Skip to content

Instantly share code, notes, and snippets.

@brokeyourbike

brokeyourbike/cloud-functions-static-outbound-ip.md

Last active April 21, 2024 00:50
Show Gist options
  • Save brokeyourbike/ee7c5ede900da6f31ced9fe587e0c706 to your computer and use it in GitHub Desktop.
Save brokeyourbike/ee7c5ede900da6f31ced9fe587e0c706 to your computer and use it in GitHub Desktop.
Download ZIP
Cloud functions static outbound IP address
Raw
cloud-functions-static-outbound-ip.md

Cloud functions static outbound IP address

The guide inspired by Static outbound IP address for Cloud Run.

1. Find the name of your VPC network:

gcloud compute networks list

You should see output like the following:

NAME     SUBNET_MODE  BGP_ROUTING_MODE
default  AUTO         REGIONAL

Identify the network you attached to your Serverless VPC Access connector.

2. Create a new Cloud Router to program a NAT gateway:

gcloud compute routers create ROUTER_NAME \
  --network=NETWORK_NAME \
  --region=REGION

In the command above, replace:

  • ROUTER_NAME with a name for the Cloud Router resource you want to create.
  • NETWORK_NAME with the name of the VPC network you found in step 1.
  • REGION with the region in which you want to create a NAT gateway.

3. Reserve a static IP address. A reserved IP address resource retains the underlying IP address when the resource it is associated with is deleted and re-created:

gcloud compute addresses create ORIGIN_IP_NAME --region=REGION

In the command above, replace:

  • ORIGIN_IP_NAME with the name you want to assign to the IP address resource.
  • REGION with the region that will run the Cloud NAT router. Ideally the same region as your Cloud Functions to minimize latency and network costs.

4. Create a Cloud NAT gateway configuration on this router to route the traffic originating from the VPC network using the static IP address you created:

gcloud compute routers nats create NAT_NAME \
  --router=ROUTER_NAME \
  --region=REGION \
  --nat-all-subnet-ip-ranges \
  --nat-external-ip-pool=ORIGIN_IP_NAME

In the command above, replace:

  • NAT_NAME with a name for the Cloud NAT gateway resource you want to create.
  • ROUTER_NAME with the name of your Cloud Router.
  • REGION with the region in which you want to create a NAT gateway.
  • ORIGIN_IP_NAME with the name of the reserved IP address resource you created in the previous step.

5. Create connector using this guide: Creating a connector.

6. Use your connector in functions.

const functions = require('firebase-functions')
const fetch = require('node-fetch')

exports.helloWorld = functions
  .runWith({
    vpcConnector: 'CONNECTOR_NAME',
    vpcConnectorEgressSettings: 'ALL_TRAFFIC'
  })
  .https.onRequest(async (request, response) => {
    try {
      const result = await fetch('https://api.ipify.org?format=json')
      const json = await result.json()
      return response.json(json)
    } catch (e) {
      return response.send('Can not fetch the IP')
    }
  })

In the command above, replace:

@brokeyourbike
Copy link
Author

@brokeyourbike How we assign static ip in cloud-function ?

Well, this guide should give you a hint, but the general idea is to route the traffic from cloud functions through the NAT, and NAT has a static IP

@SaimMohanish
Copy link

I have designed a Firebase Cloud Function in Node.js where I am using PhonePe for payment. However, they have stated that they require a static IP address for whitelisting. Can I utilize the above solution and share the static IP with them?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment