If you require complex or custom routing, and have Infrastructure-as-Code for your deployments already, this is where you will find the key information. Terraform practitioners pick this option.
For a 5-minute deployment, assuming secure defaults, from within the marketplace console itself. This will totally lock down your VPC from the get-go unless appropriate FQDN-based egress firewall rules exist for outbound connections, and VMs needing to bypass discrimiNAT completely are network-tagged with
The various ways GCP-native Firewall Rules can be annotated with appropriate FQDN allowlists and traffic monitoring rules after deployment of discrimiNAT.
Fields, filters and recipes to find what you need from discrimiNAT’s config and flow logs in GCP.
Pertaining to the Quick Start only. If you go down the DIY route, the architecture will be as per your design.
A discrimiNAT firewall becomes the NAT solution for your VPC, making the use or presence of other NAT gateways redundant.
The discrimiNAT firewall is listed on the Google Cloud Marketplace. The architecture discussed above is available as a Deployment Manager template to launch on subsequent steps from the marketplace subscription.