What is Ingress and Egress in the Cloud Platform? How can the data/traffic flow be understood?
Ingress: When any request initiated from the external network (can be private or public) to access the information in the host network through the network boundary of the service (Inbound requests).
E.g: Public Internet(Your laptop) ---Request---> Private host network(within GCP, AWS or On-premise datacenter)
Egress: Just opposite to the Ingress when a request(outbound requests and can be an API call or event to trigger email etc) that’s been initiated from the host network to the external network(can be private or public).
E.g: Some External resource available on the internet <---Egress Request--- Private host network(within GCP, AWS or On-premise datacenter)
Also, it's important to understand that any communication(network & data) between the resources outside the network within GCP will also be considered as Ingress & Egress. GCP has separate pricing policies for these as well:
Cloud Storage E.g: https://cloud.google.com/storage/pricing#network-pricing
Lets us consider a scenario where you have developed a small ticketing web application and deployed it to the Google App Engine.
When you access the application from the URL that is where your 1st ingress request will be made with respect to the application.
www.abcticketbooking.com (browser) ---Ingress Request---> App (App Engine)
Note: This is the simplest analogy in a real-world scenario many components will come into the picture.
Now you are on the home page of the ticketing system and search for flight details and hit enter.
Once the app received the request the application makes a call to another system via public endpoint to get the flight details.
So in this scenario, a new request will be initiated by the application to get the details from internal network to that public endpoint and once received it will respond back.
Search flights ---Ingress Request---> App --- Egress RequesT---> External System
<--- Response --- <--- Response ---
Assuming that you meant how to visualise the traffic flow (ingress and egress) to the respective services.
For this purpose, you can use GCP Stackdriver to continuously collect the information of all the request coming or going out of the network or 3rd parties like Datadog etc.
Controlling the Access:
Using firewall rules you can restrict the requests (both in & out), Access Control in conjunction with IAM (Advantage of Cloud Providers) etc.
I hope this helps let me know if I missed something as that’ll help me to learn better as well.