I need to add IP Restrictions onto my Cloud Function, and before you mention it using a SA or other forms of auth are out of the question..! ;)
I am having trouble, however.
My Cloud Function is deployed all fine, and I've setup a VPC.
This VPC has one subnet, deployed in the same region (europe-west1) and has an internal IP range 10.0.0.0/28, and no external IP ranges.
There is a firewall, but I've set it to 0.0.0.0/0 to allow all requests through, and for all ports as well.
I've added a Serverless VPC access as well, connected to the subnet mentioned above.
However, when I run my curl command to trigger my Cloud Function, I am getting this back:
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>404 Page not found</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Page not found</h1>
<h2>The requested URL was not found on this server.</h2>
<h2></h2>
</body></html>
I'm confident its with regards to IP or something similar in the VPC setup, because as soon as I turn my Cloud Function connections to 'allow all traffic' I am able to ping it just fine.
PS: its on 'Allow internal traffic only'
Please let me know what I am doing wrong, or what steps I've missed. I would appreciate any help, devops is not my forte ;)
Google Cloud Functions is not part of your VPC. VPC Firewalls have no effect.
Therefore if you want to control access, you can either access it from a service inside your VPC (
Allow internal traffic only), such as Compute Engine, or use authorization that requires disablingAllow internal traffic onlyto allow access from the Internet.Authorization requires an OIDC Identity Token which can be created from user and service account credentials.