Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Nesta página, mostramos como criar os intervalos de endereços IP da nuvem privada virtual (VPC) que
o AlloyDB para PostgreSQL exige para o acesso a serviços
particulares. Para uma visão geral de como o AlloyDB usa o acesso a serviços particulares para permitir que os recursos internos se comuniquem entre si, consulte Sobre o acesso a serviços particulares.
Para criar uma configuração de acesso a serviços particulares em uma rede de nuvem privada virtual (VPC) que reside no mesmo projetoGoogle Cloud do cluster do AlloyDB, realize duas operações:
Crie um intervalo de endereços IP alocado na rede VPC.
Crie uma conexão particular entre a rede VPC e a rede VPC Google Cloud subjacente.
Também é possível configurar o acesso a serviços particulares para conectar o cluster do AlloyDB a recursos que residem em um projetoGoogle Cloud separado. Para isso, mescle as redes VPC dos dois projetos usando a VPC compartilhada.
Para fornecer espaço de endereço suficiente para o AlloyDB, recomendamos um comprimento de prefixo de 16 ou menos.
Para especificar um intervalo de endereços e um tamanho de prefixo (máscara de sub-rede), use os sinalizadores --addresses e --prefix-length. Por exemplo, para alocar o bloco CIDR 192.168.0.0/16, especifique 192.168.0.0 como endereço e 16 como tamanho de prefixo.
RESERVED_RANGE_NAME: um nome para o intervalo alocado,
como my-allocated-range
DESCRIPTION: uma descrição para o intervalo, como
allocated for my-service
VPC_NETWORK: o nome da rede VPC, como my-vpc-network. No caso de uma rede VPC compartilhada, defina o caminho totalmente qualificado da rede VPC. Por exemplo, projects/cymbal-project/global/networks/shared-vpc-network.
Para especificar apenas um tamanho de prefixo (máscara de sub-rede), use a
sinalização --prefix-length. Quando você omite o intervalo de endereços, oGoogle Cloud seleciona automaticamente um intervalo de endereços não utilizado na sua rede VPC.
No exemplo a seguir, é selecionado um intervalo de endereços IP não utilizado com um tamanho de prefixo de 16 bits:
O exemplo a seguir cria uma conexão privada com o Google para que as instâncias de VM na rede VPC default possam usar serviços privados para acessar serviços do Google compatíveis.
gcloudcomputeaddressescreategoogle-managed-services-default\--global\--purpose=VPC_PEERING\--prefix-length=16\--description="peering range for Google"\--network=default
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-25 UTC."],[[["\u003cp\u003eThis page details how to configure Virtual Private Cloud (VPC) IP address ranges necessary for AlloyDB for PostgreSQL's private services access, enabling internal resource communication.\u003c/p\u003e\n"],["\u003cp\u003eSetting up private services access involves creating an allocated IP address range within the VPC network and establishing a private connection between the VPC network and the underlying Google Cloud VPC network.\u003c/p\u003e\n"],["\u003cp\u003eUsers must have specific IAM roles (such as \u003ccode\u003eroles/alloydb.admin\u003c/code\u003e, \u003ccode\u003eroles/owner\u003c/code\u003e, or \u003ccode\u003eroles/editor\u003c/code\u003e) and permissions (including \u003ccode\u003ecompute.networks.list\u003c/code\u003e, \u003ccode\u003ecompute.addresses.create\u003c/code\u003e, and \u003ccode\u003eservicenetworking.services.addPeering\u003c/code\u003e) to configure private services access.\u003c/p\u003e\n"],["\u003cp\u003eYou can allocate IP ranges manually by entering the desired CIDR block, or automatically by specifying only a prefix length for Google Cloud to select a free range; a prefix length of 16 or less is recommended.\u003c/p\u003e\n"],["\u003cp\u003ePrivate services access configuration can also connect AlloyDB to resources in a different Google Cloud project by using Shared VPC to merge the two projects' VPC networks.\u003c/p\u003e\n"]]],[],null,["# Enable private services access\n\nThis page shows you how to create the Virtual Private Cloud (VPC) IP address ranges that\nAlloyDB for PostgreSQL requires for private services\naccess. For an overview of how AlloyDB uses private services\naccess to let its internal resources communicate with each other, see\n[About private services access](/alloydb/docs/about-private-services-access).\n\nTo create a private services access configuration in a\nVirtual Private Cloud (VPC) network that resides in the same\nGoogle Cloud project as your AlloyDB cluster, you perform two operations:\n\n- Create an allocated IP address range in the VPC network.\n\n- Create a private connection between the VPC network and the underlying Google Cloud VPC network.\n You can also configure private services access to connect your\n AlloyDB cluster to resources residing in a separate\n Google Cloud project. To do this, you must merge the two projects'\n VPC networks [using Shared VPC](/alloydb/docs/about-private-services-access#shared).\n\n\n### Before you begin\n\n- The Google Cloud project you are using must have been [enabled to access AlloyDB](/alloydb/docs/project-enable-access).\n- You must have one of these IAM roles in the Google Cloud project you are using:\n - `roles/alloydb.admin` (the AlloyDB Admin predefined IAM role)\n - `roles/owner` (the Owner basic IAM role)\n - `roles/editor` (the Editor basic IAM role)\n\n If you don't have any of these roles, contact your Organization Administrator to request\n access.\n- To create a private services access configuration, you also must have these IAM permissions:\n - `compute.networks.list`\n - `compute.addresses.create`\n - `compute.addresses.list`\n - `servicenetworking.services.addPeering`\n\n\u003cbr /\u003e\n\nCreate VPC IP address ranges\n----------------------------\n\n### Console\n\n1. Go to the VPC networks page.