I am stuck with this. I have a Managed Instance Group (MIG) hosting a single application (autoscaled) and I have another single instance which hosts the Database. I am trying to set a firewall rule that allows Database connections only from the MIG.
First, I created an ingress Firewall Rule that allows Database Traffic to the Database Instance on port 5432
with a specified Target Tag of allow-db-connections
. I placed the tag into the Instance settings and it is able to receive database connections from that port. I am now trying to figure out what to put in the Source Filter so that it only accepts connections from instances in the MIG.
I would appreciate any ideas. Thank you!
Best Answer
STEP 1:
VPC networks have a default rule default-allow-internal. This allows all traffic within a VPC. Click on that rule, scroll to the bottom and see which instances it applies to. That rule has a target of All instances in the network. Either disable or modify the rule.
STEP 2:
This VPC rule will only allow traffic from the VM instances tagged DBClient to the VM instance tagged DBServer.