A customer wants to run a batch processing system on VMs and store the output files in a Cloud Storage bucket. The networking and security teams have decided that no VMs may reach the public internet.
How should this be accomplished?
A.
Create a firewall rule to block internet traffic from the VM.
B.
Provision a NAT Gateway to access the Cloud Storage API endpoint.
C.
Enable Private Google Access on the VPC.
D.
Mount a Cloud Storage bucket as a local filesystem on every VM.
Objective: Ensure VMs can access Cloud Storage without reaching the public internet.
Solution: Enable Private Google Access on the VPC network, allowing VMs with only internal IP addresses to access Google APIs and services privately.
Steps:
Step 1: Open the Google Cloud Console.
Step 2: Go to the VPC Network section.
Step 3: Select the relevant VPC network and subnet.
Step 4: Enable Private Google Access for the subnet.
Private Google Access ensures that instances can access Google APIs and services (such as Cloud Storage) over a private network connection, without requiring a public IP address.
[References:, Configuring Private Google Access, Best Practices for Secure Access, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit