Also read - Private Subnets in GCP and Azure Private Links versus Private Endpoints

Overview

The default setting for a VM instance is to have an ephemeral external IP address ( This behavior can be changed with a policy constraint at the organization or project level).

How do you ensure that a VM is a) In a Private Subnet and b) Does not have an external IP Address?

Once you have a private subnet (see post linked above), you can ensure that the NICs on your VMs are all private as shown below.

Ensure the VM is private (Network Interfaces, External IP)

  1. Click Management -> security -> disks -> networking -> sole tenancy.
  2. Click Networking
  3. For Network interfaces, click the pencil icon to edit.
  4. Specify the following, and leave the remaining settings as their defaults:
    Property Value (type value or select option as specified)
    Network privatenet
    Subnetwork privatenet-us
    External IP None




Need an experienced Cloud Security Expert? 
Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.