Access gcp instance in another project

Question

How to access instance in a different project without using external IP

I have two projects, say A and B, and I want to ssh from a instance in project-A to a instance in project-B.

What I found is that I was able to ping the instance in B using its eternal IP from the instance in A, not its internal IP. After I add my public key to the instance in B, I was able to ssh to it using its eternal IP from the instance in A(I have my private key here).

I wonder if I can access project B instance from, project A instance without going through external IP as it will go out of the GCP and comes back. Is there a way that I could do this internally?

Both project A and B are under the same gcp account.

Answer 1

As I understand it, your could create a shared VPC and have your Compute Engines in your distinct projects have network interfaces to this shared VPC. They would then be able to access each other directly. For full details on shared VPC, see GCP Shared VPC.

Another solution would be to use GCP VPC Peering which allows two distinct but NOT overlapping networks to connect to each other using the GCP VPC Peering capabilities.

There is so much to say about these concepts it doesn't seem to make sense repeating that here. I encourage you to read the docs in the links above and post new specific questions as needed.

Answer 2

Google VPC's use RFC 1918 IP addresses. These addresses are not routable across the Internet. VPC's can use the same address range in more than one VPC.

If your VPCs are not using overlapping IP addresses, you can enable VPC Network Peering to connect the two VPCs together. You can then use private IP addresses to access resources in each VPC subnet.

Google VPC Network Peering