Google Cloud App Engine Instance and Firewall clarification

0
votes

I have 2 question related to GCP App Engine.

Q1. When App Engine instances are created, they are assigned with VM IP for SSH. Can we customize those IP values ?

Q2. I have created App Engine Firewall rules as below.

1. Priority: default , Action: deny , IP: *
2. Priority: 1000 , Action: allow , IP: 192.*.*.*

Where the IP 192.* is private network ethernet IP of my laptop. But when I am running curl from local Cloud SDK, the request is failing with Error 403 (Forbidden).

How to configure App Engine FW to deny internet access and allow specific IP range ?

1
google-app-enginegoogle-cloud-platformfirewall

1 Answers

1
votes

Q1: AppEngine is a serverless platform. You can find the scalability logic here, and you can't log in the VM, it's managed for you, there is no value to log in. You can't update things, your instance can be killed at any time,.... You deploy your code and let Google scaling your environment

Q2: Your local IP is in 192.xxx, but it's a local network, it belongs to the RFC 1918. When you go to internet, your local IP is NATed into the public IP of your internet connection. Go to this page (for example) to know your public IP

Then, all this public and only you (and all the computer belonging to your network (mobile phone, tablet, other computer, that use the same public IP)) can access to the App Engine service