GCPcloud~30 mins

Firewall rules concept in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Firewall rules concept

📖 Scenario: You are setting up a simple firewall in Google Cloud Platform (GCP) to control network traffic for a virtual machine (VM).Think of firewall rules like the security gates of a building. You decide who can enter or leave through these gates based on rules.

🎯 Goal: Create a basic firewall rule in GCP that allows incoming traffic on port 80 (HTTP) to your VM.

📋 What You'll Learn

Create a firewall rule resource named allow-http.

Set the network to "default".

Allow incoming TCP traffic on port 80.

Set the direction of traffic to INGRESS.

Allow traffic from any IP address (0.0.0.0/0).

💡 Why This Matters

🌍 Real World

Firewall rules protect cloud resources by controlling what network traffic is allowed in and out, similar to security guards at building entrances.

💼 Career

Understanding firewall rules is essential for cloud engineers and security specialists to secure cloud infrastructure effectively.

Progress0 / 4 steps

Create the basic firewall rule resource

Create a firewall rule resource named allow-http in Terraform with the resource block starting with resource "google_compute_firewall" "allow-http".

GCP

# Your code here

Need a hint?

Start by declaring the firewall resource with the exact name allow-http.

Add network and direction configuration

Inside the allow-http resource, add the network attribute set to "default" and the direction attribute set to "INGRESS".

GCP

resource "google_compute_firewall" "allow-http" {
  # Add network and direction here
}

Need a hint?

Set the network to the default network and specify the traffic direction as ingress (incoming).

Allow incoming TCP traffic on port 80

Add the allow block inside the allow-http resource to allow TCP traffic on port 80. Use protocol = "tcp" and ports = ["80"].

GCP

resource "google_compute_firewall" "allow-http" {
  network = "default"
  direction = "INGRESS"
  # Add allow block here
}

Need a hint?

Use the allow block to specify the protocol and port to open.

Set source ranges to allow traffic from anywhere

Add the source_ranges attribute inside the allow-http resource and set it to ["0.0.0.0/0"] to allow traffic from any IP address.

GCP

resource "google_compute_firewall" "allow-http" {
  network = "default"
  direction = "INGRESS"
  allow {
    protocol = "tcp"
    ports = ["80"]
  }
  # Add source_ranges here
}

Need a hint?

Use source_ranges to specify the IP addresses allowed to send traffic.