使用 SharedVPC 时无法创建无服务器 VPC 访问连接器

Question

Background:

• I have a Shared VPC project called SharedVPC with a.network network01 and a su.net serverless-su.net01: 10.200.12.0/28
• The Shared VPC Project shares its.networks and su.nets with another project project1
• Nothing else is using serverless-su.net01
• All resources in both projects are in us-central1
• I have the owner role in both projects
• vpcaccess.googleapis.com is enabled in project1

The issue:

I want to create a Serverless VPC Access Connector in project1 using network01 and serverless-su.net01 , but when trying to follow the documentation to create a connector, the following error occurs after clicking "create" with us-central1 as the region, network01 as the.network, and serverless-su.net01 as the su.net:

Operation failed: VPC Access did not have permission to resolve the subnet or the provided subnet does not exist.

I have attempted to apply the troubleshooting steps in the documentation, with the following results:

1. There is no such account with a name like service-PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com or the role of roles/vpcaccess.serviceAgent in either project1 or SharedVPC Edit: there is an account in SharedVPC with the name service-SharedVPC_PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com , but it is only visible through gcloud commands and adding the appropriate roles to it does not fix the issue.
2. No.network overlaps with serverless-su.net-01 ,
3. There are no firewall rules with a priority over 1000 that denies ingress

Answer 1

The solution was that there was a vpc access service account for project1 , but it was only visible through gcloud commands rather than the console. This account needs the roles/vpcaccess.serviceAgent role in the shared vpc project in order to access the su.net.