(Optional) Configure your reporting to use Virtual Private Cloud (VPC)

Optionally, if you want to use Virtual Private Cloud (VPC) in the environment in which your product's service runs, you must complete the following steps to integrate Google Cloud Marketplace reporting with VPC. By default, the Compute Engine virtual machines (VMs) in your VPC can only communicate internally. You must configure one of the VMs to communicate externally, so that the rest of the VMs in your VPC can use it for reporting.

Before you begin

• Set up your preferred implementation of VPC in your service environment. For steps to set up VPC, visit Create and modify Virtual Private Cloud (VPC) networks.
• Ensure that you have the Compute Network Admin Identity and Access Management (IAM) role for your Google Cloud project.

Set up Private Google Access

To enable your product's Compute Engine virtual machines (VMs) to communicate externally for reporting purposes, you must set up Private Google Access. For more information about configuring Private Google Access, refer to Configuring Private Google Access.

1. Enable Private Google Access for your service environment.

2. Configure DNS to resolve requests to private.googleapis.com.

3. Create a custom route for Google APIs:

   • For Name, specify route-google-apis-services.
   • For Network, select your VPC.
   • For Destination IP range, specify 199.36.153.8/30.
   • For Priority, specify 0.
   • For Instance tags, specify google-apis-services.
   • For Next hop, select Default internet gateway.

4. Create a VPC firewall rule to enable your product to communicate with Google APIs:

   • For the Name, specify google-apis-services.
   • For the Description, specify Allow egress traffic to Google APIs and services.
   • Enable firewall rules logging.
   • For Network, select your VPC.
   • For Direction of traffic, select Egress.
   • For the Action on match, select Allow.
   • For Targets, select Specified target tags, and then for Target tags, specify google-apis-services.
   • For the Destination filter, select IPv4 ranges, and for the Destination IPv4 ranges, specify 199.36.153.8/30.
   • For Protocols and ports, select Allow all.

5. In Google Cloud console, select the VM you want to use to report your product's usage. Under Network tags, add google-apis-services, and click SAVE.

6. Under Network interfaces, locate your VPC's network interface.

7. In the Subnetwork column, click the subnet link. From the Subnet details page, click Edit, and set Private Google Access to On.

8. Click Save.