GCPcloud~30 mins

Network intelligence tools in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Network Intelligence Tools Setup on GCP

📖 Scenario: You are working as a cloud engineer for a company that wants to monitor and analyze its network traffic on Google Cloud Platform (GCP). Your task is to set up basic network intelligence tools using GCP services to collect and view network flow logs.

🎯 Goal: Build a simple GCP configuration that enables VPC flow logs on a subnet, creates a logging sink to export logs to a Cloud Storage bucket, and sets up a basic log-based metric to monitor network traffic.

📋 What You'll Learn

Enable VPC flow logs on a subnet named default-subnet in the default-vpc network

Create a Cloud Storage bucket named network-logs-bucket to store exported logs

Create a logging sink named network-logs-sink that exports VPC flow logs to the bucket

Create a log-based metric named vpc_flow_log_count to count the number of flow log entries

💡 Why This Matters

🌍 Real World

Network intelligence tools help companies monitor their cloud network traffic for security and performance. Setting up flow logs and exporting them is a common first step.

💼 Career

Cloud engineers and network administrators use these skills to ensure network visibility and troubleshoot issues in cloud environments.

Progress0 / 4 steps

Enable VPC flow logs on the subnet

Write a gcloud command to update the subnet named default-subnet in the network default-vpc to enable VPC flow logs.

GCP

# Use gcloud to enable VPC flow logs on the subnet
# Your code here

Need a hint?

Use the gcloud compute networks subnets update command with the --enable-flow-logs flag.

Create a Cloud Storage bucket for logs

Write a gcloud command to create a Cloud Storage bucket named network-logs-bucket in the us-central1 region.

GCP

gcloud compute networks subnets update default-subnet --network=default-vpc --region=us-central1 --enable-flow-logs
# Create a Cloud Storage bucket named network-logs-bucket
# Your code here

Need a hint?

Use gcloud storage buckets create with the bucket name and location.

Create a logging sink to export VPC flow logs

Write a gcloud command to create a logging sink named network-logs-sink that exports logs with the filter resource.type="gce_subnetwork" AND logName:"compute.googleapis.com/vpc_flows" to the bucket network-logs-bucket.

GCP

gcloud compute networks subnets update default-subnet --network=default-vpc --region=us-central1 --enable-flow-logs
gcloud storage buckets create gs://network-logs-bucket --location=us-central1
# Create a logging sink named network-logs-sink to export VPC flow logs
# Your code here

Need a hint?

Use gcloud logging sinks create with the sink name, destination bucket, and filter.

Create a log-based metric to count VPC flow logs

Write a gcloud command to create a log-based metric named vpc_flow_log_count with the filter resource.type="gce_subnetwork" AND logName:"compute.googleapis.com/vpc_flows" that counts the number of matching log entries.

GCP

gcloud compute networks subnets update default-subnet --network=default-vpc --region=us-central1 --enable-flow-logs
gcloud storage buckets create gs://network-logs-bucket --location=us-central1
gcloud logging sinks create network-logs-sink storage.googleapis.com/network-logs-bucket --log-filter='resource.type="gce_subnetwork" AND logName:"compute.googleapis.com/vpc_flows"'
# Create a log-based metric named vpc_flow_log_count
# Your code here

Need a hint?

Use gcloud logging metrics create with the metric name, description, filter, and type.