How to setup Identity Aware Proxy (IAP) on Google Cloud | Zero Trust | No VPN | GCP
ฝัง
- เผยแพร่เมื่อ 13 พ.ย. 2022
- #security #zerotrust #googlecloud #iap #identityawareproxy #novpn
How to setup Identity Aware Proxy (IAP) on Google Cloud
how to create identity aware proxy on GCP?
1. Sign in to the Google Cloud Console and navigate to the Cloud IAM page.
2. Click on the "Identity-Aware Proxy" tab.
3. Click on the "Enable Identity-Aware Proxy" button.
4. Enter a name for your proxy and select the appropriate Google Cloud Platform project.
5. Click on the "Create" button to create the Identity-Aware Proxy.
6. Once the Identity-Aware Proxy is created, you can configure the access settings and policies for the proxy.
7. Click on the "Add members" button to add users or groups that are allowed to access the proxy.
8. Click on the "Add OAuth client" button to add OAuth clients that are allowed to access the proxy.
9. Click on the "Save" button to save your changes.
10. Your Identity-Aware Proxy is now ready to use. You can access it by visiting the URL provided in the Cloud Console.
If you want to connect your workloads on GCP using SSH or rdp, but at the same time you don't want to expose these to the public internet, then in general you'll need to use VPN to achieve this. But then what if you don't have a VPN or if you don't want to use a VPN to do this, or if you don't meet the requirements to set up a cloud VPN or interconnect connection, or if you just don't want to invest in any virtual network appliance to do a basic VPN connect.
If I can say this, it is a classic example where you will need identity of a proxy, a GCP service that allows you to use identity and context together to determine if a user should be allowed to access to a specific service or an endpoint in gcp.
If you have any questions or any comments regarding this approach, please drop your comments into the comments section.
Great video, to the point with all relevant details and working examples. Really helped me understand the IAP and log into an instance with private address!! Good work!
I really appreciate your feedback . :)
Well explained bro
Thank you 🙂
Thanks, good explanation of IAP
yw
Thanks, great and easy to understand video
Thank you so much
nice work , thanks!
Glad you liked it!
While making the firewall rule, and while selecting protocol as TCP, dont we need to add port 22 for ssh?
Yes. You would need it.
Thanks for great vido, which recording tools are you using?
I use OBS studio, Descript.
Is it like a way to avoid having a jump host?
kind of