Creating and Managing Shared VPCs Across Google Cloud Projects: A Step-by-Step Guide

Step 1: Create the GCP projects

1. Log in to the Google Cloud Console (https://console.cloud.google.com/).
2. Click the project drop-down and select or create the organization you want to use.
3. Open the navigation menu (the three horizontal lines on the upper left corner), and click on “IAM & Admin” > “Manage resources.”
4. Click “Create Project” and enter “ntwk-common” as the project name. Choose your organization, billing account, and location if necessary. Click “Create.”
5. Repeat step 1.4, but this time, enter “intr-banking” as the project name.

Step 2: Enable the Compute Engine API and Shared VPC

1. 2.1. Navigate to the “ntwk-common” project.
2. Open the navigation menu, and go to “APIs & Services” > “Dashboard.”
3. Click “+ ENABLE APIS AND SERVICES” and search for “Compute Engine API.” Click on it and click “Enable.”
4. Open the navigation menu, and go to “VPC network” > “Shared VPC.”
5. Click “Setup Shared VPC” and choose the “ntwk-common” project as the host project. Click “Save.”

Step 3: Create VPC and subnets in the ntwk-common project

1. In the “ntwk-common” project, open the navigation menu and go to “VPC network” > “VPC networks.”
2. Click “Create VPC network” and enter a name for your VPC (e.g., “ntwk-common-vpc”).
3. Configure the subnets as required (e.g., name, region, IP range). Click “Add subnet” if you need more subnets.
4. Click “Create” to finalize the VPC creation.

Step 4: Share the VPC with the intr-banking project

1. In the “ntwk-common” project, open the navigation menu and go to “VPC network” > “Shared VPC.”
2. Click “Add Project” and select the “intr-banking” project.
3. Click “Add” to add the project as a service project.
4. Once the project is added, you’ll see a list of available subnets. Click on the pencil icon next to each subnet you want to share, and select the “intr-banking” project in the “Service project access” section.
5. Click “Save” to apply the changes.

Step 5: Set up IAM permissions

1. In the “ntwk-common” project, open the navigation menu and go to “IAM & Admin” > “IAM.”
2. Click “Add” and enter the email address of the user you want to grant permissions to (it could be your own email or a team member’s email).
3. In the “Role” drop-down, select “Compute Shared VPC Admin” and “Compute Network Admin” roles.
4. Click “Save” to apply the changes.
5. Repeat steps 5.2 to 5.4 in the “intr-banking” project, but this time, assign the “Compute Shared VPC User” role instead.

Step 6: Create resources in the intr-banking project using the shared VPC

1. In the “intr-banking” project, open the navigation menu and go to “Compute Engine” > “VM instances.”
2. Click “Create Instance” to create a new VM instance.
3. Under the “Networking” section, click on the “Network interfaces” tab.
4. Click “Edit” next to the default network interface.
5. In the “Network” drop-down, select the shared VPC (e.g., “ntwk-common-vpc”) from the “ntwk-common” project.
6. In the “Subnetwork” drop-down, select the appropriate shared subnet.
7. Click “Done” and then “Create” to finalize the VM instance creation.

Step 7: Create firewall rules in the ntwk-common project

1. In the “ntwk-common” project, open the navigation menu and go to “VPC network” > “Firewall.”
2. Click “Create firewall rule” and enter a name for the rule.
3. Select the shared VPC (e.g., “ntwk-common-vpc”) in the “Network” drop-down.
4. Configure the targets, source filter, source IP ranges, and allowed protocols and ports as needed.
5. Click “Create” to finalize the firewall rule.

Step 8: Monitoring your network

1. In the “ntwk-common” project, open the navigation menu and go to “VPC network” > “VPC networks.”
2. Click on the shared VPC (e.g., “ntwk-common-vpc”) to view its details, including subnets, firewall rules, and routes.
3. You can also monitor network traffic and performance by going to “VPC network” > “Monitoring” and configuring the desired metrics and filters.

Step 9: Managing resources across projects

1. Use labels to tag resources in both the “ntwk-common” and “intr-banking” projects (or any other projects sharing the VPC) to make it easier to manage and organize resources.
2. Use Google Cloud’s Operations Suite (formerly Stackdriver) to monitor, troubleshoot, and improve application performance across projects.

Step 10: Scaling your infrastructure

1. As your organization grows and you create more projects, you can follow the same process to share the VPC and subnets from the “ntwk-common” project with the new projects, ensuring a consistent networking setup across all your projects.
2. You can also create additional subnets, firewall rules, and other networking resources in the “ntwk-common” project as needed to accommodate the growth of your infrastructure.

By following these steps, you can maintain a scalable, organized, and consistent networking setup across all your projects sharing the VPC and subnets from the “ntwk-common” project. This approach makes it easier to manage resources, monitor performance, and troubleshoot issues while also allowing for greater flexibility and control over your infrastructure.

If you find this post helpful, please consider clap and following me. :)