Setting up a virtual machine (VM) on Google Cloud Platform (GCP) involves several crucial steps to ensure security and proper configuration. In this guide, we’ll walk through the process of provisioning a VM, configuring firewall settings, and enabling secure access through Identity-Aware Proxy (IAP). By following these steps, you’ll create a robust and secure environment for your applications and services.
Implementation Step
- Provision the VM. In the external IPv4 address, select None. Click allow both HTTP traffic and HTTPS traffic in firewalls section
- Click create to let GCP set up the new VM.
- Back to VM instance, there will be no external IP address showing.
- Next, go to Identity-Aware Proxy and click at ssh and tcp resources tab.
- In this page, it shows that the VM that was created has warning due to firewall configuration. So, let’s configure it.
- After clicking at the warning button, it will open up the page as below. Click edit firewall to correct it out.
- In firewall policies, click at create a firewall rule tab and then input the name of firewall rule, select the network and put the IP range which is 35.235.240.0/20 in this case to the source IPv4 range textbox.
- In protocols and ports section, check TCP and then click create.
- After firewall has already been set up, there will be no warning sign anymore.
- Next, click at the instance and add principal into it by putting the email that can access to the VM and select IAP-secured Tunnel User role. (Login user needs to basically possess viewer role to see the VM list.)
- Click save to finish. Then, check the result by opening up the terminal and use the following command to access the VM by SSH.
- Check the instance name and status
gcloud compute instances list- Access the VM through SSH IAP tunnel
gcloud compute ssh instance-1 --tunnel-through-iap --zone="asia-southeast1-b"