs at this time. On Friday, October 26, 2018 at 10:51:38 PM UTC-4, Dan S (Cloud Platform Support) wrote: > > Can an App Engine Flexible app use a custom VPC? > > > You should be able to use VPC with App Engine Flex, as you can check in > the following documentation[1]. You can config the network instance access > by following the setup documentation[2]. > > Can an App Engine Flexible app use a shared VPC defined in another project? > > > Unfortunately, it is not possible to share VPC, and you can confirm this > limitation in the following section[3]. > > “In a service project, App Engine Flexible resources cannot participate in > Shared VPC.” > > Can an App Engine Flexible app use a Cloud VPN connection? > > > Yes, since the App Engine flex uses the Compute Engine structure, you’re > allowed to implement a VPN connection. You can find more details regarding > the VPN connections in the following documentation[4], and the differences > between App Engine Flex and Compute Engine in the following[5]. > > Can an App Engine Flexible app use a Cloud VPN connection set up in > another project? If so, is that implemented with a shared VPC or peered > VPCs? > > >Yes, you can provide a connection between two App Engine application or > projects by using VPC, as you can confirm in the following[6]. > > I hope that makes things clearer for you. In the meantime, if you have any > additional comments, questions, or concerns about your issue don’t hesitate > to reply as I would be happy to help you. > > [1] https://cloud.google.com/vpc/docs/vpc > > [2] > https://cloud.google.com/appengine/docs/flexible/nodejs/reference/app-yaml#network_settings > > [3] https://cloud.google.com/vpc/docs/shared-vpc#ineligible_resources > > [4] https://cloud.google.com/vpn/docs/concepts/overview > > [5] > https://cloud.google.com/appengine/docs/the-appengine-environments#comparing_the_flexible_environment_to_compute_engine > > [6] https://cloud.google.com/vpc/docs/vpc-peering#key_properties > > > On Wednesday, October 24, 2018 at 3:53:29 PM UTC-4, Mark Drummond wrote: >> >> Hello everyone. I am trying to understand the interaction of App Engine >> apps, custom VPCs, and VPNs. After much googling and document reading I >> still don't have a clear picture here. >> >> 1. Can an App Engine Flexible app use a custom VPC? >> 2. Can an App Engine Flexible app use a shared VPC defined in another >> project? >> 3. Can an App Engine Flexible app use a Cloud VPN connection? >> 4. Can an App Engine Flexible app use a Cloud VPN connection set up >> in another project? >> 1. If so, is that implemented with a shared VPC or peered VPCs? >> >> As you might guess, I'm wondering whether my App Engine Flexible apps can >> communicate back to our head office over VPN, and if so how that is >> implemented. Initial thought was peered VPCs to a VPC that has an attached >> VPN but I found at least one note indicating that is not possible. Next >> thought was a shared VPC but found at least one note that said that would >> not work either (specifically with App Engine). >> >> - Mark >> >> The content of this message is subject to our e-mail confidentiality >> policy. <https://static.empire.ca/confidentiality/conf.html> >> Le contenu de ce message est assujetti à notre politique >> en matière de confidentialité des courriels. >> <https://static.empire.ca/confidentiality/conf.html> > > -- The content of this message is subject to our e-mail confidentiality policy. <https://static.empire.ca/confidentiality/conf.html> Le contenu de ce message est assujetti à notre politique en matière de confidentialité des courriels. <https://static.empire.ca/confidentiality/conf.html> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/2e5405c6-4ef3-4a8e-8108-da791bfee2d9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
