https://linen.dev logo
Channels
Powered by
j

Jonas Bolin

12/02/2021, 2:35 PM
Not really an Airbyte-related question but was hoping someone could pitch in. Have setup some tighter security on my GCP Compute instance, setting up Identity Aware Proxy and Firewall rules. However it seems like I have blocked egress traffic from the VM, because now it cant seem to be able to run 
sudo apt-get update
It cant connect to any external source. I have tried to setup appropriate egress rules in the firewall settings but so far no luck. Would anyone care to enlighten me?
Realized now that I might need to setup some kind of Cloud NAT for the VM to be able to access external resources
d

Davin Chia (Airbyte)

12/02/2021, 3:08 PM
Yeap, if you are in a private network, and the instance does not have a public ip, you will need a Cloud Nat
j

Jonas Bolin

12/02/2021, 4:04 PM
@Davin Chia (Airbyte) thanks! you guys wouldn't happen to know of any resources outlining how to setup a minimal Cloud NAT solution solely aimed at securing one Airbyte instance, perferable on the default VPC? I find that most NAT documentation is so convoluted for a cloud networking novice looking for the most basic setup.
Or put another way, what's a basic setup for setting up an Airbyte instance on GCP without exposing an external IP? I know this might be a lot to ask of you guys, but given that Airbyte Cloud is not available in Europe yet I feel like have to at least ask
d

Davin Chia (Airbyte)

12/02/2021, 4:18 PM
hmm do you have a VPN?
If you want to pop your instance into a private network, you can going to need a way to reach that instance. The two ways of doing so are 1) set up a VPN 2) set up a bastion host with a public ip that has access to the private instance
that’s on the usability side
on the infrastructure set up side, have you tried googling for something like ‘private GCP instance tutorial’?
I’m in meetings now but I can try and find some links for you after, you basically need to set up a 1) private VPC 2) subnets within the VPC 3) Cloud Nat 4) place the instance in that private VPC
j

Jonas Bolin

12/02/2021, 4:36 PM
@Davin Chia (Airbyte) thanks a ton!
f

fisher

12/02/2021, 10:11 PM
Hey - we have done this! We’re running GCE with no public Internet access with a load balancer (access via IAP). You will, sadly, need a NAT as well as a private VPC peering between IAP and your private VPC.
Our stuff is in terraform, I am not sure if that is terribly helpful or not
j

Jonas Bolin

12/03/2021, 7:31 AM
@fisher cool! If you’d be available for some questions regarding your setup id be all ears.
@fisher @Davin Chia (Airbyte) found that this article had what I needed. The two 
gcloud
commands in the screenshot below created the router and NAT which appears to be all I needed so connect to external sources from my VM. https://medium.com/google-cloud/connecting-securely-to-google-compute-engine-vms-without-a-public-ip-or-vpn-720e53d1978e
👍 1
3 Views
Powered by