PROFESSIONAL-CLOUD-DEVELOPER · Question #338
Your team plans to use AlloyDB as their database backend for an upcoming application release. Your application is currently hosted in a different project and network than the AlloyDB instances. You ne
The correct answer is A. Provision a Shared VPC project where both the application project and the AlloyDB project are. Shared VPC (formerly XPN) allows multiple projects to share a single VPC network while maintaining separate project boundaries-billing, IAM, and resources remain isolated per project. The application project and AlloyDB project both participate in the shared VPC, so the applicati
Question
Your team plans to use AlloyDB as their database backend for an upcoming application release. Your application is currently hosted in a different project and network than the AlloyDB instances. You need to securely connect your application to the AlloyDB instance while keeping the projects isolated. You want to minimize additional operations and follow Google-recommended practices. How should you configure the network for database connectivity?
Options
- AProvision a Shared VPC project where both the application project and the AlloyDB project are
- BUse AlloyDB Auth Proxy and configure the application project's firewall to allow connections to
- CProvision a service account from the AlloyDB project. Use this service account's JSON key file as
- DAsk the database team to provision AlloyDB databases in the same project and network as the
How the community answered
(28 responses)- A82% (23)
- B11% (3)
- D7% (2)
Explanation
Shared VPC (formerly XPN) allows multiple projects to share a single VPC network while maintaining separate project boundaries-billing, IAM, and resources remain isolated per project. The application project and AlloyDB project both participate in the shared VPC, so the application can reach AlloyDB using private IP addresses without traversing the public internet, and without requiring VPC peering setup or additional NAT/proxy components. This is the Google-recommended pattern for cross-project private connectivity. Option B (AlloyDB Auth Proxy) still requires network-level connectivity to work. Option C (JSON key file) is a security anti-pattern Google explicitly discourages. Option D violates the requirement to keep projects isolated.
Topics
Community Discussion
No community discussion yet for this question.