Setting Up a Serverless NEG with API Gateway on GCP
This guide explains how to create a Serverless Network Endpoint Group (NEG) backed by a GCP API Gateway and associate it with a backend service for use with an External HTTP(S) Load Balancer.
Why the GCP Console Won't Work
When creating a NEG through the GCP Console, the API Gateway platform option is not available in the UI. The Console only exposes Cloud Run, Cloud Functions, and App Engine as serverless deployment platforms.
You must use the gcloud CLI to create an API Gateway NEG.
Running the Commands
You can run all commands below either locally or directly in GCP Cloud Shell — no local installation required.
To open Cloud Shell, click the Activate Cloud Shell button (>_) in the top-right corner of the GCP Console. gcloud beta is already available in Cloud Shell.
Prerequisites
- An existing API Gateway already deployed in your project
- The Gateway name of your gateway (found in GCP Console → API Gateway → Gateways → Name column)
- If running locally:
gcloudCLI installed and authenticated, with thegcloud betacomponent available (gcloud components install beta)
Step 1 — Create the Serverless NEG
The standard gcloud compute command does not support --serverless-deployment-platform yet. You must use gcloud beta.
The platform value must be apigateway.googleapis.com — using just apigateway will fail.
gcloud beta compute network-endpoint-groups create api-gateway-serverless-neg \
--project=YOUR_PROJECT \
--region=YOUR_REGION \
--network-endpoint-type=serverless \
--serverless-deployment-platform=apigateway.googleapis.com \
--serverless-deployment-resource=YOUR_GATEWAY_NAME
Parameters:
| Parameter | Description |
|---|---|
YOUR_PROJECT |
Your GCP project ID |
YOUR_REGION |
Region where the API Gateway is deployed (e.g., europe-west1) |
YOUR_GATEWAY_NAME |
The gateway name from GCP Console → API Gateway → Gateways → Name column (e.g., external-api-gateway) |
Step 2 — Create the Backend Service
gcloud compute backend-services create api-gateway-backend \
--project=dingoo-fleet-prod \
--global \
--load-balancing-scheme=EXTERNAL
Important: The protocol must be set to
HTTPS. The default isHTTP, which will not work correctly for API Gateway backends.
Step 3 — Add the NEG to the Backend Service
gcloud compute backend-services add-backend api-gateway-backend \
--project=YOUR_PROJECT \
--global \
--network-endpoint-group=api-gateway-serverless-neg \
--network-endpoint-group-region=YOUR_REGION
Step 4 — Verify
Confirm the NEG was created correctly:
gcloud beta compute network-endpoint-groups describe api-gateway-serverless-neg \
--project=YOUR_PROJECT \
--region=YOUR_REGION
Confirm the backend service has the NEG attached:
Common Errors
| Error | Cause | Fix |
|---|---|---|
Invalid value for --serverless-deployment-platform |
Used apigateway instead of apigateway.googleapis.com |
Use the full domain as the platform value |
API Gateway NEG type not available |
Attempted via GCP Console | Use gcloud beta CLI |
--serverless-deployment-platform: unrecognized arguments |
Used gcloud compute instead of gcloud beta compute |
Prefix the command with gcloud beta |
Backend returning 502 Bad Gateway |
Backend service protocol set to HTTP |
Recreate the backend service with --protocol=HTTPS |