\n\n [Go to VPC networks](https://console.cloud.google.com/networking/networks/list)\n2. Select the project where AlloyDB and the\n VPC network reside.\n\n3. Click the name of VPC network that you want to use for private\n services access.\n\n | **Note:** The default VPC network is created for most consumer projects, and is best suited if you're beginning your experimentation with AlloyDB.\n4. On the **VPC network details** page, scroll through the list of tabs to\n the **Private service access** tab and then click it.\n\n5. In the **Private service access** tab, click the **Allocated IP\n ranges for services** tab.\n\n6. Click **Allocate IP range**.\n\n7. In the **Name** and **Description** fields, enter a name and a\n description for the allocated range.\n\n8. Specify an **IP range** value for the allocation:\n\n - To specify an IP address range, click **Custom** , and then enter a CIDR\n block, such as `192.168.0.0/16`.\n\n To provide sufficient address space for AlloyDB,\n we recommend a prefix length of `16` or less.\n - To specify a prefix length and let Google select an available range,\n follow these steps:\n\n 1. Click **Automatic**.\n\n 2. Enter a prefix length as a plain number, such as `16`.\n\n9. Click **Allocate** to create the allocated range.\n\n10. In the **Private service access** tab, click the **Private\n connections to services** tab.\n\n11. Click **Create connection** to create a private connection between your\n network and a service producer.\n\n12. Make sure that Google Cloud Platform is the\n **Connected service producer**.\n\n13. For the **Assigned allocation**, select the allocated IP range you\n created earlier.\n\n14. Click **Connect** to create the connection.\n\n### gcloud\n\n\nTo use the gcloud CLI, you can\n[install and initialize](/sdk/docs/install) the Google Cloud CLI, or you\ncan use [Cloud Shell](/shell/docs/using-cloud-shell).\n\n\u003cbr /\u003e\n\n1. Use the [`gcloud config set`](/sdk/gcloud/reference/config/set)\n command to set the default project\n to the one where AlloyDB and the VPC\n network reside.\n\n gcloud config set project \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the ID of the project where\n AlloyDB and the VPC network reside.\n2. Use the [`gcloud compute addresses create`](/sdk/gcloud/reference/compute/addresses/create) command to create an\n allocated IP\n address range.\n\n To provide sufficient address space for AlloyDB, we\n recommend a prefix length of `16` or less.\n - To specify an address range and a prefix length (subnet mask), use the\n `--addresses` and `--prefix-length` flags. For example, to allocate the CIDR\n block `192.168.0.0/16`, specify `192.168.0.0` for the address and `16` for\n the prefix length.\n\n gcloud compute addresses create \u003cvar translate=\"no\"\u003eRESERVED_RANGE_NAME\u003c/var\u003e \\\n --global \\\n --purpose=VPC_PEERING \\\n --addresses=192.168.0.0 \\\n --prefix-length=16 \\\n --description=\"\u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e\" \\\n --network=\u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eRESERVED_RANGE_NAME\u003c/var\u003e: a name for the allocated range,\n such as `my-allocated-range`\n\n - \u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e: a description for the range, such as\n `allocated for my-service`\n\n - \u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e: the name of your VPC\n network, such as `my-vpc-network`. In case of Shared VPC network, set to the fully qualified path of the VPC network---for example,\n `projects/cymbal-project/global/networks/shared-vpc-network`.\n\n - To specify only a prefix length (subnet mask), use the\n `--prefix-length` flag. When you omit the address range,\n Google Cloud automatically selects an unused address range in\n your VPC network.\n\n The following example selects an unused\n IP address range with a `16` bit prefix length: \n\n gcloud compute addresses create \u003cvar translate=\"no\"\u003eRESERVED_RANGE_NAME\u003c/var\u003e \\\n --global \\\n --purpose=VPC_PEERING \\\n --prefix-length=16 \\\n --description=\"\u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e\" \\\n --network=\u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e\n\n The following example creates a private connection to Google so that the VM\n instances in the `default` VPC network can use private\n services access to reach Google services that support it. \n\n gcloud compute addresses create google-managed-services-default \\\n --global \\\n --purpose=VPC_PEERING \\\n --prefix-length=16 \\\n --description=\"peering range for Google\" \\\n --network=default\n\n3. Use the [`gcloud services vpc-peerings connect`](/sdk/gcloud/reference/services/vpc-peerings/connect)\n command to create a private\n connection.\n\n gcloud services vpc-peerings connect \\\n --service=servicenetworking.googleapis.com \\\n --ranges=\u003cvar translate=\"no\"\u003eRESERVED_RANGE_NAME\u003c/var\u003e \\\n --network=\u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eRESERVED_RANGE_NAME\u003c/var\u003e: the name of the allocated IP\n address range you created\n\n - \u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e: the name of your VPC\n network\n\n The command initiates a long-running operation, returning an operation name.\n4. Check whether the operation was successful.\n\n gcloud services vpc-peerings operations describe\n --name=\u003cvar translate=\"no\"\u003eOPERATION_NAME\u003c/var\u003e\n\n Replace \u003cvar translate=\"no\"\u003eOPERATION_NAME\u003c/var\u003e with the operation name that was\n returned from the previous step.\n\nWhat's Next\n-----------\n\n- [Create a cluster and its primary instance.](/alloydb/docs/cluster-create)"]]