



This use case is of particular interest in the context of API Management, where you create internal services and expose only a subset of these services as APIs to some specific external clients. Additionally, you can create developer portals that expose these APIs as monetizable products.

When creating a Cloud Run service and interacting with PSC from an Apigee X target endpoint, you can minimize creating service attachments.

This is the final use case implemented and described in this article.

Solutions for network communication between VPCs

This section focuses on two possible solutions for accessing resources that reside in one VPC from another VPC.

VPC peering

Google Cloud VPC Network Peering connects two VPC networks so that resources within each network can communicate with each other. One of the benefits of VPC Peering is network security. Service owners do not have to expose their services to the public Internet or deal with the risks associated with doing so.

On the other hand, setting up network communication like VPC peering requires coordinating subnets and managing complex routing topologies across different networks and organizations.

This presents a significant challenge for companies wishing to completely separate services to address security concerns. As an example, many businesses require the use of network security her appliances on the consumer side to control the transport and network layers of VPC peering communications.

private service connection

PSC means a one-way communication channel between an endpoint and a service attachment. Unlike VPC peering, the underlying infrastructure is not exposed. Connecting and managing services is much easier, secure and private.

PSC, on the other hand, requires you to configure endpoint and service attachments for each application you need to access, but there are some solutions to minimize the creation of these attachments.

This article builds on a solution based on PSC from Apigee X instance to Cloud Run service (backend). Aspects of Northbound that are left up to the reader’s discretion (using an external load balancer and “classic” MIG, or an external load balancer and VPC peering via a PSC network endpoint group) are not voluntarily presented. .

Solution overview

This section presents a proposed solution used to access internal Cloud Run services from the Apigee X runtime.

