Question

Is there an alternative to AWS's security groups in the Google Cloud Platform?

Following is the situation which I have:

1. A Basic Node.js server running in Cloud Run as a docker image.
2. A Postgres SQL database at GCP.
3. A Redis instance at GCP.

What I want to do is make a 'security group' sort of so that my Postgres SQL DB and Redis instance can only be accessed from my Node.js server and nowhere else. I don't want them to be publically accessible via an IP.

What we do in AWS is, that only services part of a security group can access each other.

I'm not very sure but I guess in GCP I need to make use of Firewall rules (not sure at all).

If I'm correct could someone please guide me as to how to go about this? And if I'm wrong could someone suggest the correct method?

Answer 1

GCP has firewall rules for its VPC that work similar to AWS Security Groups. More details can be found here . You can post your PostreSQL database, Redis instance and Node.js server inside GCP VPC.4

• Make Node.js server available to the public via DNS

• Set

default-allow-internal

so that only the services present in the VPC can access each other.

As an alternative approach you may also keep all three servers public and only allow Node.js IP address to access DB and Redis severs, but the above solution is recommended.