Skip to content

Instantly share code, notes, and snippets.

@brokeyourbike
Last active April 21, 2024 00:50
Show Gist options
  • Save brokeyourbike/ee7c5ede900da6f31ced9fe587e0c706 to your computer and use it in GitHub Desktop.
Save brokeyourbike/ee7c5ede900da6f31ced9fe587e0c706 to your computer and use it in GitHub Desktop.
Cloud functions static outbound IP address

Cloud functions static outbound IP address

The guide inspired by Static outbound IP address for Cloud Run.

1. Find the name of your VPC network:

gcloud compute networks list

You should see output like the following:

NAME     SUBNET_MODE  BGP_ROUTING_MODE
default  AUTO         REGIONAL

Identify the network you attached to your Serverless VPC Access connector.

2. Create a new Cloud Router to program a NAT gateway:

gcloud compute routers create ROUTER_NAME \
  --network=NETWORK_NAME \
  --region=REGION

In the command above, replace:

  • ROUTER_NAME with a name for the Cloud Router resource you want to create.
  • NETWORK_NAME with the name of the VPC network you found in step 1.
  • REGION with the region in which you want to create a NAT gateway.

3. Reserve a static IP address. A reserved IP address resource retains the underlying IP address when the resource it is associated with is deleted and re-created:

gcloud compute addresses create ORIGIN_IP_NAME --region=REGION

In the command above, replace:

  • ORIGIN_IP_NAME with the name you want to assign to the IP address resource.
  • REGION with the region that will run the Cloud NAT router. Ideally the same region as your Cloud Functions to minimize latency and network costs.

4. Create a Cloud NAT gateway configuration on this router to route the traffic originating from the VPC network using the static IP address you created:

gcloud compute routers nats create NAT_NAME \
  --router=ROUTER_NAME \
  --region=REGION \
  --nat-all-subnet-ip-ranges \
  --nat-external-ip-pool=ORIGIN_IP_NAME

In the command above, replace:

  • NAT_NAME with a name for the Cloud NAT gateway resource you want to create.
  • ROUTER_NAME with the name of your Cloud Router.
  • REGION with the region in which you want to create a NAT gateway.
  • ORIGIN_IP_NAME with the name of the reserved IP address resource you created in the previous step.

5. Create connector using this guide: Creating a connector.

6. Use your connector in functions.

const functions = require('firebase-functions')
const fetch = require('node-fetch')

exports.helloWorld = functions
  .runWith({
    vpcConnector: 'CONNECTOR_NAME',
    vpcConnectorEgressSettings: 'ALL_TRAFFIC'
  })
  .https.onRequest(async (request, response) => {
    try {
      const result = await fetch('https://api.ipify.org?format=json')
      const json = await result.json()
      return response.json(json)
    } catch (e) {
      return response.send('Can not fetch the IP')
    }
  })

In the command above, replace:

@SaimMohanish
Copy link

I have designed a Firebase Cloud Function in Node.js where I am using PhonePe for payment. However, they have stated that they require a static IP address for whitelisting. Can I utilize the above solution and share the static IP with them?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment