Reputation: 67
What is the IP range(s) of Google pub/sub?
I have a Google pub/sub subscription that pushes messages for a topic to an AppEngine standard service endpoint.
I want to restrict access to the AppEngine standard service to user IPs and still allow for messages coming from Google Pub/sub.
In the AppEngine firewall, the only option is to allow certain IP ranges.
What is the IP range(s) of Google pub/sub?
Upvotes: 0
Views: 2950
Answers (1)
Reputation: 1572
I've noticed that all the IP requests from Pub/Sub push subscriptions are coming from 2002:axx:xxxx::. As per IETF RFC 3056, 2002::: is an 6to4 range. 2002:axx:xxxx::, then, is translated to 10.XXX.XXX.XXX, which is an range reserved for the internal networking in this case used by Google.
Note: that other services apart from Pub/Sub might [at some point] use range 2002:a00::/24, 10.XXX.XXX.XXX. For example App Engine Flexible. If requests from Flexible are not describable in this particular project then you will have block it and give it a higher priority.
In the end your Firewall entries:
10 Allow 2002:a00::/24 Pub/Sub
default Deny * The default action.
Also, there is an issue created about it in Google's issue-tracker.
Upvotes: 1
Related Questions
- Acces Google Pub/Sub from outside of GCP
- Is GCP pub/sub region specific?
- What are the outbound IP ranges for GCP managed Cloud Run?
- Google Pub/Sub API limits
- what's google cloud pub/sub latency
- Google API : live server firewall ip address ranges
- Google App Engine - list of IP addresses?
- Google Pub/Sub access rights
- ip address range of google notification servers google-cloud-storage
- What are the IP ranges for GCE zones?