google-compute-engine"/>
  • 9
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I am trying to access my VM instances with NO external IP and by security purposes I don't want to open ports or allow SSH policies.

There are solutions in AWS like 'Session Manager', there is something like this in Google Cloud Platform?

Google provides Cloud Identity-Aware Proxy (IAP) that allows you to connect to your VM instance that doesn't have an external IP:

With TCP forwarding, IAP can protect SSH and RDP access to your VMs hosted on Google Cloud. Your VM instances don't even need public IP addresses.

Have a look at the article Cloud IAP enables context-aware access to VMs via SSH and RDP without bastion hosts first. More details you can find in the documentation Enabling IAP for Compute Engine and Using IAP for TCP forwarding.

I've tried to follow documentation on my test project, you can find my steps below:

  1. create VM instance without external IP:

    gcloud compute instances create instance-1 --zone=us-central1-a --machine-type=e2-medium --subnet=default --no-address --maintenance-policy=MIGRATE --image=ubuntu-1804-bionic-v20200610 --image-project=ubuntu-os-cloud
    
  2. go to Security -> Identity-Aware Proxy and enable Identity-Aware Proxy API.

  3. configure GCP Firewall to enable inbound traffic from Cloud IAP:

    gcloud compute firewall-rules create allow-ssh-ingress-from-iap --direction=INGRESS --action=allow --rules=tcp:22 --source-ranges=35.235.240.0/20
    
  4. connect to VM instance via IAP tunnel:

    $ gcloud compute ssh instance-1 --tunnel-through-iap --zone=us-central1-a
    Warning: Permanently added 'compute.3924477895872840881' (ECDSA) to the list of known hosts.
    Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 5.3.0-1026-gcp x86_64)
    ...
    instance-1:~$
    

In addition, have a look at the 3rd party video tutorial.

  • 1
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags