Complete the code to enable Private Google Access on a subnet.
resource "google_compute_subnetwork" "example" { name = "example-subnet" ip_cidr_range = "10.0.0.0/24" region = "us-central1" network = "[1]" private_ip_google_access = true }
The subnet must be attached to the correct VPC network. In GCP, the default VPC network is named default.
Complete the command to enable Private Google Access on an existing subnet.
gcloud compute networks subnets update example-subnet --region=us-central1 --[1]The correct gcloud flag to enable Private Google Access is --enable-private-google-access.
Fix the error in the Terraform snippet to correctly enable Private Google Access.
resource "google_compute_subnetwork" "example" { name = "example-subnet" ip_cidr_range = "10.0.0.0/24" region = "us-central1" network = "default" private_ip_google_access = [1] }
The value for private_ip_google_access must be the boolean true without quotes in Terraform.
Fill both blanks to create a firewall rule allowing Private Google Access traffic.
resource "google_compute_firewall" "private-google-access" { name = "allow-private-google-access" network = "default" direction = "INGRESS" [1] = ["35.191.0.0/16", "130.211.0.0/22"] [2] = ["tcp:443"] }
The firewall rule must specify source_ranges for the IP ranges and allowed for the allowed protocols and ports.
Fill all three blanks to configure a subnet with Private Google Access and a route to Google APIs.
resource "google_compute_subnetwork" "example" { name = "example-subnet" ip_cidr_range = "10.1.0.0/24" region = "us-east1" network = "default" private_ip_google_access = [1] } resource "google_compute_route" "to-google-apis" { name = "route-to-google-apis" network = "default" dest_range = [2] next_hop = [3] }
Private Google Access is enabled with true. The destination range for Google APIs is 199.36.153.4/30. The next hop for the route is the default-internet-gateway.