Connect a GCP Cloud Function with an instance in a VPN

Question

I have made a Static VPN connection between an instance on GCP and an instance on AWS. I can ping from the machine on GCP (10.132.0.2) to the AWS machine (10.16.191.45) and vice versa.

Now I need connect from a Google Cloud Function to the AWS machine.

I have tried to make a VPC Connector, add it in the egress connection settings in the cloud function and add the IP range from the connector (10.130.0.0/28) to the VPN Static Route but when I try to ping the instance in AWS from the Cloud Function always get

line 45, in connect self._s.connect((host, int(port))) ConnectionRefusedError: [Errno 111] Connection refused

Here's the code to ping the AWS machine from GCP Cloud Function

from tcping import Ping


def hello_world(request):
    # Ping(host, port, timeout)
    ping = Ping('10.132.0.2')
    ping.ping(3)
    return "Done"

Any idea how to do it? Am I missing something?

Answer 1

When you are creating a Cloud function click “Runtime,build,connection and security settings” choose the “connection” option, make sure under connection that you choose Allow all traffic in ingress.

Under connection click create a serverless VPC connector. Make sure that Region from Cloud Function is also the same with your VPC connector. Under the network option choose the VPC network where your subnet 10.132.0.2 is located then create an IP range.

Once Serverless VPC connector is created. Refresh the Network option in your Cloud Function then choose the name of your VPC connector then click the radio button of Route all traffic through the VPC connector.

Just to add up, even if the port is already open in your firewall that doesnt mean that the port is already accessible. You need to make sure that there is a service that is listening so that the port will open, you can check that information on this link.