Bastion host for Compute Engines

[Nuthan Kumar]

Hi, Recently, configured http load-balancer for instance group.  I would want to disable public ip on all the instances and create an internal private network and place a Bastion Host for code deployment and CICD operations.

We disabled public IPs on web server instances, but wasn't able to install any packages on those instances, network was timing out. However, the web server was responding with pages.

Should I add any other ingress/egress firewall rules? 

Please advice.

Thanks,

Nuthan.

[Faizan (Google Cloud Support)]

Hello Nuthan,

GCE Instance without an external IP address cannot make direct connections to external services. As such, you need to have a public IP assigned to your VM in order to install the packages through package manager(e.g. yum, apt-get etc).

If you don't want to assign public IP, you can set up and configure a NAT gateway machine, which can route traffic on behalf of any instance on the same network to the internet. You can refer to 'Configure an instance as a NAT gateway' for more information.

I hope that helps.

Faizan

[Nuthan Kumar]

Hi Faizan. I get the point, Thanks for your support.

Nuthan.