Serverless VPC Access in GCP Explained | Cloud Run, Connectors, and Private IPs
Cloud Run and Cloud Functions run on Google-managed infrastructure that sits outside your VPC by default. That is fine for most workloads. The problem starts when your code needs to connect to a Cloud SQL database with a private IP, a Redis cache in Memorystore, or an internal API running on a VM with no external IP. A Serverless VPC Access connector solves this. It acts as a dedicated bridge between the serverless runtime and your private network.
Simple explanation
Your Cloud Run service and your private database both live in Google Cloud, but they are not in the same part of Google’s network. Cloud Run runs on shared managed infrastructure that is not inside any VPC. Your private database lives inside your VPC: a private network you control, where resources only have private IP addresses.
Without a connector, traffic from Cloud Run cannot find a route to private IP addresses inside your VPC. Think of it as two offices in different buildings with no connecting corridor.
A Serverless VPC Access connector is that corridor. It is a small set of VM instances that Google manages for you, placed inside a dedicated /28 subnet in your VPC. When your Cloud Run service needs to talk to a private resource, traffic flows to the connector VMs, which forward it into your VPC as normal network traffic. Resources inside the VPC see that traffic as coming from the connector’s IP range, not from some unknown external address.
Imagine a courier working from a separate depot who needs to deliver packages to offices deep inside a secure building. Rather than issuing a full building pass, the building installs a dedicated service hatch connecting the depot directly to the post room. The courier can now deliver to any internal desk without ever being inside the building. The connector is that service hatch.
Why this matters
Many production architectures keep backend services off the public internet. A Cloud SQL instance configured with private connectivity has no public IP at all. It is only reachable via a private IP inside the VPC. Memorystore Redis instances always have private IPs. Internal APIs running on Compute Engine VMs are often placed on private subnets intentionally.
This is sound security practice. Keeping data stores and internal services off the internet reduces attack surface significantly. But it creates a real problem when the services consuming those resources are serverless, because serverless services live outside your VPC by default.
A Serverless VPC Access connector resolves this tension. You keep your database and internal services private, and you give your Cloud Run or Cloud Functions workloads a controlled path into the VPC to reach them. The connector is the mechanism that makes both true at once.
Common scenarios where this is directly necessary:
- Cloud Run connecting to Cloud SQL over a private IP
- Cloud Functions reading from or writing to a Memorystore Redis or Memcache instance
- Cloud Run calling an internal microservice on Compute Engine with no external IP
- Any serverless workload that must route all internet egress through a specific Cloud NAT IP for third-party allowlisting
- Cloud Run calling an internal service exposed only through an internal load balancer
How it works
A connector is a set of VM instances that Google creates and manages inside your VPC. You specify a /28 CIDR range when you create the connector, and Google provisions a dedicated subnet in that range. The connector VMs live in that subnet.
When your Cloud Run service sends a request to a private IP address, the traffic is routed to the connector. The connector VMs forward it into the VPC as ordinary network traffic. From the perspective of the destination resource (a database, a cache, or a VM), the traffic appears to originate from the connector’s /28 range. This means standard firewall rules apply: if you have ingress rules protecting your private resources, you need to explicitly allow traffic from the connector’s CIDR range.
A few properties of connectors to keep in mind:
- Regional: a connector is tied to a specific region. Your Cloud Run service and connector must be in the same region.
- Dedicated subnet: the /28 range must not overlap with any existing subnet in the VPC or any peered VPCs.
- Google-managed VMs: you do not patch or manage the connector instances yourself, but they count against your VM quota and are billed at Compute Engine rates.
- Scalable: you set minimum and maximum instance counts. The connector scales within those bounds based on traffic throughput.
- Egress modes: you control whether only traffic to private IP ranges goes through the connector (
private-ranges-only), or whether all outbound traffic from the service does (all-traffic).
Each connector instance handles approximately 100 Mbps of throughput. For high-traffic workloads, raise the maximum instance count and consider a larger machine type such as e2-standard-4.
When to use this
Use a Serverless VPC Access connector when a serverless service needs to reach a resource that is only reachable via a private IP inside your VPC.
- Cloud Run to Cloud SQL private IP: your Cloud SQL instance is configured with private connectivity and has no public IP; the connector gives Cloud Run a path to reach it
- Cloud Run or Cloud Functions to Memorystore: Memorystore Redis and Memcache instances always have private IPs; a connector is required
- Cloud Run to an internal microservice: a backend service running on a VM or GKE node with no external IP, only accessible within the VPC
- Routing all internet egress through a fixed IP: when an external partner requires you to connect from a known IP address, set
vpc-egress=all-trafficand route through a Cloud NAT gateway with a reserved static IP - Keeping backend services fully private: the connector lets your serverless frontend reach internal services without those services needing public exposure
When not to use this
A connector is not always the right answer. In several cases you either do not need one or there is a better-fitting solution.
