Question

I'm a SQL-person and we don't have any network specialist here and I'm doing a small proof of concept with GCP.

I have an instance already created and working fine. This instance have an external IP address. Now, I would like to create a VPC because we are going to create other vm's. Is it possible to create a VPC and add the already created instance to the new VPC? Will a move to the new VPC create any problems with the external IP? Is this the right approach or is it better to just have firewall rules to access the instances?

Also, I would like to create a firewall rule to whitelist a range of IP's that may access the VPC. How do I set this up?

There are persons that won't be able to work on the GCP instances from the whitelisted IP's. Is a VPN the best option? How do I set up VPN so user may connect from their computers to the new VPC (and the instances in there).

Many questions....thanks in advance for any guidance..

Answer 1

Google Cloud creates a default VPC. The instance that you created is located in that VPC. You can create a new VPC but you cannot move that instance to the new VPC. You would need to create an image of the instance and then launch a new instance in the new VPC. However, why do you think that you need to create a new VPC? Answer you don't. Use the existing VPC unless you have specific technical reasons.

For your question about the external IP. You will need to move the external IP address to the new instance manually. Note: If the type of external IP address is ephemeral then you cannot manage this address. You must change the address to static which assign this address to your project.

Your question just have firewall rules to access the instances?. Firewall rules do not provide access to an instance in the same manner as an IP address. Firewall rules provide protocol and port access thru the firewall. You will still need an external IP address to access the instance from the public Internet.

Firewall rules are easy to setup and specify. I suggest that you read the documentation on firewall rules so that you understand what you are doing. Here is link.

Setting up a VPN is a good option that I recommend. This is another item where you need to know what you are doing. To make the process simpler, use a marketplace image with a VPN already setup. I recommend OpenVPN. That link will launch the OpenVPN page in Google Marketplace.