Build a Secure Google Cloud Network: Challenge Lab | GSP322 | Google Cloud Skills Boost | QUICK-GCP-LAB | 2024 #qwiklabs

Build a Secure Google Cloud Network: Challenge Lab | GSP322 | Google Cloud Skills Boost | QUICK-GCP-LAB | 2024 #qwiklabs

Course Overview:

Build a Secure Google Cloud Network : Networking in the Google Cloud : GSP322

Points covered:

Introduction,
Setup
-Before you click the Start Lab button
Challenge scenario
Your challenge
Congratulations!
End lab

Refer below script to complete this lab:

export IAP_NETWORK_TAG=
export INTERNAL_NETWORK_TAG=
export HTTP_NETWORK_TAG=
export ZONE=

gcloud compute firewall-rules delete open-access

gcloud compute firewall-rules create ssh-ingress --allow=tcp:22 --source-ranges 35.235.240.0/20 --target-tags $IAP_NETWORK_TAG --network acme-vpc

gcloud compute instances add-tags bastion --tags=$IAP_NETWORK_TAG --zone=$ZONE

gcloud compute firewall-rules create http-ingress --allow=tcp:80 --source-ranges 0.0.0.0/0 --target-tags $HTTP_NETWORK_TAG --network acme-vpc
gcloud compute instances add-tags juice-shop --tags=$HTTP_NETWORK_TAG --zone=$ZONE

gcloud compute firewall-rules create internal-ssh-ingress --allow=tcp:22 --source-ranges 192.168.10.0/24 --target-tags $INTERNAL_NETWORK_TAG --network acme-vpc

gcloud compute instances add-tags juice-shop --tags=$INTERNAL_NETWORK_TAG --zone=$ZONE
 
Task 6 : SSH to bastion host via IAP and juice-shop via bastion
In Compute Engine -> VM Instances page, click the SSH button for the bastion host. Then SSH to juice-shop by

gcloud compute ssh juice-shop --internal-ip

--------------------------------------------------------------------------------------------------------------------------

Please refer below video for detail: