'Unable to create Serverless VPC Access Connector when using SharedVPC

Background:

  • I have a Shared VPC project called SharedVPC with a network network01 and a subnet serverless-subnet01: 10.200.12.0/28
  • The Shared VPC Project shares its networks and subnets with another project project1
  • Nothing else is using serverless-subnet01
  • All resources in both projects are in us-central1
  • I have the owner role in both projects
  • vpcaccess.googleapis.com is enabled in project1

The issue:

I want to create a Serverless VPC Access Connector in project1 using network01 and serverless-subnet01, but when trying to follow the documentation to create a connector, the following error occurs after clicking "create" with us-central1 as the region, network01 as the network, and serverless-subnet01 as the subnet:

Operation failed: VPC Access did not have permission to resolve the subnet or the provided subnet does not exist.

I have attempted to apply the troubleshooting steps in the documentation, with the following results:

  1. There is no such account with a name like [email protected] or the role of roles/vpcaccess.serviceAgent in either project1 or SharedVPC Edit: there is an account in SharedVPC with the name service-SharedVPC_PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com, but it is only visible through gcloud commands and adding the appropriate roles to it does not fix the issue.
  2. No network overlaps with serverless-subnet-01,
  3. There are no firewall rules with a priority over 1000 that denies ingress
google-cloud-platform


Solution 1:[1]

The solution was that there was a vpc access service account for project1, but it was only visible through gcloud commands rather than the console. This account needs the roles/vpcaccess.serviceAgent role in the shared vpc project in order to access the subnet.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Hope Church

Related Questions

How to use use Firestore document field's HashMap key value and populate recyclerview?

how to keep GKE cluster nodes in different regions?

Google Cloud TTS API for M1 Mac

Is it possible to render a video from AfterEffects in a Google Collaboratory notebook?

Allow-IAP Firewall Rule created in default VPC in GCP getting reflected in other VPC as well

Attribute Error when importing SpeechClient from google.cloud.speech

GCP Cost billing data

What is the difference between gcloud and gsutil?

Volume not persistent in Google Cloud

Permission Denied when trying to write on a TPU VM foler

Google Cloud Free Tier will start charging for static or ephemeral IP Address?

How to create a empty folder in google storage(bucket) using gsutil command?

How can size of the root disk in Google Compute Engine be increased?

Cannot switch Firestore from Datastore to native mode on GCP

action console simulator is not working and I cannot release my project