VPC — Virtual Private Cloud
The private network that glues your GCP resources together: subnets, firewall rules, routes, and how your Cloud Run or VM talks to your Cloud SQL without going through the internet.
A is your own private network inside Google's data centers. Think of it like the internal wiring of an office building: rooms (subnets), doors with locks (firewall rules), and corridors (routes) between them.
Every GCP resource that has a network presence (a VM, a Cloud SQL instance, a service with VPC connector, a load balancer) lives inside a VPC. By default, each new project gets a 'default' VPC pre-configured, which is fine for starting out.
Why it matters: if your Cloud Run talks to your Cloud SQL over public IP, the traffic leaves Google's network, comes back, and you pay for the round-trip. If both live in the same VPC, traffic stays inside Google's backbone — faster, free, and safer.
are ingress/egress filters on a VPC: 'allow TCP 443 from the internet', 'allow TCP 5432 only from Cloud Run subnet to the DB'. They're stateful (the return traffic is automatic) and can target specific tags or service accounts.
Comparison: GCP VPC = AWS VPC = Azure VNet. Same concept. One notable GCP quirk: a VPC is global by default (spans all regions), while AWS VPCs are regional.
Grounded on https://cloud.google.com/vpc/docs/overview
Next up
BigQuery — Serverless analytics warehouse
A serverless SQL data warehouse. Load billions of rows, run analytical queries in seconds, pay per byte scanned. Not a transactional database.