This page applies toApigee, but not toApigee hybrid.

View Apigee Edge documentation.

What you're doing in this step

In this step, you can choose to expose your new Apigee instance to external requests or keepit private (and only allow requests from within the firewall).

1. SelectExternal Access orInternal Access:

External Access

This section describes how to configure routing from the Cloud Console when you want to allowexternal access to your API proxy.

Permissions required for this task

You can give the Apigee provisioner a predefined role that includes the permissions needed to complete this task, or give more fine-grained permissions to provide the least privilege necessary. SeePredefined roles andAccess routing permissions.

To configure routing for external access in the Cloud console:

1. ClickcreateEdit to open theConfigure access panel.
2. SelectEnable internet access.

   Choose one of the following options in theDomain Type section:

   • Automatically generated domain, subnetwork and SSL certificates: Choose this option to use the nip.io wildcard DNS service, and a Google managed certificate to secure your domain. Apigee automatically creates an L7 global external load balancer to forward traffic to your runtime.
   • Customize: Choose this option if you want to customize your domain name, SSL certificate, or subnetwork. Apigee automatically creates an L7 global external load balancer to forward traffic to your runtime. You can select or deselect any of the following options to enter custom details:
     • Domain: Optional. Enter the custom domain name.
     • Network: Optional. Select an available network name from the dropdown menu.
     • Subnetwork: Optional. Select an available subnetwork name from the dropdown menu. The subnetwork selected should be in the same region as the runtime instance.
     • SSL Certificate: Optional. Select an existing self-managed certificate or provide a new self-managed certificate.

       To select an existing certificate:

       1. Browse the file system and select the certificate you wish to use.
       2. ClickSave SSL.

       To provide a new certificate:

       1. ClickAdd new.
       2. In the respective fields, browse your file system and attach the files containing the certificate and private key. Both should be PEM-formatted.
       3. ClickSave SSL.
3. ClickSet access.

   Apigee prepares your instance for external access. This includes creating firewall rules, uploading certificates, and creating a load balancer.

   This process can take several minutes.

Internal Access

This section describes how to configure routing when you're using the Cloud Console and youdo not want to allow external access to your API proxy. Instead, you want to limit access tointernal requests only that originate from within the VPC.

To configure routing for internal access in the Cloud Console:

1. ClickcreateEdit to open theConfigure access panel.

2. SelectNo internet access.

3. ClickSet access.
2. ClickNext.

3. ClickSubmit to begin the provisioning process.

   The provisioning process may take up to 40 minutes to complete. If you want to leave the page while provisioning is in progress, a notification will appear innotificationsNotifications in the Cloud console when the operation completes.

   Once provisioning is complete, theApigee Overview page will appear and you can begin exploring Apigee!