GCP | How to connect to SQL Server or any TCP port on your VMs using IAP tunnels
ฝัง
- เผยแพร่เมื่อ 20 ก.ค. 2024
- 📣 Another video in my coverage of #IAP in #GCP #security.
IAP or #Identity-Aware Proxy is a service found in GCP that aims to help you protect and secure many aspects of your environment.
I've previously uploaded multiple videos about the use cases for IAP that are related to accessing your workloads without a public IP address, and I also have a video about securing your App Engine applications and endpoints.
However the users of IAP are not only limited to these, there are many others such as allowing you to implement zero-trust methodology in your environment, as well as integrating with your in-house #development processes and projects, so that your developers can use IAP to implement zero-trust within their applications as well.
In this video I will show you how you can use IAP also to connect to any #TCP port in #GCE on any VM that is running either #Linux or #Windows.
In my example I show you how to connect to #MySQL or #MariaDB databases from your own system without assigning a public IP on these #VMs that are running these #database services, as well as #MSSQL #server as well.
The final example in this video is about showing you also how to connect to #Apache2 #web service and access a web page from the VM in GCE right on your local system.
--------------------------------------
--------------------------------------
🔴🔴 Please don’t forget to like the video and subscribe as well! 🔴🔴
--------------------------------------
--------------------------------------
🔴✅ Video timeline and chapters:
- 00:00 - Introduction
- 00:38 - Use cases for IAP (Identity-Aware Proxy)
- 03:07 - What are the requirements to use IAP for TCP forwarding?
- 03:45 - How to use IAP TCP forwarding to connect to MS SQL Server in GCP Compute Engine
- 06:44 - How to use IAP TCP forwarding to connect to MySQL server in GCP Compute Engine
- 07:39 - How to use IAP TCP forwarding to connect to HTTP or HTTPS web server in GCP Compute Engine
- 08:23 - Closing
--------------------------------------
--------------------------------------
✅ Links mentioned in the video:
- Using IAP for TCP forwarding | Identity-Aware Proxy | Google Cloud: cloud.google.com/iap/docs/usi...
- About the Cloud SQL Auth proxy | Cloud SQL for MySQL | Google Cloud: cloud.google.com/sql/docs/mys...
- GCP | How to Use IAP to Access VMs RDP and SSH in Google Compute Engine: • GCP | How to Use IAP t...
- GCP | How to connect to a Windows VM with RDP using IAP in Compute Engine: • GCP | How to connect t...
- GCP | How to connect to a Linux VM with SSH using IAP in Compute Engine | Google Cloud Platform: • GCP | How to connect t...
--------------------------------------
--------------------------------------
📣✅ Other useful links:
- Follow me on Twitter: / salehram87
- Connect with me on LinkedIn: / salehram
- Check my website and blog: www.salehram.com
- Check out my Google Workspace Admin Course on Udemy and get it with a discounted price: www.salehram.com/gws-admin-tr...
--------------------------------------
--------------------------------------
📣✅ Interesting channels to follow and subscribe:
- Google Workspace - / googleworkspace
- Google Cloud Tech - / googlecloudplatform
- Google Cloud - / @googlecloud
- Learn GCP with Mahesh - / learngcpwithmahesh
- Saperis - Hands-on tutorials for Google Workspace apps - / saperis
My problem was something else... But I really like your this video...❤
I'm not able to tunnel any port other then 22. getting errors "ERROR: (gcloud.compute.start-iap-tunnel) While checking if a connection can be made: Error while connecting [4003: 'failed to connect to backend']. (Failed to connect to port 3306)":, My firewall rules is allowing IAP in all TCP ports. can you help me to deal with this errors?
Hi,
So the first thing I would check is if your firewall is allowing the connection from GCP. This is the firewall rule that allows IAP IP ranges to reach the VM, and if you are saying the firewall is configured properly, then that's good.
But just to confirm your firewall rule should allow the IP range 35.235.240./20 to reach your VM whether on all the TCP ports, or the ports that you want to use them for IAP (in your case 3306 should be allowed for that range).
The other thing is, the service that is running on the VM. Is the VM having the database service up and running? And if you try to telnet from that VM to the local port 3306, will it work?
You can just login to the VM with SSH, ensure telnet is installed, or install it if not, and then just type 'telnet localhost 3306'...
If the connection opens, then it should work normally with IAP, and if not, then there is your issue.. the VM is not listening or there is no service listening on port 3306..
@@salehram I have tried your suggestions and I still have the same issue as Hemant Sahu. My telnet consoles into the localhost without a problem. I believe that I have configured my firewall correctly, because I had the same problem as Hemant but after configuration I just get this error: ERROR: (gcloud.compute.start-iap-tunnel) Unable to open socket on port [5432].
This seems to be a different issue because its unable to open the socket rather than connect to port. How might I fix this?