How to Setup Shared VPC on GCP

Setting up a Shared VPC in Google Cloud Platform (GCP) allows you to centrally manage network resources and share them across multiple projects. It is very useful to cut cost as network pricing can be very pricy.

1. Prerequisites

Having two project on the same organization. You cannot setup shared VPC on non organization projects
Billing account: Ensure you have a billing account set up in GCP for both projects.
Host project: Decide which project will act as the host project. This project will contain the Shared VPC's network resources.
Service projects: Decide which projects will act as service projects that will use the Shared VPC resources.
Roles and permissions: Assign appropriate IAM roles to users or service accounts. Common roles include:
- Organization Administrator
- Compute Shared VPC Admin
- Compute Network Admin

2. Create or Identify the Host Project and Service Project

On the GCP Console, choose an a project to be the host project.
Enable the Compute Engine API in the host project, just search for "Compute Engine API" on the navbar then cenable it.
Do the same on the service project.

3. Create a VPC Network in the Host Project

Go to VPC networks in the host project.
Click Create VPC network as needed or we can still use default network.

4. Enable Shared VPC on the Host Project and attach Service Project

Go to VPC Network > Shared VPC.
Then Set up Shared VPC.
Under Attached Projects, attach the service projects.
Under Subnet Access, you can add additional access to other principal. By default your principal Service Project is already added.
Confirm the addition.

5. Test the Setup

In the service projects, ensure the users or service accounts can create resources like VMs using the subnets from the Shared VPC.
Validate that network policies, like firewalls, apply as expected.