- The target service has a public endpoint: if your Cloud SQL instance has a public IP, Cloud Run can reach it directly without a connector (though this is not recommended for production security reasons).
- You only need to reach Google APIs: Serverless VPC Access is not the mechanism for reaching Cloud Storage, BigQuery, or other Google APIs. Cloud Run already has built-in access to Google APIs without a connector. For private VMs that need this, use Private Google Access instead.
- The added cost is not justified: connector VMs run continuously and incur Compute Engine costs even when no traffic flows. For very-low-traffic or intermittent workloads, evaluate whether the cost is proportionate to the benefit.
- Cloud Run 2nd gen is in use and direct VPC egress fits better: Cloud Run 2nd gen services support direct VPC egress, which connects the service directly into the VPC without needing to manage connector instances. Worth evaluating if you want lower overhead.
- Public access is the intended design: if both your Cloud Run service and its dependencies are designed to be publicly accessible, adding a connector for private routing introduces unnecessary complexity.
If you are not sure which tool you need, start with the question: does the target resource have a private IP only? If yes, you need a connector. If the target is a Google-managed API like Cloud Storage or Pub/Sub, you do not. The comparison table below covers this in detail.
Serverless VPC Access vs related networking options
Several GCP networking features solve adjacent problems, and it is easy to confuse them when you are building on GCP for the first time. This table covers the most common points of confusion.
| Goal | Right tool | Notes |
|---|---|---|
| Cloud Run reaches private VPC resources | Serverless VPC Access | Connector bridges serverless runtime to your VPC |
| Private VMs reach Google APIs (Storage, BigQuery) | Private Google Access | Subnet flag; not for serverless-to-VPC traffic |
| Private VMs reach the public internet | Cloud NAT | Outbound only; does not give serverless services VPC access |
| Cloud Run needs a fixed outbound internet IP | Serverless VPC Access + Cloud NAT | Set vpc-egress=all-traffic; internet traffic exits via NAT IP |
| Two VPCs share resources directly | VPC Peering | Not related to serverless connectivity |
| Cloud Run 2nd gen needs VPC access | Direct VPC egress (no connector needed) | Available for Cloud Run 2nd gen only; not Cloud Functions |
The most common confusion is between Serverless VPC Access and Private Google Access. They are not interchangeable. Private Google Access is a subnet-level flag that gives private VMs access to Google-managed APIs. It does nothing for serverless services that need to reach VPC resources with private IPs. If you are trying to reach Cloud Storage or BigQuery from Cloud Run, you do not need a connector at all.
Creating a connector
Before creating a connector, verify that the /28 CIDR range you plan to use is not already in use. Check your existing subnets and any peered VPC ranges first. The region must match the region of the services that will use the connector. The machine type and instance counts control throughput: each instance handles approximately 100 Mbps, and the connector scales between the specified minimum and maximum.
The /28 CIDR range you choose must not overlap with any existing subnet in the VPC or any peered VPCs. There is no way to change the range after creation. If you pick an overlapping range, connector creation fails immediately. Run gcloud compute networks subnets list —network=my-vpc and check peered networks before choosing a range.
# Enable the Serverless VPC Access API
gcloud services enable vpcaccess.googleapis.com
# Create a connector
gcloud compute networks vpc-access connectors create my-vpc-connector \
--network=my-vpc \
--region=europe-west1 \
--range=10.8.0.0/28 \
--min-instances=2 \
--max-instances=10 \
--machine-type=e2-micro
# Confirm the connector is READY before attaching it to any service
gcloud compute networks vpc-access connectors describe my-vpc-connector \
--region=europe-west1Wait for the connector to reach READY state before deploying services that reference it. This typically takes one to two minutes.
Connector VMs run continuously regardless of traffic volume and are billed at standard Compute Engine rates. A two-instance e2-micro connector costs roughly the same as two always-on micro VMs. Use e2-standard-4 for higher throughput requirements. The minimum instance count is the floor — those VMs always run. Factor this into your cost model before setting min-instances.
Attaching a connector to Cloud Run
Attach the connector when deploying or updating a Cloud Run service. The egress mode controls which traffic routes through the connector.
