VPC subnet ‘Private Google Access’ should be enabled


Enabling “Private Google Access” for VPC subnets allows virtual machines to connect to the external IP addresses used by Google APIs and services.

Remediation Steps

Google Cloud Console

  • Navigate to VPC networks.

  • Select your VPC.

  • Select the Subnet and click Edit.

  • In Private Google Access, select On and click Save.

gcloud CLI

  • To enable Private Google access for a VPC subnet:

gcloud compute networks subnets update SUBNET_NAME \
--region=REGION \


Example Configuration

resource "google_compute_subnetwork" "subnet-with-logging" {
  name          = "log-test-subnetwork"
  ip_cidr_range = ""
  region        = "us-central1"
  network       = google_compute_network.custom-test.id
  private_ip_google_access= true

resource "google_compute_network" "custom-test" {
  name                    = "log-test-network"
  auto_create_subnetworks = false