VPC Networks - Controlling Access

VPC Networks - Controlling Access

Overview

In the real-world you need to protect sensitive data and ensure the continued availability of your web applications at all times. Learn how to use the Google Cloud VPC network to create a more secure, scalable, and manageable web server deployment within your Google Cloud environment.

In this lab, you create two nginx web servers on the default VPC network and control external HTTP access to the web servers using tagged firewall rules. Then, you explore IAM roles and service accounts.

  • Two web servers gives you redundancy - if one web server fails, the other can continue serving web traffic, preventing downtime.

  • Tagged firewall rules provide granular control over which traffic is allowed to reach specific web servers.

  • By assigning a service account permission to perform tasks, you're upholding the principal of least priviledge, keeping your Cloud resources safe.


export ZONE=

#Set the PROJECT_ID variable to the current Google Cloud project
export PROJECT_ID=$(gcloud config get-value project)

#Creating Blue server
gcloud compute instances create blue \
  --zone=$ZONE \
  --machine-type=e2-medium \
  --tags=web-server

#Creating Green server
gcloud compute instances create green \
  --zone=$ZONE \
  --machine-type=e2-medium 

#Creating firewall rules
gcloud compute firewall-rules create allow-http-web-server \
  --network=default \
  --action=ALLOW \
  --direction=INGRESS \
  --source-ranges=0.0.0.0/0 \
  --target-tags=web-server \
  --rules=tcp:80,icmp

#Creating test-vm
gcloud compute instances create test-vm --machine-type=e2-micro --subnet=default --zone=$ZONE


----------------------------------------------------------------------------------------------------------------------------------------------------


gcloud iam service-accounts keys create key.json --iam-account=network-admin@$PROJECT_ID.iam.gserviceaccount.com
gcloud compute ssh blue --zone=$ZONE --quiet

---------------------------------------------------------------------------------------------------------------------------------------------------------


sudo apt-get install nginx-light -y
sudo sed -i 's#<h1>Welcome to nginx!</h1>#<h1>Welcome to the blue server!</h1>#' /var/www/html/index.nginx-debian.html
cat /var/www/html/index.nginx-debian.html
exit

---------------------------------------------------------------------------------------------------------------------------------------------------------


gcloud beta compute ssh green --zone=$ZONE --quiet

---------------------------------------------------------------------------------------------------------------------------------------------------------


sudo apt-get install nginx-light -y
sudo sed -i 's#<h1>Welcome to nginx!</h1>#<h1>Welcome to the Green server!</h1>#' /var/www/html/index.nginx-debian.html
cat /var/www/html/index.nginx-debian.html