1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Implementing a GCP Virtual Private Cloud (VPC)

Configuring API Access

Start course
Duration1h 15m


Please note: this course has been replaced with an updated version which can be found here.


This course guides you through the key steps to configure a Google Cloud Platform virtual private cloud (VPC), which allows you to connect your GCP services with one another securely.

After a brief introduction, the course begins with how to set up and configure VPCs, including VPC peering and shared VPC. You'll learn how to configure routes, set up cloud NAT (network address translation), and configure VPC-native clusters in Kubernetes, before rounding off the course by looking at VPC firewalls. The topics in this course are accompanied by demonstrations on the platform in order to show you how these concepts apply to real-world scenarios.

If you have any feedback, questions, or queries relating to this course, please feel free to contact us at support@cloudacademy.com.

Learning Objectives

  • Configure Google Cloud Platform VPC resources
  • Configure VPC peering and API access
  • Create shared VPCs
  • Configure internal static and dynamic routing, as well as NAT
  • Configure and maintain Google Kubernetes Engine clusters
  • Configure and maintain VPC firewalls

Intended Audience

This course is intended for:

  • Individuals who want to learn more about Google Cloud networking, who may also have a background in cloud networking with other public cloud providers
  • Individuals who simply want to widen their knowledge of cloud technology in general


To get the most from this course, you should already have experience in public cloud and networking as well as an understanding of GCP architecture.


For the next section, we're gonna talk about how you can configure API access to access Google resources privately, publicly, using a NAT Gateway or even a Proxy Gateway.

The first thing I wanna bring up, there's a chart online that we'll link to (https://cloud.google.com/vpc/docs/private-access-options), and it's Private Google Access. And what that allows you to do is allows your VM instances to connect to Google services without an external IP address. So things like BigQuery, Bigtable, there's a few, quite a few of the Google services out there that you can use Google APIs without having a Public IP address. So that's the first one.

So the next option in GCP is private services access. And the difference between private API access and private services access is that the service access allows you to connect to your network directly to another provider's network to communicate privately over the RFC 1918 address range.

So for example, if I had a web application that I wanted you to maintain for me or work on, and I didn't wanna expose it at all to the internet, I could then share my address phrase with that web application to your specific VPC Network that you've shared with me. And we can connect them together, and then you will be able to work on it.

So for the next thing, we're gonna talk about an Instance-based NAT. And I'll give you an example with this one. Let's say you need to set up your VPC network so that only one instance can get out to the internet. What you can do is through that one instance, you can have all of your other instances on your network.

So for example, if I have one instance that can get out to the internet and I have three that cannot, instead of paying for three external IP addresses, I can pay for one. Then I can have those other three instances use the external IP address of the one instance that has access to the internet.

So ultimately, that instance would be the proxy server to the outside world. And it's a good thing to use if you wanna save on paying external IP addresses. That's one way you could do it. But this is just one example of how you can use an instance-based NAT within GCP.

A few other things you could do as well, let's say you don't wanna use Google Cloud VPN option, you can actually set up a virtual machine and then use install your VPN software on that and configure it that way so that you can also use that actual instance as your VPN Gateway. You can also migrate instance-based NAT to cloud NAT if you need to, as well. So you have a lot of flexibility.

It's, you know, with Compute Engine and the networking capabilities built within GCP, you could pretty much set it up any way you want is just a lot of other options overall when you're looking at Google services versus the services that you can install and set up on your own virtual machine.

About the Author

Mark has many years of experience working with Google Cloud Platform and also holds eight GCP certifications.