Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

Internet IP for backend instance

The requirements in the challenge clearly stated that backend instances should not have any inbound or outbound connectivity to the internet. In that case, wouldn’t it be more effective to simply not assign External IP in the backend instance template rather than blocking traffic using ingress and egress rules for backend subnet or backend service accounts?

Rajendra P

I think one of the requirement is also to block pinging front end VMs

1 Answers

Yes it is :).

In reality, the best way to isolate backend instances from Internet is removing public IP from them.

But I assume that, in the context of this lesson, the instructor wants us to practice and understand various aspects of VPC firewall rules, so he sticks with whatever the default configuration is (ephemeral IP) ^^.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?