Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

hy do we need “block all connection from backend” in ingress type?

Are we assuming extra instances are from coming from different SA account? Because if they are coming from same service account it will not blocked. Thats normal to assume in environement. System in same VLAN may able to access data. I still have question, why do we need "block all connection from backend" in ingress type. Doesnt it will be automatically blocked after "implied denied ingress".

1 Answers

Hi. Yes it does, however the requirment was "no outbound anywhere from backend exept other backend" without "block all connection from backend" you would allow connectivity from BE to FE by rule which follows allow-incoming-to-frontend-fwr.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?