hands-on labCreating Outbound Connections using Google Cloud NAT
What is Cloud NAT, and why would you use it?
When you are building applications in GCP, there are many occasions when you do not want the underlying virtual machines (VMs) to be accessible over the public internet. However, you may require the underlying infrastructure to be able to call out to the internet, for example, to install operating system updates. There could be many reasons why you may want to prevent inbound access from the internet, such as:
- As a security best practice to minimize your attack surface
- The application is a web service but is still under development and not ready to be exposed to external users
- The application is a web service but is not configured to use HTTPS
- The application could be offering services that are only available to other resources within the project
- Only dedicated connectivity options from business offices or data centers should be used to access the application
To allow VMs without external IP addresses to make outbound connections securely, you should use Cloud NAT. Cloud NAT provides outbound internet access for Compute Engine instances without external IPs as well as other services including private GKE clusters and Cloud Run instances.
In this lab, you will walk through the process of setting up Cloud NAT. This includes creating a Cloud Router that acts as a control plane for Cloud NAT by implementing the routes. Finally, you will create a Compute Engine instance without an external IP to verify the ability to connect to the internet.
Upon completion of this lab you will be able to:
- Connect your VM without external IPs to the internet
- Connect your Cloud Router to Cloud NAT
- Secure your backend platforms exposed to the internet
This lab is intended for:
- Cloud Network Professionals
- Cloud Security Professionals
You should possess:
- A basic understanding of IP Addressing
Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.