Virtual private clouds in the Google Cloud Platform allow even complex network infrastructures to be created quickly and easily. But as any IT manager will confirm, fast does not always mean right – and that is a problem in the cloud, especially when it comes to security. In this workshop, we will therefore show you which on-board tools ensure security. In the third and final part, we describe how to protect serverless workloads, use Private Service Connect, and implement efficient monitoring and logging.
Protecting serverless workloads
In addition to virtual machines, serverless workloads (Cloud Functions, Cloud Run or App Engine) also need access to a VPC from time to time. This often goes hand in hand with the desire to isolate all network traffic from the internet. The former can be achieved with ‘VPC Serverless Access’ and the latter requirement can be implemented for Cloud Functions and Cloud Run at least. To do this, you must first reserve a /28 subnet in the corresponding VPC.
Then, based on this, you deploy the Serverless VPC Access Connector. With its help, you can ultimately access VPC resources, managed Google resources such as Cloud SQL or Memory with private IP addresses, or local networks if hybrid connectivity is available. Once the Serverless VPC Access Connector is in place, you can tighten up your security. This is because it is now possible to ensure that all incoming and outgoing network traffic can only run via the connector, thus preventing access via public IP addresses.
You can read the full article online in the IT Administrator Portal.
