google-cloud-platform google-compute-engine google-cloud-load-balancer

Only allow traffic from a GCP load balancer to a VM

I am new to GCP and have set up a simple VM with a program listening on port:4000. I also set up an external HTTPS load balancer connected to a domain with an SSL cert. The load balancer routes traffic to the backend service on port:4000 of the VM and everything works fine.

The issue is that I want to restrict access to port 4000 on the VM so it would only accept traffic from the load balancer and not have it completely open, as it is now.

I changed the firewall rule filter from 0.0.0.0/0 to 35.208.137.235 which is the frontend IP of the load balancer.

But now the VM doesn't accept ingress traffic at all. how should I set it up to only accept traffic from the load balancer?

Solution

Allow these ranges 35.191.0.0/16 and 130.211.0.0/22 as "ingress" rule. It should work. https://cloud.google.com/load-balancing/docs/firewall-rules

Custom Service Account with KFP pipelines in Vertex AI
Error uploading file to google cloud storage
Cloud function is not triggered by pub/sub topic
Java application unable to find ADC when Workload Identity is enabled on GKE cluster
Service account with Workspace-authorized domain-wide delegation gets error "Not Authorized to access this resource/api" when running cloud function
How to download a pushed Odoo release and upload to Github
GCP authentication when testing a container in the local development environment
GAE: find project name by project number
Google Cloud functions v2 eventarc - How to Track User Context for Deletions in Firebase Realtime Database
Google Cloud Bigtable vs Google Cloud Datastore
Batch job submission error "Failed to process all documents", uris seem correct?
401 Unauthorized when installing Python package from Artifacts registry for Google Build
Google Cloud Storage request blocked by CORS: not allowed by Access-Control-Allow-Origin
Accessing users account with service account
Firestore exception occurred in retry method that was not classified as transient
Managed Service Provider on Google Cloud Platform
Stripe Error: No signatures found matching the expected signature for payload
Error --accelerator unrecognized argument when launching gcloud beta ai-platform versions create API
invalid_request when calling https://sts.googleapis.com/v1/token API
How to upload a file to Google Cloud Storage on Python 3?
How to use Puppeteer in 2nd gen Cloud Functions?
Migrate GCP Cloud Kms key from single region to multi regional
How can I invalidate Google Cloud CDN cache from my express server?
Pattern for handling deferred tasks in a GCP Cloud Function
Certmanager tries to use HTTPS inside the cluster and fails when it gets self signed certificates
re-define keyboard behavior for `GCP - vertex AI - freefrom`
Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)
How to create GCP Cloud SQL IAM Users
How to create temporary tables in Spanner
How to return the COUNT of two different parameters?