☁️
Cloud Computing
  • Introduction
  • Terminologies
    • Container
    • Kubernetes (K8s)
    • Serverless Computing
  • Services
    • Docker
    • Terraform
  • ☁️Cloud Computing Platforms
    • Google Cloud
      • Google Cloud Essentials
      • Management
        • Cloud IAM
      • Compute
        • Compute Engine
        • Kubernetes Engine
      • Resources
    • IBM Cloud
      • IBM Cloud Shell
      • Compute
      • Containers
      • Developer tools
      • Integration
      • Storage
      • Cloud Paks
    • Microsoft Azure
      • Compute
        • Functions
        • App Services
      • Networking
      • Storage
      • Web
      • Mobile
      • Databases
        • Cosmos DB
      • Analytics
      • AI + Machine Learning
      • Internet of things
      • Security
      • DevOps
      • Monitoring
      • Management and governance
      • Azure Stack
    • Amazon Web Services
    • Resources
  • Qwiklabs Challenge Labs
    • Create and Manage Cloud Resources
    • Deploy and Manage Cloud Environments with Google Cloud
    • Create ML Models with BigQuery ML
    • Insights from Data with BigQuery
    • Build a Website on Google Cloud
    • Build and Deploy a Docker Image to a Kubernetes Cluster
    • Build and Secure Networks in Google Cloud
    • Set Up and Configure a Cloud Environment in Google Cloud
    • Build and Optimize Data Warehouses with BigQuery: Challenge Lab
    • Scale Out and Update a Containerized Application on a Kubernetes Cluster
  • Whizlabs Challenge League
Powered by GitBook
On this page
  • Task 1: Check the firewall rules. Remove the overly permissive rules
  • Task 2: Navigate to Compute Engine in the Cloud Console and identify the bastion host. The instance should be stopped. Start the instance
  • Task 3: The bastion host is the one machine authorized to receive external SSH traffic. Create a firewall rule that allows SSH (tcp/22) from the IAP service. The firewall rule should be enabled on bastion via a network tag.
  • Task 4: The juice-shop server serves HTTP traffic. Create a firewall rule that allows traffic on HTTP (tcp/80) to any address. The firewall rule should be enabled on juice-shop via a network tag
  • Task 5: You need to connect to juice-shop from the bastion using SSH. Create a firewall rule that allows traffic on SSH (tcp/22) from acme-mgmt-subnet network address. The firewall rule should be enabled on juice-shop via a network tag
  • Task 6: In the Compute Engine instances page, click the SSH button for the bastion host. Once connected, SSH to juice-shop

Was this helpful?

  1. Qwiklabs Challenge Labs

Build and Secure Networks in Google Cloud

Task 1: Check the firewall rules. Remove the overly permissive rules

gcloud compute firewall-rules delete open-access

Task 2: Navigate to Compute Engine in the Cloud Console and identify the bastion host. The instance should be stopped. Start the instance

Go to Compute Engine > VM Instances > Select bastion > click on Start

Task 3: The bastion host is the one machine authorized to receive external SSH traffic. Create a firewall rule that allows SSH (tcp/22) from the IAP service. The firewall rule should be enabled on bastion via a network tag.

gcloud compute firewall-rules create ssh-ingress --allow=tcp:22 --source-ranges 35.235.240.0/20 --target-tags ssh-ingress --network acme-vpc
gcloud compute instances add-tags bastion --tags=ssh-ingress --zone=us-central1-b

Task 4: The juice-shop server serves HTTP traffic. Create a firewall rule that allows traffic on HTTP (tcp/80) to any address. The firewall rule should be enabled on juice-shop via a network tag

gcloud compute firewall-rules create http-ingress --allow=tcp:80 --source-ranges 0.0.0.0/0 --target-tags http-ingress --network acme-vpc
gcloud compute instances add-tags juice-shop --tags=http-ingress --zone=us-central1-b

Task 5: You need to connect to juice-shop from the bastion using SSH. Create a firewall rule that allows traffic on SSH (tcp/22) from acme-mgmt-subnet network address. The firewall rule should be enabled on juice-shop via a network tag

gcloud compute firewall-rules create internal-ssh-ingress --allow=tcp:22 --source-ranges 192.168.10.0/24 --target-tags internal-ssh-ingress --network acme-vpc
gcloud compute instances add-tags juice-shop --tags=internal-ssh-ingress --zone=us-central1-b

Task 6: In the Compute Engine instances page, click the SSH button for the bastion host. Once connected, SSH to juice-shop

ssh <internal IP of the juice-shop>
  • Hub: https://github.com/gdsc-pdeu

  • LinkedIn: https://linkedin.com/company/developer-student-clubs-pdeu

  • Instagram: https://www.instagram.com/dsc.pdeu/

GDSC Lead - Jay Gohil:

  • Website: https://jay-gohil.me/

  • LinkedIn: https://www.linkedin.com/in/jay--gohil/

  • GitHub: https://github.com/gohil-jay

  • Instagram: https://www.instagram.com/_jay.gohil/

GCP Facilitator - Jay Patel:

  • Website: http://pateljay.me/

  • LinkedIn: https://www.linkedin.com/in/--jaypatel--/

  • GitHub: https://github.com/jaypatel31

  • Instagram: https://www.instagram.com/jaypatel98196/

PreviousBuild and Deploy a Docker Image to a Kubernetes ClusterNextSet Up and Configure a Cloud Environment in Google Cloud

Last updated 3 years ago

Was this helpful?