# private-ranges-only: only traffic to RFC 1918 private addresses goes through the connector
# Public internet traffic still leaves directly from Cloud Run
gcloud run deploy my-service \
--image=gcr.io/my-project/my-image:latest \
--region=europe-west1 \
--vpc-connector=my-vpc-connector \
--vpc-egress=private-ranges-only
# all-traffic: every outbound connection from Cloud Run goes through the connector
# Use this when you want internet traffic to appear from a fixed Cloud NAT IP
gcloud run deploy my-service \
--image=gcr.io/my-project/my-image:latest \
--region=europe-west1 \
--vpc-connector=my-vpc-connector \
--vpc-egress=all-trafficprivate-ranges-only is the right choice for most setups. Traffic to private IP addresses (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) flows through the connector, while internet traffic still leaves Cloud Run directly. This avoids routing unnecessary traffic through the connector.
If you set vpc-egress=all-traffic without a Cloud NAT gateway in your VPC, your service will lose internet connectivity entirely. All outbound traffic goes through the connector, but there is no path out of the VPC for internet-bound packets. Only use all-traffic when Cloud NAT is already configured in the same region.
Using connectors with Cloud Functions
Cloud Functions — both 1st and 2nd generation — support Serverless VPC Access connectors. The connector must be in the same region as the function. Specify it at deploy time with the —vpc-connector flag.
# Deploy a Cloud Function with a VPC connector attached
gcloud functions deploy my-function \
--runtime=python311 \
--trigger-http \
--region=europe-west1 \
--vpc-connector=my-vpc-connector \
--vpc-connector-egress-settings=private-ranges-only \
--source=.The —vpc-connector-egress-settings flag corresponds to the egress mode in Cloud Run. Use private-ranges-only for private VPC access without rerouting internet traffic, or all-traffic to route everything through the connector.
Unlike Cloud Run 2nd gen, Cloud Functions does not support direct VPC egress. A Serverless VPC Access connector is the only mechanism for giving Cloud Functions access to private VPC resources.
Firewall rules for connectors
When traffic from Cloud Run or Cloud Functions passes through the connector and enters your VPC, it appears to originate from the connector’s /28 CIDR range. It does not appear to come from a Google IP range, and it does not carry any identity from the Cloud Run service itself. Standard firewall rules apply based on that source range.
A correctly configured connector with no matching ingress firewall rule results in connections timing out silently. There is no helpful error message from Cloud Run. This is the single most common cause of failure when setting up Serverless VPC Access for the first time.
# Allow traffic from the connector's /28 range to reach a PostgreSQL database
gcloud compute firewall-rules create allow-connector-to-sql \
--network=my-vpc \
--direction=INGRESS \
--action=ALLOW \
--rules=tcp:5432 \
--source-ranges=10.8.0.0/28 \
--description="Allow Serverless VPC connector to reach PostgreSQL"Write the firewall rule to be as specific as possible: target the exact port and the connector’s /28 source range. Avoid broad rules that allow all ports from the connector range. See Network Security Best Practices for guidance on structuring ingress allow rules properly.
Common mistakes
- Choosing a /28 CIDR range that overlaps with an existing subnet. The connector’s range must be unique across the VPC and all peered networks. Check existing subnets with
gcloud compute networks subnets listbefore picking a range. An overlap causes connector creation to fail immediately with an address conflict error. - Creating the connector in the wrong region. A connector is a regional resource. Your Cloud Run service in europe-west1 cannot use a connector in us-central1. GCP returns a configuration error when you try to attach a connector from a different region.
- Forgetting to add firewall ingress rules. Traffic from the connector arrives in the VPC from its /28 range. If no ingress rule permits that source range on the required port, connections time out silently. Always create a specific ingress rule for the connector CIDR after creating the connector.
- Using all-traffic without Cloud NAT. If you set
vpc-egress=all-trafficand the VPC has no Cloud NAT gateway in that region, all internet-bound traffic is dropped. The service loses internet connectivity without any obvious error. Only useall-trafficwhen Cloud NAT is confirmed active. - Not accounting for the ongoing connector cost. Connector VMs run continuously. The minimum instance count is the floor: those VMs always run, regardless of traffic. A two-instance e2-micro connector incurs persistent Compute Engine costs at zero traffic. Do not over-provision minimum instances for low-traffic workloads.
- Assuming the connector provides security by itself. A connector gives access, not restriction. Traffic still flows based on VPC firewall rules. The connector does not add authentication or isolate workloads. Write correct firewall rules and keep backend resources protected independently of the connector.
