When creating a Network Endpoint Group I need to specify network endpoint(s). For these, I can select my VM instance and specify the Primary (Internal) IP address.
I can then select this NEG as the backend of a Global HTTPS Load Balancer.
How is it possible for a globally distributed load balancer to forward traffic to a VM that does not have an external IP?
If I create an internal load balancer, the load balancer is deployed to a subnet within the same VPC, so it has line of sight to my instance, but the Global HTTPS load balancer is not in my VPC.