Can an App Engine Flexible app use a custom VPC?
> You should be able to use VPC with App Engine Flex, as you can check in the following documentation[1]. You can config the network instance access by following the setup documentation[2].
Can an App Engine Flexible app use a shared VPC defined in another project?
> Unfortunately, it is not possible to share VPC, and you can confirm this limitation in the following section[3].
“In a service project, App Engine Flexible resources cannot participate in Shared VPC.”
Can an App Engine Flexible app use a Cloud VPN connection?
> Yes, since the App Engine flex uses the Compute Engine structure, you’re allowed to implement a VPN connection. You can find more details regarding the VPN connections in the following documentation[4], and the differences between App Engine Flex and Compute Engine in the following[5].
Can an App Engine Flexible app use a Cloud VPN connection set up in another project? If so, is that implemented with a shared VPC or peered VPCs?
>Yes, you can provide a connection between two App Engine application or projects by using VPC, as you can confirm in the following[6].
I hope that makes things clearer for you. In the meantime, if you have any additional comments, questions, or concerns about your issue don’t hesitate to reply as I would be happy to help you.
[1] https://cloud.google.com/vpc/docs/vpc
[2]https://cloud.google.com/appengine/docs/flexible/nodejs/reference/app-yaml#network_settings
[3] https://cloud.google.com/vpc/docs/shared-vpc#ineligible_resources
[4] https://cloud.google.com/vpn/docs/concepts/overview
[6] https://cloud.google.com/vpc/docs/vpc-peering#key_properties
- Only directly peered networks can communicate. Transitive peering is not supported. In other words, if VPC network N1 is peered with N2 and N3, but N2 and N3 are not also directly connected, VPC network N2 cannot communicate with VPC network N3 over the peering.
Hello Mark,
Yes that is correct, as this document states:
“The following types of endpoints/resources are NOT propagated to directly peered networks:
- Static routes
- VPNs “
You would need to setup Cloud VPN connections to every project that needs a VPN.