Private VM in GCP

Also read - Private Subnets in GCP and Azure Private Links versus Private Endpoints

Overview

The default setting for a VM instance is to have an ephemeral external IP address ( This behavior can be changed with a policy constraint at the organization or project level).

How do you ensure that a VM is a) In a Private Subnet and b) Does not have an external IP Address?

Once you have a private subnet (see post linked above), you can ensure that the NICs on your VMs are all private as shown below.

Ensure the VM is private (Network Interfaces, External IP)

Click Management -> security -> disks -> networking -> sole tenancy.
Click Networking
For Network interfaces, click the pencil icon to edit.
Specify the following, and leave the remaining settings as their defaults:

Property Value (type value or select option as specified)

Network privatenet

Subnetwork privatenet-us

External IP None

Property	Value (type value or select option as specified)
Network	privatenet
Subnetwork	privatenet-us
External IP	None

Need an experienced Cloud Security Expert?
Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.

No Comments Yet

Leave a Reply Cancel reply