This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Compute engine with a private IP only but assessable on the internet

Posted on 10-08-2023 01:55 PM
Sheldon_Sab
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi there,

I have the security command center setup for Google Cloud instance and one of the vulnerabilities that gets flagged is my compute engine (webserver) has a public IP address which is a a security risk because it allows attackers to directly access the instance from the internet.

what alternative do I have to not have a external IP addresses on my compute engine but still have my website accessible publicly?

Thank you in advance  

1 2 1,056
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
kumards
Staff
Reply posted on --/--/---- --:-- AM

Hello @Sheldon_Sab ,

Consider using an external HTTP/S load balancer with an instance group that includes your webserver VM as the backend, as described in this guide: https://cloud.google.com/load-balancing/docs/https/setting-up-reg-ext-https-lb.

If you need SSH access to the VM (say, for admin purposes), choose from one of the methods described in this guide: https://cloud.google.com/compute/docs/connect/ssh-internal-ip

I hope this helps.

Posted on --/--/---- --:-- AM
VannGuce
Staff
Reply posted on --/--/---- --:-- AM

Hi,

Just an add on to Mr. @kumards answer, which I also agree with, you also need to configure your DNS server’s A record and point to the public IP address of your Load Balancer. Here is the example configuration of an A record configuration under Cloud DNS[1].

[1]https://cloud.google.com/dns/docs/set-up-dns-records-domain-name#create_a_managed_public_zone_in

Top Labels in this Space
Top Solution Authors
View all