Taicheng's Profile

Use a bastion host Con: Still have a VM with a public IP Use Cloud VPN/Interconnect Con: Developers are limited as to where they must be (i.e, connected to the network/VPN) Use Identity-Aware Proxy for TCP forwarding to forward a SSH/RDP connection to a remote instance without the need for a VPN connection Conclusion :…

The Identity-Aware Proxy(Cloud IAP) controls access to your cloud applications and VMs running on Google Cloud Platform(GCP)

Allows on-premises hosts to reach Google APIs and services using internal IPs To enable Private Google Access for on-premises hosts,

Application Default Credentials (ADC) is a strategy used by the authentication libraries to automatically find credentials based on the application environment. If you are using API keys, then you don’t need to set up ADC

Service accounts are needed for scenarios where a workload, such as a custom application, needs to access Google Cloud resources or perform actions. After your VM is configured to use the service account, applications can then use the service account to authenticate. The most common method is to authenticate by using Application Default Credentials and…

Certain Google API based managed services do not use VPC Networks. They use public service endpoints that specifies the network address of an API service. VM instances that have no external IP addresses can use Private Google Access to reach external IP addresses of Google APIs and services. For example: You enable Private Google Access…

Google Cloud introduced Service Directory, a fully managed cloud service conceived as a single place to publish, discover, and connect services regardless of their environment Service Directory use the following components: Clients that want to discover, publish, and manage services inside Service Directory can use the following methods to interact with its API: ADD ENDPOINT…