1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Implementing a GCP Virtual Private Cloud (VPC)

Configuring API Access Demonstration

Start course
Duration1h 15m


Please note: this course has been replaced with an updated version which can be found here.


This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.

After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.

If you have any feedback, questions, or queries relating to this course, please feel free to contact us at support@cloudacademy.com.

Learning Objectives

  • Configure Google Cloud Platform VPC resources
  • Configure VPC peering and API access
  • Create shared VPCs
  • Configure internal static and dynamic routing, as well as NAT
  • Configure and maintain Google Kubernetes Engine clusters
  • Configure and maintain VPC firewalls

Intended Audience

This course is intended for:

  • Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
  • Individuals who simply want to widen their knowledge of cloud technology in general


To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.


Okay, for the next section here, we're gonna talk about how you can set up a VPC network with the APIs, private APIs, public APIs, and also the VPC flow log.

So, let's jump into this a little more. When you look at creating a VPC network from the screen we're lookin' at, when you scroll down, I've gone ahead and put in a new name for a subnet called private sub. I've selected the address range along with the region. But when you get down here, there's an option for private Google access. So the default is off. And the same thing with the flow logs, the default is off.

The first thing I wanna say about both of these settings, it's per subnet. So if I hit Add subnet at the bottom, it's gonna give me a new subnet and those options are back to the default, so you can do, these settings are configured per subnet.

And then secondly, when you're going through these settings. The first one allows you. it's recommended to turn on private Google access because it gives you the ability to use tools like BigQuery, or Clouds Storage, any of those Google's services that require public IP addresses. You'll need to have this private Google access on, if you plan for your virtual machines or Kubernetes clusters to not have external IP addresses. So if you wanna have a private, you know, VM that's not on the internet, you'll need to check this on if you want to use some of those other Google services. And then with the VPC flow logs, when you turn this on, it flows all your inbound/outbound traffic from that subnet within this VPC into Stackdriver. So it's gonna give you all the insight, from a security forensic standpoint, you're gonna get all that data once you select VPC flow logs.

About the Author

Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.