Can you access a Google Cloud Filestore outside the internal network, meaning to access it as an NFS with publicly accessible IP address or endpoint?
No, the only way to access to Google Cloud Filestore via external IP is using a Compute Engine instance. but you can't use it as a NFS with publicly accessible IP. But, you can open a Feature Request, I'm sure that the Filestore engineering team will consider this feature.
Related
I currently have a Google cloud redis instance running which allows all connections ( ip range 0.0.0.0/0 ) which I would like to secure.
I have an api that is hosted on Heroku that is being forwarded to via a google domain. What I want to know is which ip do I add to the Source Ip ranges field in the google cloud firewall config tab to only allow connections from my API.
There are a few things I am confused about:
I need to specify an IP range, but I'm only going to be connecting to it from one IP ( The domain pointing to my API )
Which IP do I provide? The IP of my domain that is pointing to my API or the IP of the api instance itsself as it is on heroku?
Any help would be great!
Thanks
Heroku itself is hosted on AWS, so it uses a subset of their EC2 range.
Looking at this answer, you could use
heroku regions --json
to find the currently used IP ranges.
Problem with that: they can change!
If you need a static source IP coming from a Heroku app, you might want to use one of the SOCKS5 proxy addons.
But:
There is a performance impact for this cross-datacenter usage between your application and the Redis instance, so actually I would recommend you switching to a Redis instance by Heroku, or at least by a provider that lives inside the same AWS region.
I am making requests to the Google Geocoding API within my node project. In production the project is running on Containers (AWS Elastic Container Service) which means the IP address for the service can change automatically - this means that I constantly have to update the IP whitelist in my Google API Key.
IP whitelisting is the only means by which I can secure the API Key. Furthermore, if I don't secure it then the key shortly becomes useless because of unauthorized use from another source.
Is there a practical solution to securing the connection with the Geocoding API from an application running on containers?
Thanks in advance for your help!
When you create your key for the Geocoding API you can simply add no website restrictions. The security implication is that your key is now usable from anywhere so the import of keeping it safe is a bit higher.
I'm not clear if this is possible, but here is what I'd like to do:
Goal:
Set up a VPN between my home network and my AWS VPC. A use case I'd like to have working:
Have a Lambda function write to a database, e.g. Postgres running on my home network behind my router. Think of some machine with 192.168.. address on my home network running Postgres
I have read the documentation and I wanted to confirm what it would require to make this happen. Assume I have a VPC with a Lambda deployed to it.
Create a Virtual Private Gateway for the VPC
Create a Customer Gateway for my home network.
Configure the Customer Gateway machine in my home network (e.g. Raspberry PI) after downloading the vpn connection file from AWS.
I'm looking at this article for reference:
setup raspberry PI3 as AWS VPN Customer Gateway
Is this all that I would need to do? Do I need to use some 3rd party software in addition to this? Or is this not even possible?
Thanks
You can setup an OpenVPN server on an EC2 instance and change your SG inside your VPC resources to only allow access from your VPC CIDR block.
AWS provide an AMI for OpenVPN server : https://aws.amazon.com/marketplace/pp/B00MI40CAE/ref=mkt_wir_openvpn_byol
I'm a little stuck when trying to configure an Azure site-to-site network. I'm using this to connect from Azure into another site for remote management of multiple devices there.
Currently, I believe the majority of the set up to be completed but I now need to secure public IP address for the external site so that they can add these to their firewall rules. Does anyone know how I am meant to acquire the public IP of the VM (which changes each time it is shut down and restarted) or the sites public IP connection to the external site?
Alternatively, what's the best way of doing this? I feel like a site-to-site network doesn't quite fit in with what I'm trying to do but I'm only being offered this solution from the external site (not necessarily just using Azure, though).
You can assign a static IP to your VM:
http://azure.microsoft.com/blog/2014/04/22/static-internal-ip-address-for-virtual-machines/
I have some instances with an EC2 VPC (using only ip addresses from RFC 1918) that need to use some services of EC2 via CLI interface (ec2-describe-instances, ec2-run-instances, etc)
I can't get it to work : my understanding is that the service point of the CLI interface is located somewhere in AWS cloud and my requests originating from an RFC1918 address are not routable in the AWS cloud between EC2 service point and my instance.
Is that correct ?
Is my only solution to install a NAT instance within my VPC (I would like to avoid it) ? Or could I get a way to remap this Ec2 service point within my VPC on a RFC1918 address
Any help welcome !
Thanks in advance
didier
You can give the instance an elastic IP address and get outbound access to other publicIPs, like the EC2 API endpoint. Make sure your security group doesn't allow any inbound traffic from the Internet.
Alternatively, if you don't want to use an EIP, you can launch an instance in a VPC with a publicIP address. more here: http://aws.typepad.com/aws/2013/08/additional-ip-address-flexibility-in-the-virtual-private-cloud.html