You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)
You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)
To enable access to Cloud SQL from VPC instances without public IP addresses, two key actions need to be taken: First, activate the Service Networking API in your project. This is essential for creating a private connection and using private services within Google Cloud. Second, enable Private Google Access. This allows VM instances without public IP addresses in a specified subnet to reach Google APIs and services, including Cloud SQL, using their internal IP addresses.
Answer are A & C C is definitely correct. private services access require private connection In below links stated Service Networking API is required https://cloud.google.com/service-infrastructure/docs/enabling-private-services-access
A & C https://cloud.google.com/sql/docs/mysql/private-ip This page provides information about using private IP with Cloud SQL. For step-by-step instructions for configuring a Cloud SQL instance to use private IP, see Configuring private IP.
Correct Answer are (C) & (E): C: If you are using private IP for any of your Cloud SQL instances, you only need to configure private services access one time for every Google Cloud project that has or needs to connect to a Cloud SQL instance. If your Google Cloud project has a Cloud SQL instance, you can either configure it yourself or let Cloud SQL do it for you to use private IP. Cloud SQL configures private services access for you when all the conditions below are true: https://cloud.google.com/sql/docs/postgres/configure-private-services-access#before_you_begin E: You can enable Private Google access on a subnet level and any VMs on that subnet can access Google APIs by using their internal IP address. https://cloud.google.com/vpc/docs/configure-private-google-access
For Accessing K8S and Cloud SQL it is Google Private Service Access
The question is not mentioning the need of connecting to CloudSQL by its private ip, enabling Network Services API is mandatory for enabling Private Google Access, A&E are the ones.
BUT private service access appears to be the recommended practice, leaving it to A&C
It's A&C here is the link that shows that: https://cloud.google.com/sql/docs/mysql/configure-private-ip You must enable the Service Networking API for your project. Private services access When you create a new VPC network in your project, you need to configure private services access to allocate an IP address range and create a private service connection. This allows resources in the VPC network to connect to Cloud SQL instances.
To access Cloud SQL from VPC instances without public IP addresses, you need to enable Private Google Access on the subnet where the instances are located. Private Google Access allows VMs without public IP addresses to reach Google APIs and services such as Cloud SQL using internal IP addresses. In addition, you need to activate the Service Networking API in your project. This enables you to create a private connection to Cloud SQL using VPC Service Controls. With VPC Service Controls, you can create a private connection between your VPC network and Cloud SQL without requiring an external IP address.
Option B is incorrect because Cloud Datastore is a NoSQL document database that is not related to Cloud SQL. Option C is incorrect because creating a private connection to a service producer is not necessary to access Cloud SQL from VPC instances without public IP addresses. Option D is also incorrect because creating a custom static route is not necessary to access Cloud SQL from VPC instances without public IP addresses.
You need to read about service producer network with private access. https://cloud.google.com/vpc/docs/private-services-access#:~:text=Service%20producer%20network,-On%20the%20service&text=The%20service%20producer's%20network%20is,resources%20in%20your%20VPC%20network.
its meant to custom services not google provided services
I think the answer is A and C To use private service access, enabling Service Networking API is required on the project as per https://cloud.google.com/service-infrastructure/docs/enabling-private-services-access and it's required to create a private connection after enabling above API. https://cloud.google.com/sql/docs/mysql/private-ip#application_environment_requirements
Answer should be A&C. There are different ways to consume and provide APIs and services in GCP: https://cloud.google.com/vpc/docs/private-access-options#connect-google-apis --- Private service connect --- Private Google access --- Private services access Among all the given options, only A/C(Private services access) and E(Private Google access) are reasonable. As the answers have to be two, so they can only be A and C. Also, Private Google access is enabled on subnet level, not on VPC level. *For Private services access, its deployment involves the allocation of a specific internal CIDR in the local VPC and creation of a private connection between local VPC and service provider's VPC. This private connection is created using Service Networking API. https://cloud.google.com/vpc/docs/private-services-access *For Private Google access, it applies for accessing the external ip of Google APIs and services from instances with only internal ip addresses https://cloud.google.com/vpc/docs/private-google-access
Between A&C and C&E is confused. Based on the quesiton said ," access to Cloud SQL from VPC with no public IP", it should be means: VM which only with internal IP need access to Cloud SQL Based on the PGA overview, example and its supported services, E is a suitable option at least. https://cloud.google.com/vpc/docs/private-google-access https://cloud.google.com/vpc/docs/private-google-access#example https://cloud.google.com/vpc/docs/private-services-access#private-services-supported-services And about option A, I only found following description: "Service Networking enables you to offer your managed services on internal IP addresses to service consumers" Base on my understanding, it seems to describe the part of services (Cloud SQL) has an internal IP. It was different with this question mentioned. I think C & E is better.
Sorry for my mistake, Change my answer to A & C. Because: Private Google Access enabled allows VM instances which only have internal IP addresses (no external IP addresses) to reach the external IP addresses of Google APIs and services. AND https://cloud.google.com/sql/docs/mysql/private-ip
C&E are the correct answers A has nothing to do with this. Network Service API -"Provides automatic management of network configurations necessary for certain services." C - https://cloud.google.com/vpc/docs/private-services-access#service_producer_network E - Configuring a Cloud SQL instance to use private IP requires private services access. Private services access lets you create private connections between your VPC network and the underlying Google service producer's VPC network - https://cloud.google.com/sql/docs/mysql/private-ip#allocated_ip_address_ranges And regarding the Cloud SQL your understanding is wrong, nothing is specified for the Cloud SQL the only thing that is mentioned in the question is that the VM's has no public IP address as infrared from the question: "VPC instances without public IP addresses"
Option C is valid for Service Producers. Questions doesn't say about external Service Producers so we assume its by Google. We don't need to create a private connection for connecting to Google SQL. So I will go with A and E.
Answer is A&E: https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started
Sorry it's A&C
C is definitely correct. private services access require private connection In below links stated Service Networking API is required Service Networking enables you to offer your managed services on internal IP addresses to service consumers. Service consumers use private services access to privately connect to your service.
Please refer https://cloud.google.com/sql/docs/mysql/private-ip#requirements_for_private_ip It clearly says creating Configuring a Cloud SQL instance and acces is privately we need private services access and Service Networking API must be enabled hence A and C is correct a service
should be A,C
AC is ans
A & C. E is not a correct option because PGA is required only if you want to connect to Google API's (restricted or private).
C&E Private google access is a valid option for connecting from GCEs with no public ip
Answers are A&E:
It difficult to understand why. in my opinion should be OLNY E or A and C both. Enabling Private Google Access allows VM instances without public IPs to access Google APIs and services. While useful, it's not strictly necessary for Cloud SQL private connectivity if you already have the Service Networking API and private connection configured. However, enabling this can provide additional benefits for accessing other Google services.