Firewall Rules in GCP via Terraform
Firewall rules are defined at the VPC level (so ignore all the default firewall rules as they only apply to the default VPC).
For your custom VPC, to create a new rule (say ingress allow 80 and 443 traffic), you would create a new rule.
How do I apply this new rule to my compute instance in the VPC?
While creating the rule, you are offered a 'target' option. This is how you target either individual instances or ALL instances in the network (default).
Via Terraform
resource "google_compute_firewall" "sg_appliance" { name = "${var.environment}-proxy-firewall" network = "${var.network}" allow { protocol = "icmp" } allow { protocol = "tcp" ports = [ "22", "443" ] } source_ranges = [ "0.0.0.0/0" ] // for testing //source_ranges = ["${var.restricted_src_address}"] // for real }
Summary
Firewall rules in GCP are defined at a network level and applied at instance levels. To apply a rule to an instance or to ALL INSTANCES, simply use the TARGET option when defining the rule. By default, the target includes ANY and ALL instances within the network.
Next Steps?
Need help with your GCP efforts? Start the conversation today.
Leave a Reply