This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

My cluster is hosted on GKE, and its DNS is managed in AWS Route 53. I need two API URLs that allow

Posted 4 weeks ago
bhimasrao
New Member
Reply posted on --/--/---- --:-- AM

we tried different ways

To restrict access to your GCP-hosted applications and allow only specific IP addresses, you need to implement firewall rules on your GCP instances and set up necessary configurations in your AWS Route 53. Here's a step-by-step guide to achieve this:

Step 1: Configure Firewall Rules in GCP
Go to the Google Cloud Console:
Navigate to the Google Cloud Console.
Open the VPC Network section:
In the navigation menu, select VPC network and then Firewall.
Create a new firewall rule:
Click on Create Firewall Rule.
Set up the firewall rule:
Name: Give a name to your firewall rule, e.g., allow-specific-ips.
Network: Select the network where your instances are located.
Priority: Set a priority (lower number means higher priority).
Direction of Traffic: Select Ingress.
Action on Match: Select Allow.
Targets: Specify the instances you want to apply this rule to, e.g., All instances in the network or Specific tags.
Source IP ranges: Enter the IP addresses you want to allow, e.g., 192.0.2.1/32 (use /32 to specify a single IP).
Protocols and ports: Specify the protocols and ports, e.g., tcp:80, tcp:443 for HTTP and HTTPS.
Save the firewall rule:
Click on Create to save the rule.
Create a deny-all rule (optional):
If you want to ensure that all other IPs are blocked, create another firewall rule with a lower priority number, and set the Action on Match to Deny with Source IP ranges set to 0.0.0.0/0.
Step 2: Update Route 53 DNS Records
Open the Route 53 Console:
Navigate to the Route 53 Console.
Select your hosted zone:
Choose the hosted zone associated with your domain (e.g., ssecom.tech).
Edit DNS records:
Ensure that the DNS records for krishna-dev.ssecom.tech and bhishma-dev.ssecom.tech are correctly pointing to the public IPs of your GCP instances or the appropriate load balancer IPs.
Step 3: Verification
Test the Firewall Rule:
Attempt to access the application from an allowed IP address and ensure access is granted.
Attempt to access the application from a disallowed IP address and ensure access is denied.
Example of Firewall Rules
Here is an example setup:

Allow Rule for Specific IPs:
Name: allow-specific-ips
Priority: 1000
Direction: Ingress
Action: Allow
Targets: All instances in the network
Source IP ranges: 203.0.113.1/32, 203.0.113.2/32
Protocols and ports: tcp:80, tcp:443
Deny Rule for All Other IPs:
Name: deny-all
Priority: 2000
Direction: Ingress
Action: Deny
Targets: All instances in the network
Source IP ranges: 0.0.0.0/0
Protocols and ports: tcp:80, tcp:443
Notes:
Ensure that the IP addresses you specify in the firewall rule are correct.
Adjust the priorities accordingly if you have existing rules.
Verify the rule by testing from different IPs.
By following these steps, you can effectively restrict access to your GCP-hosted applications to only specific IP addresses while using AWS Route 53 for DNS management.

But no luck any suggestions please 

0 1 102
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

How are you exposing your GKE applications?  Are you using external Ingress/Gateway or an external Load Balancer service?

Top Labels in this Space
Top Solution Authors
View all