Build and Secure Networks in Google Cloud - Challenge Lab - GSP322

Let's start with defining some variables given by Cloud Skill Boosts 

 

USE YOUR REGION IN LAB INSTRUCTION TO AVOID ERRORS 

 

export SSH_IAP_NETWORK_TAG=

example variable defination - export SSH_IAP_NETWORK_TAG=<SSH_IAP_network_tag_given_in_the_lab_instructions> export SSH_INTERNAL_NETWORK_TAG=

example variable defination - export SSH_INTERNAL_NETWORK_TAG=<SSH_internal_network_tag_given_in_the_lab_instructions> export HTTP_NETWORK_TAG=

example variable defination - export HTTP_NETWORK_TAG=<HTTP_network_tag_given_in_the_lab_instructions> gcloud compute firewall-rules delete open-access

Task 2:Navigate to Compute Engine in the Cloud Console and identify the bastion host. The instance should be stopped. Start the instance.



gcloud compute instances start bastion --zone us-central1-b



gcloud compute firewall-rules create ssh-ingress --allow=tcp:22 --source-ranges 35.235.240.0/20 --target-tags ssh-ingress --network acme-vpc



gcloud compute instances add-tags bastion --tags=ssh-ingress --zone=us-central1-b



Task 4:The juice-shop server serves HTTP traffic. Create a firewall rule that allows traffic on HTTP (tcp/80) to any address. The firewall rule should be enabled on juice-shop via a network tag.



gcloud compute firewall-rules create http-ingress --allow=tcp:80 --source-ranges 0.0.0.0/0 --target-tags http-ingress --network acme-vpc



gcloud compute instances add-tags juice-shop --tags=http-ingress --zone=us-central1-b



Task 5:You need to connect to juice-shop from the bastion using SSH. Create a firewall rule that allows traffic on SSH (tcp/22) from acme-mgmt-subnet network address. The firewall rule should be enabled on juice-shop via a network tag.



gcloud compute firewall-rules create internal-ssh-ingress --allow=tcp:22 --source-ranges 192.168.10.0/24 --target-tags internal-ssh-ingress --network acme-vpc



gcloud compute instances add-tags juice-shop --tags=internal-ssh-ingress --zone=us-central1-b



Task 6:In the Compute Engine instances page, click the SSH button for the bastion host. Once connected, SSH to juice-shop.



In the Compute Engine instances page, click the SSH button for the bastion host. Once connected, SSH to juice-shop.

 ssh [internal IP address of juice-shop]

 If prompted, please type yes& then enter two times. You'll see you're successfully login to the juice-shop VM from bastion VM, It means our SSH firewall is working perfectly

If you get Public key access denied Use this command:-

gcloud compute ssh juice-shop --internal-ip

SSH to bastion host via IAP and juice-shop via bastion Congratulations you've completed your challenge lab

 

 Happy Learning See you in the cloud...

 

✖

Share this Posts

• Share To Facebook Share To Twitter Share To Pinterest Share To Whatsapp Share To Linkedin Share To Tumblr Share To Telegram Share To Reddit Share To Gmail

Subscribe Our Newsletter