Troubleshooting checklist
If Cloud Run or Cloud Functions cannot reach a private resource after adding a connector, work through these checks in order. Most failures are caused by one of the first four items.
- Connector state is READY. Run
gcloud compute networks vpc-access connectors describe my-vpc-connector —region=REGIONand confirm the state showsREADY. A connector in a degraded state will not forward traffic reliably. - Connector and service are in the same region. Confirm the connector region matches the Cloud Run service or Cloud Functions region exactly. Even a minor mismatch (europe-west1 vs europe-west2) causes a deployment configuration error.
- Firewall rule allows the connector’s source range. Check that an ingress allow rule exists for the connector’s /28 CIDR on the correct port. Use
gcloud compute firewall-rules list —filter=“network=my-vpc”to review all rules in the VPC. - The deployment includes the connector. Verify the deployed service or function has the connector configured. For Cloud Run:
gcloud run services describe my-service —region=REGIONand look for the VPC connector fields in the output. - Egress mode matches the use case. If you need internet traffic routed through the connector, confirm
vpc-egress=all-trafficis set and that Cloud NAT is active in the VPC. If only private IPs need the connector, confirmprivate-ranges-onlyis set. - The target resource is actually reachable. Confirm the Cloud SQL instance, Memorystore instance, or VM is running and correctly configured. Test connectivity from a VM inside the same VPC to rule out connector-specific issues.
- Cloud NAT is configured when using all-traffic egress. If Cloud Run needs to reach internet destinations through the connector, your VPC must have a Cloud NAT gateway in the same region. See Cloud NAT for setup steps.
- Routes exist for the destination. Private resources must be reachable via existing VPC routes. If the destination subnet has a missing or broken route, the connector will forward the packet into the VPC but it will not reach its destination.
For deeper packet-level diagnostics, see Troubleshooting Network Issues.
Summary
- Serverless VPC Access connectors bridge Cloud Run, Cloud Functions, and App Engine to private VPC resources
- A connector is a Google-managed set of VMs in a dedicated /28 subnet inside your VPC
- The /28 range must not overlap with any existing subnet in the VPC or peered VPCs
- Connector and service must be in the same region; cross-region use is not supported
- Use
private-ranges-onlyegress to route only private IP traffic through the connector - Use
all-trafficegress when you need internet traffic to exit via a fixed Cloud NAT IP - Add firewall ingress rules for the connector’s /28 range; a missing rule is the most common cause of failure
- Connector VMs run continuously and incur Compute Engine costs even when idle
Frequently asked questions
What is Serverless VPC Access in GCP?
Serverless VPC Access is a connector that lets serverless services — Cloud Run, Cloud Functions (1st and 2nd gen), and App Engine standard — communicate with resources inside a VPC using private IP addresses. Without a connector, these services run on Google-managed infrastructure outside your VPC and cannot reach resources that only have private IPs, such as a Cloud SQL instance configured with private connectivity or a Memorystore Redis instance.
Does Cloud Run need a VPC connector to reach a private IP?
Yes, in most cases. Cloud Run runs outside your VPC by default. To reach resources with private IPs — such as a Cloud SQL instance using private connectivity, or a Memorystore Redis instance — you need a Serverless VPC Access connector attached to the Cloud Run service. The connector forwards traffic from Cloud Run into your VPC. Cloud Run 2nd gen services also support direct VPC egress as an alternative to a connector.
What CIDR range does a Serverless VPC Access connector use?
A connector uses a /28 CIDR range that you specify when creating it. This range must not overlap with any existing subnet in your VPC or any peered VPCs. GCP provisions a dedicated subnet for the connector VMs in that range. Resources in your VPC see traffic arriving from that /28 range when the connector forwards requests, which is why firewall rules must explicitly allow it.
Can multiple services share one Serverless VPC Access connector?
Yes. Multiple Cloud Run services, Cloud Functions, or App Engine services in the same region can attach to and share the same connector. The connector is a regional resource. Size it appropriately for the combined throughput — a two-instance e2-micro connector handles light traffic, but busier setups need more instances or a larger machine type.
Do I need Cloud NAT with a Serverless VPC Access connector?
Only if you need Cloud Run to make outbound internet requests from a predictable, fixed IP. When you set vpc-egress=all-traffic, all outbound traffic from Cloud Run goes through the connector and into your VPC. If your VPC has a Cloud NAT gateway configured, internet-bound traffic will appear from the NAT IP. If you only need Cloud Run to reach private VPC resources, use vpc-egress=private-ranges-only and Cloud NAT is not required.