GCPcloud~5 mins

Shared VPC concept in GCP - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes, teams need to share network resources securely across projects. Shared VPC lets one project own the network while others use it, avoiding duplicate networks and easing management.

When multiple teams need to connect their resources securely using the same network.

When you want to centralize network control but let other projects use the network.

When you want to avoid creating separate networks for each project to reduce complexity.

When you want to apply consistent firewall rules and routing across projects.

When you want to simplify billing and monitoring by centralizing network resources.

Commands

Enable Shared VPC on the host project to allow other projects to use its network.

Terminal

gcloud compute shared-vpc enable example-host-project

Expected OutputExpected

Enabled Shared VPC host project [example-host-project].

Grant a user permission to use the Shared VPC network from the host project in the service project.

Terminal

gcloud projects add-iam-policy-binding example-service-project --member=user:alice@example.com --role=roles/compute.networkUser

Expected OutputExpected

Updated IAM policy for project [example-service-project].

→

--member - Specifies the user or service account to grant permissions.

→

--role - Specifies the role to assign for network usage.

List all projects currently associated with the Shared VPC host project.

Terminal

gcloud compute shared-vpc associated-projects list example-host-project

Expected OutputExpected

PROJECT_ID example-service-project

Associate a service project with the Shared VPC host project to allow it to use the host's network.

Terminal

gcloud compute shared-vpc associated-projects add example-host-project --project=example-service-project

Expected OutputExpected

Added project [example-service-project] to Shared VPC host project [example-host-project].

→

--project - Specifies the service project to associate.

Key Concept

If you remember nothing else from this pattern, remember: Shared VPC lets one project own the network while others securely use it to share resources.

Common Mistakes

Trying to use Shared VPC without enabling it on the host project.

The network sharing won't work because the host project is not set up to share its network.

Always run 'gcloud compute shared-vpc enable' on the host project first.

Not granting the correct IAM role to users or service accounts in the service project.

Users or services won't have permission to use the Shared VPC network, causing failures.

Grant 'roles/compute.networkUser' to the necessary members in the service project.

Forgetting to associate the service project with the host project.

The service project cannot use the host project's network until association is done.

Use 'gcloud compute shared-vpc associated-projects add' to link the service project.

Summary

Enable Shared VPC on a host project to share its network.

Associate service projects to the host project to allow network usage.

Grant IAM roles to users or services to permit network access.