GCP: public vs private subnets

Mar 28, 2023 · 1 min read · Post a comment

The main difference between public and private subnets more or less to any public cloud is their connectivity and access to the internet. Overall, it comes down to routing. However, this concept doesn’t apply as such in GCP, since it’s applied on VM or resource level. You can even have both public and private instances in the same subnet if that makes sense. So, how to proceed?!


  • GCP VPC network


approach #1

One approach is to create separate VPC networks for public and private access. The public networks, leave them as they are considering next-hop routes are configured with the Default Internet Gateway by default.

But, when dealing with private-only networks, you need to configure next-hop routes to a NAT Gateway, or Cloud NAT if you will. On top of that, you could also enable the Private Google Access, so the private IP instances could reach external Google APIs and services.

approach #2

Other approach, a dirty, easier and quick-fix one, is to just assign External IP addresses to instances and resources as required. You don’t need to worry about subnets and routing lol. Leave everything as default, but setting up and configuring Firewall is a must!


Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.