I deployed Cloud Functions to asia-northeast1. I wrote the following code in Node.js and ran a test. The IP address included in the response was 107.178.234.95, which makes it appear as if it is being executed from the United States.
const response = await axios.get('https://api.ipify.org?format=json');
console.log(response.data.ip);
The reason I am investigating this is that requests sent from Cloud Functions to AWS CloudFront, which has geographical restrictions to allow access only from Japan, are being blocked with a 403 error. The specific error message was, "The Amazon CloudFront distribution is configured to block access from your country."
How can I ensure that the IP address used by Cloud Functions is from asia-northeast1 (Tokyo)?
Solved! Go to Solution.
Hello ,
Welcome to Google Cloud Community!
I could understand from your question above that the function is deployed in asia-northeast1, however the endpoint IP seen is from a US IP address. Please note that Google's network tries to route requests into the global Google network as early as possible, so when it is seen from outside ,the endpoint from a US-based IP, they will see a US-based IP address. Also as the deploying and serving region is asia-northeast1 requests will still be served by the function in asia-northeast1.
Also as you mentioned that you need to restrict specific geographical restrictions to allow access only from Japan you may achieve this requirement by creating a static external IP address in the same region. To achieve this you may check this document which shows how to reserve IP address to a cloud function.
If you have any other questions or concerns about your issue, please do not hesitate to reply back here.
Hello ,
Welcome to Google Cloud Community!
I could understand from your question above that the function is deployed in asia-northeast1, however the endpoint IP seen is from a US IP address. Please note that Google's network tries to route requests into the global Google network as early as possible, so when it is seen from outside ,the endpoint from a US-based IP, they will see a US-based IP address. Also as the deploying and serving region is asia-northeast1 requests will still be served by the function in asia-northeast1.
Also as you mentioned that you need to restrict specific geographical restrictions to allow access only from Japan you may achieve this requirement by creating a static external IP address in the same region. To achieve this you may check this document which shows how to reserve IP address to a cloud function.
If you have any other questions or concerns about your issue, please do not hesitate to reply back here.
okey, thank you for your reply!
I'll take a look at the document